Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS149428.roa
File:                     AS149428.roa (raw, json)
Hash identifier:          5dJrCpXCnKj/CrY4n06iAxlAOa07LT7xTYO2Gitfy+8=
Subject key identifier:   8D:BB:62:A3:AE:B4:F3:CE:06:E6:11:3A:F8:3E:92:8F:8B:65:6E:38
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       69CCD4A8904E62B0BF184182E37C533B534D5BF7
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS149428.roa
Signing time:             Thu 12 Jun 2025 14:16:31 +0000
ROA not before:           Thu 12 Jun 2025 14:11:31 +0000
ROA not after:            Thu 11 Jun 2026 14:16:31 +0000
asID:                     149428
IP address blocks:        2a0a:a603::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 19:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:cc:d4:a8:90:4e:62:b0:bf:18:41:82:e3:7c:53:3b:53:4d:5b:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 12 14:11:31 2025 GMT
            Not After : Jun 11 14:16:31 2026 GMT
        Subject: CN=8DBB62A3AEB4F3CE06E6113AF83E928F8B656E38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:58:30:a5:ca:9d:c1:9a:05:70:45:4e:58:63:
                    23:03:94:46:18:25:ba:93:e6:c7:23:75:2d:ba:dc:
                    08:d4:cb:59:b8:b8:a4:32:49:46:8c:ff:3c:2c:47:
                    14:f2:45:45:8d:3d:20:0d:cd:cc:92:60:cd:6e:2e:
                    89:ee:25:96:a7:74:36:eb:0c:f2:80:dc:e5:fb:fd:
                    94:15:3c:ec:1b:96:10:4d:f7:85:9c:93:54:59:43:
                    20:05:7d:33:39:fe:97:82:c2:25:3a:d9:81:08:a5:
                    49:46:10:61:28:36:2b:aa:5a:e4:03:d4:11:bd:b1:
                    1b:b2:81:33:8f:ca:be:1e:c8:e0:28:d9:54:ac:b5:
                    f7:92:99:a5:32:62:5a:46:7f:e6:43:15:9d:af:63:
                    fd:98:7d:65:16:49:f8:10:5d:11:56:63:28:4a:c8:
                    30:35:f2:3e:e6:7a:8d:06:2f:61:6a:02:08:55:e3:
                    8e:ac:d6:89:0a:d2:50:1f:f7:1d:db:e3:bf:d3:39:
                    32:b1:f4:0b:5d:2d:af:30:c3:15:d1:9b:50:99:3d:
                    37:76:29:a1:a0:5d:0b:93:bc:81:c9:5c:32:f9:1b:
                    bd:5f:f8:c2:67:90:a9:60:c7:52:63:cd:88:d6:26:
                    68:66:50:97:b0:dd:c5:70:5f:17:20:fe:61:cc:3c:
                    43:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:BB:62:A3:AE:B4:F3:CE:06:E6:11:3A:F8:3E:92:8F:8B:65:6E:38
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS149428.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:a603::/32

    Signature Algorithm: sha256WithRSAEncryption
         3f:0b:4d:8a:e3:3d:fd:b8:48:c2:20:00:83:c0:8e:44:40:b9:
         f7:ab:22:18:b2:49:50:32:50:54:cb:39:2f:80:78:65:28:00:
         a8:de:81:b0:6c:e7:89:05:b8:61:a7:cf:02:e8:5e:55:e7:a3:
         44:a4:c5:6f:91:c6:2b:3c:f6:45:c4:a8:2f:e2:aa:ea:a5:be:
         71:32:84:51:e0:92:fd:89:05:aa:6a:2f:e0:35:c6:cb:f4:5e:
         06:ae:e2:34:72:3a:64:87:1c:30:d3:7d:87:12:6e:2e:39:96:
         9a:e3:06:7a:59:dd:31:7a:cf:e4:1b:1f:d0:ed:67:c4:3f:c5:
         ae:d9:68:c1:cc:6e:fb:f2:e1:51:82:d3:02:88:3e:dc:c9:d5:
         3b:b2:9d:14:db:51:c4:84:8e:ef:77:f3:a0:6b:f3:03:e0:16:
         55:07:2c:42:48:6b:e3:64:91:34:60:8a:88:23:7a:5a:d7:47:
         ad:f8:1b:8f:4d:f1:b7:8e:28:33:63:49:82:64:c9:e5:4e:ea:
         ad:19:96:b4:75:47:4b:26:b5:b4:f7:24:0d:76:35:ee:d7:f7:
         4f:eb:93:e0:8d:2c:f8:39:ef:c4:c9:62:78:7a:64:0d:e4:2d:
         3c:27:fd:7c:f1:cc:70:22:b2:29:20:f1:7f:00:6c:e6:3f:62:
         4d:ad:c7:51
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIUaczUqJBOYrC/GEGC43xTO1NNW/cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MTIxNDExMzFaFw0yNjA2MTExNDE2MzFaMDMxMTAvBgNV
BAMTKDhEQkI2MkEzQUVCNEYzQ0UwNkU2MTEzQUY4M0U5MjhGOEI2NTZFMzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZWDClyp3BmgVwRU5YYyMDlEYY
JbqT5scjdS263AjUy1m4uKQySUaM/zwsRxTyRUWNPSANzcySYM1uLonuJZandDbr
DPKA3OX7/ZQVPOwblhBN94Wck1RZQyAFfTM5/peCwiU62YEIpUlGEGEoNiuqWuQD
1BG9sRuygTOPyr4eyOAo2VSstfeSmaUyYlpGf+ZDFZ2vY/2YfWUWSfgQXRFWYyhK
yDA18j7meo0GL2FqAghV446s1okK0lAf9x3b47/TOTKx9AtdLa8wwxXRm1CZPTd2
KaGgXQuTvIHJXDL5G71f+MJnkKlgx1JjzYjWJmhmUJew3cVwXxcg/mHMPEPdAgMB
AAGjggILMIICBzAdBgNVHQ4EFgQUjbtio660884G5hE6+D6Sj4tlbjgwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTQ5NDI4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgqm
AzANBgkqhkiG9w0BAQsFAAOCAQEAPwtNiuM9/bhIwiAAg8COREC596siGLJJUDJQ
VMs5L4B4ZSgAqN6BsGzniQW4YafPAuheVeejRKTFb5HGKzz2RcSoL+Kq6qW+cTKE
UeCS/YkFqmov4DXGy/ReBq7iNHI6ZIccMNN9hxJuLjmWmuMGelndMXrP5Bsf0O1n
xD/Frtlowcxu+/LhUYLTAog+3MnVO7KdFNtRxISO73fzoGvzA+AWVQcsQkhr42SR
NGCKiCN6WtdHrfgbj03xt44oM2NJgmTJ5U7qrRmWtHVHSya1tPckDXY17tf3T+uT
4I0s+DnvxMlieHpkDeQtPCf9fPHMcCKyKSDxfwBs5j9iTa3HUQ==
-----END CERTIFICATE-----