Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS1.roa
File:                     AS1.roa (raw, json)
Hash identifier:          nkSqE+kZLrufrVUBHI4nHRzHDzWBkln4HJluupFdq9s=
Subject key identifier:   36:86:8D:24:87:8C:29:6B:B2:FB:59:C6:43:ED:4D:A2:B7:C9:14:7D
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       62BA5B8313CC85C11F08D6F48592D6D5BE8A10C1
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS1.roa
Signing time:             Sun 06 Apr 2025 08:54:00 +0000
ROA not before:           Sun 06 Apr 2025 08:49:00 +0000
ROA not after:            Sun 05 Apr 2026 08:54:00 +0000
asID:                     1
IP address blocks:        191.101.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:ba:5b:83:13:cc:85:c1:1f:08:d6:f4:85:92:d6:d5:be:8a:10:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr  6 08:49:00 2025 GMT
            Not After : Apr  5 08:54:00 2026 GMT
        Subject: CN=36868D24878C296BB2FB59C643ED4DA2B7C9147D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:93:34:42:97:1f:af:bd:67:e6:6f:f3:a0:10:
                    3d:a3:d2:b4:8b:f7:6d:99:ef:ae:98:b4:05:3c:ea:
                    32:fb:ea:1e:fb:40:d4:56:01:dd:9e:3f:6b:71:d3:
                    33:51:6b:a4:5c:c6:a0:a0:0d:65:a8:62:23:3f:60:
                    45:34:4c:47:43:ee:67:6a:98:42:88:23:ca:e0:27:
                    7e:6a:22:2e:75:6b:06:af:9e:9b:e1:1f:df:05:13:
                    ea:62:f3:9f:1f:6e:16:b4:0b:17:8f:c8:47:90:17:
                    bb:12:c0:37:02:e7:49:46:e9:41:8a:1b:ed:bc:0c:
                    65:c5:8e:93:4e:ef:74:b4:50:aa:30:0b:3d:61:94:
                    32:63:5e:74:44:4c:17:fd:70:f0:e1:89:d9:bb:a0:
                    6d:5d:d3:a3:fe:6e:2f:ff:f7:54:32:1b:6c:2a:7a:
                    72:ef:bc:f4:8d:24:41:54:31:9b:da:3f:66:ac:31:
                    66:e0:56:73:20:21:ec:74:82:30:59:17:d4:1c:64:
                    1f:6f:70:70:4d:e7:b5:99:a4:ab:f0:8a:94:47:f9:
                    b8:6a:96:64:40:04:8a:1e:d8:17:e2:7f:7a:d1:a2:
                    03:c7:96:59:61:55:f4:9e:af:59:a7:52:11:08:fc:
                    62:ea:19:1f:a2:2b:ce:61:42:84:1d:0d:50:d9:bf:
                    ee:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:86:8D:24:87:8C:29:6B:B2:FB:59:C6:43:ED:4D:A2:B7:C9:14:7D
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS1.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:6d:9a:3f:fe:c8:09:e8:bf:85:5c:59:2b:7d:52:a4:e5:18:
         03:cb:cb:a3:ff:9f:70:47:b1:a7:aa:30:ad:04:d3:c8:de:5c:
         5f:4f:cd:c1:b8:37:3b:c9:d9:2c:3b:52:3a:30:7c:03:7a:db:
         86:fc:b6:b7:be:dc:0b:e0:cc:9d:a9:2c:dc:02:d2:5c:78:c8:
         b6:ba:d2:f6:79:14:2b:cf:64:20:0a:8e:89:c7:c4:95:a5:7d:
         1c:09:ae:7f:e5:2f:d5:4b:79:b4:2f:7b:5f:76:78:b4:7c:47:
         56:ef:f1:c4:bc:fe:3b:d7:cd:39:02:78:db:55:01:54:5d:18:
         e8:ee:b8:59:cb:4d:1e:56:16:80:ff:f2:c3:28:90:af:7c:cb:
         4a:a9:5b:f6:b0:13:cb:87:1a:52:87:cd:5c:b9:a2:51:34:f3:
         74:9b:b8:03:f1:79:1b:31:8b:6b:5c:49:9a:64:06:b4:16:26:
         50:97:50:3e:f7:63:85:80:e7:56:c9:e4:00:9a:52:ef:f5:e8:
         87:26:03:5d:9a:b6:7f:8d:c8:9a:75:c7:38:c2:60:3c:2f:94:
         b4:63:10:ed:a9:27:15:6c:25:ff:31:74:74:c5:3b:8c:c3:83:
         bc:9a:f2:e2:ef:ed:b7:31:50:cc:28:ea:cf:31:d1:75:fb:8d:
         52:14:45:74
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIUYrpbgxPMhcEfCNb0hZLW1b6KEMEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA0MDYwODQ5MDBaFw0yNjA0MDUwODU0MDBaMDMxMTAvBgNV
BAMTKDM2ODY4RDI0ODc4QzI5NkJCMkZCNTlDNjQzRUQ0REEyQjdDOTE0N0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCukzRClx+vvWfmb/OgED2j0rSL
922Z766YtAU86jL76h77QNRWAd2eP2tx0zNRa6RcxqCgDWWoYiM/YEU0TEdD7mdq
mEKII8rgJ35qIi51awavnpvhH98FE+pi858fbha0CxePyEeQF7sSwDcC50lG6UGK
G+28DGXFjpNO73S0UKowCz1hlDJjXnRETBf9cPDhidm7oG1d06P+bi//91QyG2wq
enLvvPSNJEFUMZvaP2asMWbgVnMgIex0gjBZF9QcZB9vcHBN57WZpKvwipRH+bhq
lmRABIoe2Bfif3rRogPHlllhVfSer1mnUhEI/GLqGR+iK85hQoQdDVDZv+4PAgMB
AAGjggIFMIICATAdBgNVHQ4EFgQUNoaNJIeMKWuy+1nGQ+1NorfJFH0wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwdgYIKwYBBQUHAQsEajBoMGYGCCsGAQUFBzALhlpyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMS5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAL9lmTANBgkq
hkiG9w0BAQsFAAOCAQEAYm2aP/7ICei/hVxZK31SpOUYA8vLo/+fcEexp6owrQTT
yN5cX0/Nwbg3O8nZLDtSOjB8A3rbhvy2t77cC+DMnaks3ALSXHjItrrS9nkUK89k
IAqOicfElaV9HAmuf+Uv1Ut5tC97X3Z4tHxHVu/xxLz+O9fNOQJ421UBVF0Y6O64
WctNHlYWgP/ywyiQr3zLSqlb9rATy4caUofNXLmiUTTzdJu4A/F5GzGLa1xJmmQG
tBYmUJdQPvdjhYDnVsnkAJpS7/XohyYDXZq2f43ImnXHOMJgPC+UtGMQ7aknFWwl
/zF0dMU7jMODvJry4u/ttzFQzCjqzzHRdfuNUhRFdA==
-----END CERTIFICATE-----