Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS152672.roa
File:                     AS152672.roa (raw, json)
Hash identifier:          iPPdPJjKYMb4ZYN/9XfjbmhSqXauWkbZ0LQeH7E8sj8=
Subject key identifier:   3D:A7:22:F2:3F:E4:32:3D:C5:F4:F8:50:23:24:19:2F:18:F4:04:56
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       573FB525496D34FB4329968D65CBE686377F689C
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS152672.roa
Signing time:             Mon 14 Apr 2025 06:54:01 +0000
ROA not before:           Mon 14 Apr 2025 06:49:01 +0000
ROA not after:            Mon 13 Apr 2026 06:54:01 +0000
asID:                     152672
IP address blocks:        191.96.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 10:58:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:3f:b5:25:49:6d:34:fb:43:29:96:8d:65:cb:e6:86:37:7f:68:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr 14 06:49:01 2025 GMT
            Not After : Apr 13 06:54:01 2026 GMT
        Subject: CN=3DA722F23FE4323DC5F4F8502324192F18F40456
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:a7:d0:7a:cb:de:30:e6:0e:01:a9:ee:b7:2d:
                    14:04:42:64:b1:c9:35:d5:b1:fa:11:a8:0e:93:1e:
                    1f:cc:75:2f:e0:96:d0:b9:e6:c4:52:25:64:b5:25:
                    b4:ce:78:b4:18:0d:ec:87:60:59:38:d4:b4:37:f8:
                    04:00:07:39:79:df:3a:79:2c:5a:3f:c4:9e:b3:f9:
                    f9:27:5d:cd:56:3a:c3:6a:a3:f5:ed:2e:6d:78:fe:
                    34:3d:92:e1:9a:00:cd:1d:f0:9b:a4:38:61:36:df:
                    45:b6:b6:c8:4a:ba:34:8a:60:13:61:ea:ee:00:e6:
                    20:ee:96:ab:5e:32:e4:46:51:96:e6:e5:47:5b:7b:
                    af:96:bb:7b:95:23:aa:6d:fb:1a:24:53:3b:bb:3b:
                    db:9a:21:fc:f7:ad:90:9a:35:e0:d5:a5:da:23:88:
                    5b:0d:7a:98:57:2f:ac:c3:aa:55:89:bf:79:1e:83:
                    8b:4d:16:cd:ea:98:7f:5e:60:c0:24:1b:f0:95:e4:
                    2f:c4:32:c5:c4:81:33:fb:27:15:8b:47:77:2c:f0:
                    6c:5d:65:4b:bd:c3:f9:39:38:f9:ac:81:3d:3a:3a:
                    a5:0b:13:7c:61:aa:e7:2b:36:a3:d2:84:55:a1:67:
                    46:d1:08:c2:4a:2b:5d:48:86:4f:cf:6a:4a:8f:76:
                    db:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:A7:22:F2:3F:E4:32:3D:C5:F4:F8:50:23:24:19:2F:18:F4:04:56
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS152672.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:24:8e:5e:1d:1e:1d:f3:6a:c0:1c:31:c3:5f:a2:b3:fb:dd:
         13:6b:80:97:ce:33:3d:e3:bc:32:dd:dc:07:ec:6b:b1:b5:7f:
         fd:ac:3f:37:75:b2:0a:4e:e6:1c:00:74:4b:a2:01:08:b3:75:
         e5:8d:36:5d:3f:f5:e0:99:5b:57:2b:81:ad:5a:d3:15:1e:a7:
         5e:3a:cf:ea:29:86:ee:f4:23:cf:b6:39:ce:7d:7e:4e:60:db:
         af:c7:91:59:ea:88:a7:e0:76:41:b1:4e:71:cd:30:02:2c:89:
         ee:76:06:ca:47:84:af:71:8b:3d:b3:69:2c:ce:58:38:aa:58:
         e6:f1:20:d7:64:d6:c0:45:62:89:4f:34:e8:9d:7d:2e:43:3c:
         61:c7:3b:15:2c:b8:12:be:03:44:ec:00:70:19:9d:29:fd:17:
         95:ff:a1:be:f5:7e:c5:fd:db:42:a7:35:d9:08:b7:ea:78:56:
         27:e0:22:d1:81:2b:df:d0:f2:e0:6c:c0:6f:d4:80:cf:76:94:
         39:5d:52:09:c6:27:28:ca:7d:eb:e6:8c:a6:fa:37:be:0f:55:
         04:fb:b4:91:c4:37:6e:3a:0b:c1:2e:c8:99:94:64:51:48:65:
         33:d6:8b:c1:8c:7e:12:31:be:2f:9e:02:57:cb:ad:b5:c4:51:
         7e:84:d4:c0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUVz+1JUltNPtDKZaNZcvmhjd/aJwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA0MTQwNjQ5MDFaFw0yNjA0MTMwNjU0MDFaMDMxMTAvBgNV
BAMTKDNEQTcyMkYyM0ZFNDMyM0RDNUY0Rjg1MDIzMjQxOTJGMThGNDA0NTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpp9B6y94w5g4Bqe63LRQEQmSx
yTXVsfoRqA6THh/MdS/gltC55sRSJWS1JbTOeLQYDeyHYFk41LQ3+AQABzl53zp5
LFo/xJ6z+fknXc1WOsNqo/XtLm14/jQ9kuGaAM0d8JukOGE230W2tshKujSKYBNh
6u4A5iDulqteMuRGUZbm5Udbe6+Wu3uVI6pt+xokUzu7O9uaIfz3rZCaNeDVpdoj
iFsNephXL6zDqlWJv3keg4tNFs3qmH9eYMAkG/CV5C/EMsXEgTP7JxWLR3cs8Gxd
ZUu9w/k5OPmsgT06OqULE3xhqucrNqPShFWhZ0bRCMJKK11Ihk/PakqPdttHAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUPaci8j/kMj3F9PhQIyQZLxj0BFYwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTUyNjcyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2CS
MA0GCSqGSIb3DQEBCwUAA4IBAQA/JI5eHR4d82rAHDHDX6Kz+90Ta4CXzjM947wy
3dwH7GuxtX/9rD83dbIKTuYcAHRLogEIs3XljTZdP/XgmVtXK4GtWtMVHqdeOs/q
KYbu9CPPtjnOfX5OYNuvx5FZ6oin4HZBsU5xzTACLInudgbKR4SvcYs9s2kszlg4
qljm8SDXZNbARWKJTzTonX0uQzxhxzsVLLgSvgNE7ABwGZ0p/ReV/6G+9X7F/dtC
pzXZCLfqeFYn4CLRgSvf0PLgbMBv1IDPdpQ5XVIJxicoyn3r5oym+je+D1UE+7SR
xDduOgvBLsiZlGRRSGUz1ovBjH4SMb4vngJXy621xFF+hNTA
-----END CERTIFICATE-----