Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS197537.roa
File:                     AS197537.roa (raw, json)
Hash identifier:          y8uXUEC5c91wNxLIZ9+kgsYAx/MOu6s5+s0U1V9OF+k=
Subject key identifier:   63:10:91:40:3B:9F:D0:35:48:6E:98:E8:AB:3F:31:2A:4E:03:31:25
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       62150E86357AB8FB596883D951693423A1C8E37B
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS197537.roa
Signing time:             Fri 24 Jan 2025 14:25:26 +0000
ROA not before:           Fri 24 Jan 2025 14:20:26 +0000
ROA not after:            Fri 23 Jan 2026 14:25:26 +0000
asID:                     197537
IP address blocks:        82.21.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:15:0e:86:35:7a:b8:fb:59:68:83:d9:51:69:34:23:a1:c8:e3:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan 24 14:20:26 2025 GMT
            Not After : Jan 23 14:25:26 2026 GMT
        Subject: CN=631091403B9FD035486E98E8AB3F312A4E033125
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c9:90:34:f9:51:a3:22:7a:52:c7:22:c6:bc:
                    fb:15:62:ec:9e:31:e5:02:4f:ba:6f:e0:cb:e3:c1:
                    f1:af:bf:e3:4e:7b:10:90:2c:5d:83:22:b2:d4:c2:
                    9c:78:3d:91:e7:d3:30:4d:73:b1:a5:84:ed:d6:8c:
                    c4:3f:b2:96:13:59:b8:cc:ec:29:9d:dc:9c:2f:0d:
                    f1:fe:71:fb:f8:47:54:0e:64:c3:57:b3:b7:70:5f:
                    12:cf:34:3b:fb:24:69:4e:b3:0f:7e:48:08:ea:e2:
                    12:ac:7b:6d:26:34:b2:bf:fc:1a:92:6d:37:8e:49:
                    95:3a:0a:91:05:af:86:ec:13:9e:30:8f:b5:04:76:
                    58:22:ab:0b:c5:61:9e:74:cf:4d:f1:c8:f4:5e:99:
                    80:d4:13:03:1f:85:1f:9e:6b:01:fd:7b:41:df:28:
                    40:1a:a4:52:1e:9b:c9:95:61:f6:c0:2f:a9:0b:71:
                    f4:f3:b2:67:2b:8f:ff:a4:fe:62:79:b1:f9:15:fe:
                    e2:b7:51:b1:b4:6e:a2:fb:f9:5c:09:ef:35:6b:60:
                    89:9e:a8:47:62:55:a9:11:5f:9e:c8:e9:b5:44:fa:
                    41:3d:82:09:73:06:4a:2b:4c:77:1e:a2:18:bd:62:
                    84:55:72:47:2e:3a:39:c5:2c:27:e1:3a:5b:4c:9b:
                    89:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:10:91:40:3B:9F:D0:35:48:6E:98:E8:AB:3F:31:2A:4E:03:31:25
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS197537.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:05:ae:09:a9:39:1e:b3:a0:8a:cb:03:3a:09:2f:60:8a:1a:
         65:4a:f5:f5:1e:8a:66:26:f7:a4:0a:f6:1b:e7:29:c9:81:c1:
         4e:75:66:58:1d:fb:9f:bb:03:b9:24:17:87:5e:e2:13:89:84:
         80:23:b4:6b:54:0a:c4:7d:d6:2c:23:ce:6a:f1:f7:d9:54:0d:
         08:0f:d0:52:88:56:f4:c5:52:35:1a:b8:d5:c2:33:cf:72:f1:
         bb:6e:17:0e:4d:9a:8f:51:0b:38:e7:23:5f:14:5f:7f:12:6c:
         03:69:1d:be:4e:32:71:c4:99:98:8b:74:a4:18:90:b0:1e:e4:
         83:8a:df:29:c2:f3:ac:d2:93:d3:4f:57:0e:2f:27:3f:8e:a0:
         b2:fd:e0:a3:3c:d3:40:35:17:9f:e3:63:d7:6b:b5:a1:fd:66:
         39:79:59:fb:f8:b1:8e:c1:ac:45:22:8b:9e:0f:81:7b:3f:56:
         3a:4d:f0:b2:47:45:52:22:44:7d:d5:47:17:8e:d5:fc:85:1f:
         8c:f6:f5:da:ad:f3:c5:db:48:3e:ea:44:bf:80:a8:e8:fc:8f:
         33:62:82:d0:79:13:ee:5e:9b:93:88:e4:08:52:a5:7b:18:dc:
         4d:db:35:7a:72:a0:a1:2c:7b:e7:cd:d9:fc:f9:1b:94:2b:f9:
         e5:22:2e:47
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUYhUOhjV6uPtZaIPZUWk0I6HI43swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAxMjQxNDIwMjZaFw0yNjAxMjMxNDI1MjZaMDMxMTAvBgNV
BAMTKDYzMTA5MTQwM0I5RkQwMzU0ODZFOThFOEFCM0YzMTJBNEUwMzMxMjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuyZA0+VGjInpSxyLGvPsVYuye
MeUCT7pv4MvjwfGvv+NOexCQLF2DIrLUwpx4PZHn0zBNc7GlhO3WjMQ/spYTWbjM
7Cmd3JwvDfH+cfv4R1QOZMNXs7dwXxLPNDv7JGlOsw9+SAjq4hKse20mNLK//BqS
bTeOSZU6CpEFr4bsE54wj7UEdlgiqwvFYZ50z03xyPRemYDUEwMfhR+eawH9e0Hf
KEAapFIem8mVYfbAL6kLcfTzsmcrj/+k/mJ5sfkV/uK3UbG0bqL7+VwJ7zVrYIme
qEdiVakRX57I6bVE+kE9gglzBkorTHceohi9YoRVckcuOjnFLCfhOltMm4khAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUYxCRQDuf0DVIbpjoqz8xKk4DMSUwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTk3NTM3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhVN
MA0GCSqGSIb3DQEBCwUAA4IBAQChBa4JqTkes6CKywM6CS9gihplSvX1HopmJvek
CvYb5ynJgcFOdWZYHfufuwO5JBeHXuITiYSAI7RrVArEfdYsI85q8ffZVA0ID9BS
iFb0xVI1GrjVwjPPcvG7bhcOTZqPUQs45yNfFF9/EmwDaR2+TjJxxJmYi3SkGJCw
HuSDit8pwvOs0pPTT1cOLyc/jqCy/eCjPNNANRef42PXa7Wh/WY5eVn7+LGOwaxF
IoueD4F7P1Y6TfCyR0VSIkR91UcXjtX8hR+M9vXarfPF20g+6kS/gKjo/I8zYoLQ
eRPuXpuTiOQIUqV7GNxN2zV6cqChLHvnzdn8+RuUK/nlIi5H
-----END CERTIFICATE-----