Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS14445.roa
File:                     AS14445.roa (raw, json)
Hash identifier:          NoGKQgKNzNe4OxUN4fegJs6M346Vcs++iyKJ1arKKlY=
Subject key identifier:   96:BD:DB:13:AC:7F:FA:15:E0:17:B8:4E:42:9F:88:02:F0:58:47:61
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       0357CA26388C693AD16EDB98F35E7443BF14A3D9
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS14445.roa
Signing time:             Mon 02 Jun 2025 19:10:15 +0000
ROA not before:           Mon 02 Jun 2025 19:05:15 +0000
ROA not after:            Mon 01 Jun 2026 19:10:15 +0000
asID:                     14445
IP address blocks:        92.242.184.0/24 maxlen: 24
                          181.214.101.0/24 maxlen: 24
                          193.58.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 19:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:57:ca:26:38:8c:69:3a:d1:6e:db:98:f3:5e:74:43:bf:14:a3:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun  2 19:05:15 2025 GMT
            Not After : Jun  1 19:10:15 2026 GMT
        Subject: CN=96BDDB13AC7FFA15E017B84E429F8802F0584761
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:2b:35:28:6d:2c:93:e7:e2:51:92:5c:8c:b7:
                    f4:90:30:f0:a9:a5:4d:d2:2d:de:76:ff:ab:73:da:
                    4c:0c:40:42:e1:92:77:24:ae:3d:5d:ad:3c:7a:53:
                    c4:61:3a:e2:0b:0b:a4:24:ea:ad:59:b2:1f:33:f6:
                    55:c8:43:3a:c9:17:fe:e6:fb:6d:65:ed:3c:b2:7a:
                    c4:89:05:8c:0d:83:d7:81:57:fa:dc:8d:98:f3:9f:
                    88:9c:ad:97:d0:68:bd:58:1f:81:43:60:23:ef:76:
                    df:2f:62:59:78:38:e5:f8:17:8c:4e:ca:9f:1f:37:
                    27:f4:24:08:b3:ce:69:dd:06:c5:8a:6f:14:e8:50:
                    07:e1:97:b7:82:3c:11:5a:39:a4:35:8d:41:89:87:
                    fa:5a:d8:9c:bf:a6:3b:7c:9d:44:1f:11:1a:26:ab:
                    4a:1c:d3:ab:17:97:5b:91:2e:57:7f:6b:09:bd:5d:
                    c7:a0:5d:09:57:ed:04:1c:f2:34:2c:bd:26:1a:b8:
                    38:19:26:d6:df:96:5c:b7:6a:db:cd:8a:99:c1:d9:
                    96:10:ff:81:5a:e9:a1:12:9e:9b:f7:66:62:d1:c6:
                    b0:ed:c9:d0:a1:35:b3:3d:ea:0e:fd:4e:9d:63:0f:
                    69:ff:08:e7:38:30:cf:63:40:e5:b5:61:52:e0:09:
                    63:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:BD:DB:13:AC:7F:FA:15:E0:17:B8:4E:42:9F:88:02:F0:58:47:61
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS14445.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.242.184.0/24
                  181.214.101.0/24
                  193.58.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:70:8e:bb:40:1d:67:15:95:0d:e6:b6:70:55:85:f2:45:d4:
         c8:07:55:6d:6b:ea:1d:29:d3:fd:19:9b:b7:ea:ea:d8:5f:64:
         2e:8c:88:56:f9:44:d8:f4:65:45:8f:25:e7:5b:0a:fd:be:cc:
         83:e6:18:f7:59:b6:7c:b1:67:d2:f8:f3:49:d1:93:67:5e:02:
         f1:91:71:8a:26:0e:d2:49:6d:e0:d7:a4:68:62:b9:45:f4:4e:
         5d:59:e7:0b:0b:38:ce:af:ce:e4:68:f1:ab:af:43:c1:1e:11:
         8f:b9:78:4b:a6:f5:97:41:66:89:9d:56:3a:e1:32:3a:2f:f5:
         3c:9b:5b:6b:73:67:43:98:45:c5:3f:c2:fb:92:6b:d2:7b:4a:
         52:9c:76:f3:28:af:1b:d7:12:b8:6e:c2:b5:45:a1:93:fe:c7:
         94:a0:be:d8:8b:fc:7b:30:2a:5f:ac:6c:ba:25:54:9a:d5:4c:
         37:53:df:5a:f3:fc:78:3e:b1:fb:bf:26:13:e2:c9:e9:0b:86:
         2c:c7:cf:80:06:47:af:5d:85:b7:d2:2b:2b:0c:c8:7f:3e:e3:
         1e:ad:48:f7:3d:aa:ea:78:8e:b0:c4:22:58:91:69:ff:48:53:
         58:53:b7:8e:14:d1:a8:9e:27:52:26:11:bf:f6:b3:90:5b:36:
         b4:0f:9f:f3
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUA1fKJjiMaTrRbtuY8150Q78Uo9kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MDIxOTA1MTVaFw0yNjA2MDExOTEwMTVaMDMxMTAvBgNV
BAMTKDk2QkREQjEzQUM3RkZBMTVFMDE3Qjg0RTQyOUY4ODAyRjA1ODQ3NjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiKzUobSyT5+JRklyMt/SQMPCp
pU3SLd52/6tz2kwMQELhknckrj1drTx6U8RhOuILC6Qk6q1Zsh8z9lXIQzrJF/7m
+21l7TyyesSJBYwNg9eBV/rcjZjzn4icrZfQaL1YH4FDYCPvdt8vYll4OOX4F4xO
yp8fNyf0JAizzmndBsWKbxToUAfhl7eCPBFaOaQ1jUGJh/pa2Jy/pjt8nUQfERom
q0oc06sXl1uRLld/awm9XcegXQlX7QQc8jQsvSYauDgZJtbflly3atvNipnB2ZYQ
/4Fa6aESnpv3ZmLRxrDtydChNbM96g79Tp1jD2n/COc4MM9jQOW1YVLgCWPRAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUlr3bE6x/+hXgF7hOQp+IAvBYR2EwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTQ0NDUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBABc8rgD
BAC11mUDBADBOmowDQYJKoZIhvcNAQELBQADggEBAD1wjrtAHWcVlQ3mtnBVhfJF
1MgHVW1r6h0p0/0Zm7fq6thfZC6MiFb5RNj0ZUWPJedbCv2+zIPmGPdZtnyxZ9L4
80nRk2deAvGRcYomDtJJbeDXpGhiuUX0Tl1Z5wsLOM6vzuRo8auvQ8EeEY+5eEum
9ZdBZomdVjrhMjov9TybW2tzZ0OYRcU/wvuSa9J7SlKcdvMorxvXErhuwrVFoZP+
x5SgvtiL/HswKl+sbLolVJrVTDdT31rz/Hg+sfu/JhPiyekLhizHz4AGR69dhbfS
KysMyH8+4x6tSPc9qup4jrDEIliRaf9IU1hTt44U0aieJ1ImEb/2s5BbNrQPn/M=
-----END CERTIFICATE-----