Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS63801.roa
File:                     AS63801.roa (raw, json)
Hash identifier:          /jb7y7FCgg0i3pdF6liHJX4lklTyXN/xGz388B5L+kY=
Subject key identifier:   68:A9:F1:10:13:93:3A:13:9C:0E:F0:A3:A8:69:9C:41:A8:94:8C:67
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5790B2900F902BC900D05BE43A16C66DBDA459FF
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS63801.roa
Signing time:             Mon 12 Feb 2024 17:24:26 +0000
ROA not before:           Mon 12 Feb 2024 17:19:26 +0000
ROA not after:            Mon 10 Feb 2025 17:24:26 +0000
asID:                     63801
IP address blocks:        181.214.2.0/24 maxlen: 24
                          181.214.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:90:b2:90:0f:90:2b:c9:00:d0:5b:e4:3a:16:c6:6d:bd:a4:59:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb 12 17:19:26 2024 GMT
            Not After : Feb 10 17:24:26 2025 GMT
        Subject: CN=68A9F11013933A139C0EF0A3A8699C41A8948C67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:af:fe:36:4c:15:ee:11:d7:74:7d:42:c8:f3:
                    01:11:2e:c9:74:7c:b0:ef:22:9d:48:75:3b:e4:59:
                    ef:82:f8:31:10:fe:55:41:9c:6c:af:3e:c5:60:b3:
                    f2:51:49:b5:b4:a7:4f:a6:ef:26:a6:2e:3d:21:15:
                    6e:4e:ff:54:2c:9a:bb:8e:3c:37:80:17:67:1c:8e:
                    03:70:4e:00:32:7e:54:d6:51:fb:ff:18:3c:6c:41:
                    a2:4b:18:4a:c8:1c:7c:8a:7e:35:d1:80:42:ae:fc:
                    79:74:27:27:70:65:a3:51:5e:71:78:5e:65:39:6c:
                    d0:ec:31:49:19:d7:47:37:06:c2:79:26:b0:6d:ca:
                    06:84:24:d2:56:fb:61:58:21:8b:6b:25:bf:49:0b:
                    03:10:46:af:db:82:87:1d:35:e6:2c:a5:15:a5:89:
                    df:cc:ff:26:d3:da:86:f6:cd:1f:a7:0e:15:44:e8:
                    e6:dc:30:3c:2b:1c:53:74:f8:b8:b1:e9:2f:b2:35:
                    0c:55:92:ae:1d:29:1b:aa:68:a0:bb:d1:94:ac:2a:
                    f6:b5:d8:69:05:ab:49:2d:a6:52:26:c1:e0:45:6e:
                    ca:9e:85:f3:c1:03:33:a6:d9:e1:59:3f:33:5e:3c:
                    75:66:41:de:a6:b8:1c:6e:cb:cd:1b:9c:85:03:ac:
                    7f:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:A9:F1:10:13:93:3A:13:9C:0E:F0:A3:A8:69:9C:41:A8:94:8C:67
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS63801.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.2.0/24
                  181.214.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:f5:50:63:0b:8e:a3:d0:02:58:dc:b6:da:10:13:f8:bd:79:
         a4:b2:3d:01:a7:cb:21:50:2f:e6:11:0e:f0:44:a1:a5:85:47:
         09:7f:a8:05:bd:e8:b2:85:50:c4:9a:e8:a1:f0:7b:63:7b:03:
         7c:a8:c0:9a:fe:4b:3c:6b:fc:f1:80:f5:e0:ae:8c:c1:a9:09:
         3f:3e:14:83:6d:a5:c3:f3:f4:86:c0:d3:00:27:03:8f:56:6d:
         6d:ea:e2:1a:85:77:82:5b:eb:ea:93:25:7c:8d:f0:39:57:d9:
         67:08:9a:3e:85:df:0d:16:59:f8:02:fc:b4:ff:e0:f8:d4:4f:
         c2:05:92:32:05:ef:91:9f:a8:59:35:ec:b0:13:79:78:8c:8f:
         36:91:c7:e0:a3:a5:c6:43:1a:3b:7f:ba:49:35:fa:2d:0f:05:
         ad:12:7d:a8:6f:34:10:8e:45:4e:08:24:f3:91:48:8b:d0:ab:
         82:b0:2c:df:b8:7b:df:35:d6:f6:7b:d8:ab:ff:da:6d:3b:fc:
         54:11:b0:dc:46:b9:31:97:e7:54:45:9b:fc:a1:97:17:13:8f:
         f6:dc:7f:51:8e:45:f2:3a:ac:13:ca:6a:30:35:a1:60:65:67:
         3e:42:05:dc:9f:3e:18:00:63:2e:7a:64:9d:ce:6e:5b:7e:0e:
         00:72:1e:4f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUV5CykA+QK8kA0FvkOhbGbb2kWf8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAyMTIxNzE5MjZaFw0yNTAyMTAxNzI0MjZaMDMxMTAvBgNV
BAMTKDY4QTlGMTEwMTM5MzNBMTM5QzBFRjBBM0E4Njk5QzQxQTg5NDhDNjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEr/42TBXuEdd0fULI8wERLsl0
fLDvIp1IdTvkWe+C+DEQ/lVBnGyvPsVgs/JRSbW0p0+m7yamLj0hFW5O/1QsmruO
PDeAF2ccjgNwTgAyflTWUfv/GDxsQaJLGErIHHyKfjXRgEKu/Hl0JydwZaNRXnF4
XmU5bNDsMUkZ10c3BsJ5JrBtygaEJNJW+2FYIYtrJb9JCwMQRq/bgocdNeYspRWl
id/M/ybT2ob2zR+nDhVE6ObcMDwrHFN0+Lix6S+yNQxVkq4dKRuqaKC70ZSsKva1
2GkFq0ktplImweBFbsqehfPBAzOm2eFZPzNePHVmQd6muBxuy80bnIUDrH9tAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUaKnxEBOTOhOcDvCjqGmcQaiUjGcwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNjM4MDEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAC11gID
BAC11iEwDQYJKoZIhvcNAQELBQADggEBAGj1UGMLjqPQAljcttoQE/i9eaSyPQGn
yyFQL+YRDvBEoaWFRwl/qAW96LKFUMSa6KHwe2N7A3yowJr+Szxr/PGA9eCujMGp
CT8+FINtpcPz9IbA0wAnA49WbW3q4hqFd4Jb6+qTJXyN8DlX2WcImj6F3w0WWfgC
/LT/4PjUT8IFkjIF75GfqFk17LATeXiMjzaRx+CjpcZDGjt/ukk1+i0PBa0Sfahv
NBCORU4IJPORSIvQq4KwLN+4e9811vZ72Kv/2m07/FQRsNxGuTGX51RFm/yhlxcT
j/bcf1GORfI6rBPKajA1oWBlZz5CBdyfPhgAYy56ZJ3Oblt+DgByHk8=
-----END CERTIFICATE-----