Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS57481.roa
File:                     AS57481.roa (raw, json)
Hash identifier:          i5dYgKhalwiDwqY2zWHMgblDkXtYEBZtjcA0WHiFPXQ=
Subject key identifier:   E1:2F:32:AF:70:E7:EF:FA:09:A7:98:6E:EA:B7:9C:42:7B:F0:04:54
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       7A61CF33BCA9C04F401C91F138CD2F9C5F35429B
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS57481.roa
Signing time:             Tue 04 Feb 2025 00:17:07 +0000
ROA not before:           Tue 04 Feb 2025 00:12:07 +0000
ROA not after:            Tue 03 Feb 2026 00:17:07 +0000
asID:                     57481
IP address blocks:        2a14:7581:fff::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 14:04:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:61:cf:33:bc:a9:c0:4f:40:1c:91:f1:38:cd:2f:9c:5f:35:42:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Feb  4 00:12:07 2025 GMT
            Not After : Feb  3 00:17:07 2026 GMT
        Subject: CN=E12F32AF70E7EFFA09A7986EEAB79C427BF00454
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:c9:37:84:15:ab:83:ca:42:1e:8d:08:f5:a7:
                    63:94:ff:5c:76:c0:62:9f:ab:d1:90:f4:9a:13:36:
                    7d:6f:26:9c:95:e2:7a:40:af:0c:a0:a7:4d:2d:6b:
                    56:c4:c1:28:65:d4:54:d7:ba:ea:62:83:c7:9d:3c:
                    ba:48:e5:c6:aa:c2:65:5b:fd:a9:eb:3a:f3:1e:8f:
                    28:dd:ef:14:b2:ce:5b:ed:45:04:7e:26:a8:4d:84:
                    29:8f:32:0f:2c:22:fa:42:7c:8a:31:98:0c:49:dd:
                    88:32:a9:4e:cb:eb:d4:05:21:fb:ce:36:37:86:46:
                    76:66:b6:a9:99:03:7d:3a:f4:d4:29:62:12:37:68:
                    fa:65:5c:2a:f6:17:96:b7:10:4e:87:ff:ce:0c:7a:
                    85:59:c2:be:ee:c3:b4:2d:79:58:80:65:8a:50:7a:
                    b3:77:df:f2:38:7f:65:2f:f3:d1:d9:11:94:8c:fc:
                    19:17:3f:41:55:72:23:99:fa:28:64:dd:4c:b9:25:
                    04:3a:87:13:16:78:44:49:0c:07:77:cf:f6:a3:d8:
                    c0:78:fa:0e:f5:98:32:b2:f1:6f:5e:26:06:34:ef:
                    62:8b:73:ed:a5:51:66:42:a1:5f:09:4b:32:b5:df:
                    25:10:5b:ae:8d:b9:15:87:19:3f:90:55:7a:36:f4:
                    44:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:2F:32:AF:70:E7:EF:FA:09:A7:98:6E:EA:B7:9C:42:7B:F0:04:54
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS57481.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:fff::/48

    Signature Algorithm: sha256WithRSAEncryption
         28:5c:30:54:3e:ea:e8:b1:35:e4:ea:5c:4f:e7:50:f5:0b:69:
         8b:5a:76:b2:55:2d:52:70:ec:5b:5f:04:72:c7:8c:b8:55:a1:
         b6:5d:4d:85:fb:19:0c:35:41:3e:b0:7c:23:93:5d:e9:84:db:
         e1:eb:87:23:7d:49:0a:38:8d:f8:b5:66:f1:c4:04:af:28:c7:
         0b:7f:77:28:8d:b6:27:4b:96:c9:79:c0:65:de:e3:c2:a5:b2:
         d5:e2:b2:a5:f0:10:66:91:7f:34:33:92:05:55:b6:c4:c7:d8:
         76:96:be:fb:dd:29:5f:ee:a9:3f:50:ce:c5:49:38:93:48:de:
         6a:04:8d:f1:e1:ae:17:40:d9:b7:3c:09:c5:f5:25:eb:26:83:
         d7:15:83:94:10:6b:30:ff:cb:e9:88:4c:44:56:e3:df:a4:c2:
         9f:93:82:d3:fd:bf:c0:a8:a3:0c:fd:7b:a7:2d:85:a6:03:fa:
         d4:c5:3d:c4:f1:9f:d1:37:82:95:24:91:a4:85:0f:42:5a:a4:
         2d:a5:1c:bb:87:50:f8:62:9f:6a:9b:b1:bb:f6:27:1a:37:8d:
         8b:a3:5e:ad:56:4e:ff:9c:66:5a:7e:f8:21:e9:9a:8b:89:89:
         94:eb:e4:58:61:d1:dc:db:fd:8d:52:6d:1d:60:9c:48:5c:d2:
         56:8e:da:63
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUemHPM7ypwE9AHJHxOM0vnF81QpswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTAyMDQwMDEyMDdaFw0yNjAyMDMwMDE3MDdaMDMxMTAvBgNV
BAMTKEUxMkYzMkFGNzBFN0VGRkEwOUE3OTg2RUVBQjc5QzQyN0JGMDA0NTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvyTeEFauDykIejQj1p2OU/1x2
wGKfq9GQ9JoTNn1vJpyV4npArwygp00ta1bEwShl1FTXuupig8edPLpI5caqwmVb
/anrOvMejyjd7xSyzlvtRQR+JqhNhCmPMg8sIvpCfIoxmAxJ3YgyqU7L69QFIfvO
NjeGRnZmtqmZA3069NQpYhI3aPplXCr2F5a3EE6H/84MeoVZwr7uw7QteViAZYpQ
erN33/I4f2Uv89HZEZSM/BkXP0FVciOZ+ihk3Uy5JQQ6hxMWeERJDAd3z/aj2MB4
+g71mDKy8W9eJgY072KLc+2lUWZCoV8JSzK13yUQW66NuRWHGT+QVXo29EStAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQU4S8yr3Dn7/oJp5hu6recQnvwBFQwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTNTc0ODEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqFHWB
D/8wDQYJKoZIhvcNAQELBQADggEBAChcMFQ+6uixNeTqXE/nUPULaYtadrJVLVJw
7FtfBHLHjLhVobZdTYX7GQw1QT6wfCOTXemE2+HrhyN9SQo4jfi1ZvHEBK8oxwt/
dyiNtidLlsl5wGXe48KlstXisqXwEGaRfzQzkgVVtsTH2HaWvvvdKV/uqT9QzsVJ
OJNI3moEjfHhrhdA2bc8CcX1Jesmg9cVg5QQazD/y+mITERW49+kwp+TgtP9v8Co
owz9e6cthaYD+tTFPcTxn9E3gpUkkaSFD0JapC2lHLuHUPhin2qbsbv2Jxo3jYuj
Xq1WTv+cZlp++CHpmouJiZTr5Fhh0dzb/Y1SbR1gnEhc0laO2mM=
-----END CERTIFICATE-----