Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202662.roa
File:                     AS202662.roa (raw, json)
Hash identifier:          lAmPntWZ4F8Mbue8yRDX9oZfHpfN9hsLjAldYe2btVk=
Subject key identifier:   1A:6F:D6:97:A0:91:E9:C1:E9:F7:31:E2:01:6A:D1:A0:84:C0:3D:2F
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4EACAE53B34CCCDFAACFF296D30D479CDF5F331A
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202662.roa
Signing time:             Mon 07 Jul 2025 05:54:13 +0000
ROA not before:           Mon 07 Jul 2025 05:49:13 +0000
ROA not after:            Mon 06 Jul 2026 05:54:13 +0000
asID:                     202662
IP address blocks:        191.96.240.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:ac:ae:53:b3:4c:cc:df:aa:cf:f2:96:d3:0d:47:9c:df:5f:33:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul  7 05:49:13 2025 GMT
            Not After : Jul  6 05:54:13 2026 GMT
        Subject: CN=1A6FD697A091E9C1E9F731E2016AD1A084C03D2F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:40:4d:5b:9d:a0:b2:d2:19:1d:e7:7b:26:3c:
                    82:e3:24:9f:33:61:cd:d7:bd:ca:c4:93:46:b2:f1:
                    71:59:28:2a:60:00:7a:a5:b7:59:1e:4d:cc:dc:d1:
                    fe:69:91:85:8c:05:19:98:1e:1e:44:ae:68:45:19:
                    ae:e9:6b:7a:b5:2e:f6:40:ab:48:5e:19:02:f0:ff:
                    e9:68:d8:e4:9a:b3:00:23:37:d7:03:e6:3e:c7:57:
                    c8:09:61:3f:1b:e9:ac:86:eb:97:43:a4:09:80:be:
                    bb:78:98:fd:8d:60:1d:72:d9:ed:48:dc:e8:ec:61:
                    b4:1c:6f:61:a7:74:67:fa:21:f4:f9:27:dd:3d:58:
                    86:65:cc:e2:c4:6d:ae:30:2b:48:5d:2e:8d:9b:f7:
                    c7:f2:ff:91:f5:0c:fc:a7:1a:48:97:73:9f:b9:d1:
                    78:ae:58:e4:e8:1b:a5:7c:81:bf:8a:da:70:83:c5:
                    43:fc:7d:2d:54:de:a7:26:e2:7b:ce:50:e8:ad:f0:
                    cf:bc:33:9a:ab:8f:93:e7:f6:ca:a9:63:fc:bf:7d:
                    26:2d:22:e1:3a:b5:9b:95:78:68:dc:35:09:9e:3d:
                    30:7c:16:af:a6:08:c9:de:7e:4c:0a:99:77:f5:ee:
                    80:27:52:b2:7e:b1:79:92:fe:46:77:d2:e7:cc:30:
                    45:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:6F:D6:97:A0:91:E9:C1:E9:F7:31:E2:01:6A:D1:A0:84:C0:3D:2F
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202662.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5b:71:1d:44:84:89:df:ed:42:9e:cc:fe:00:fb:58:b3:d9:87:
         99:93:ed:fc:35:69:20:f1:b0:1c:52:4c:f0:50:cc:e6:d6:53:
         78:1d:0d:c7:46:67:63:d3:3c:1d:e0:c0:a9:17:68:03:75:44:
         a0:5b:ac:ad:fe:fa:32:e7:c0:82:ad:23:ec:aa:4e:a0:bd:0c:
         1c:01:4e:4d:cc:24:e5:16:4d:6a:84:58:15:e0:e5:68:ef:e3:
         ae:a4:5c:40:3e:da:7c:68:82:73:6d:84:a4:95:5a:ad:6b:cc:
         64:13:2d:b1:0a:e5:ce:55:ea:2e:1a:a2:03:80:cc:41:92:fc:
         7b:15:bd:6c:7d:a0:7c:09:75:5f:ac:6d:47:a3:cb:e6:bc:ed:
         6c:f1:8d:0e:51:8a:f4:0d:89:ab:7d:74:30:ea:3d:95:a9:c7:
         51:79:38:6a:5a:bf:ad:59:c3:a2:f3:27:e6:8c:2a:5b:59:82:
         56:9a:07:47:81:10:4c:94:1a:c6:6e:b6:47:7d:b3:d2:20:8d:
         0a:4c:5c:ea:47:8f:87:6d:ca:74:e8:8e:f3:c4:0b:73:f8:e8:
         a2:25:e1:5f:0b:90:d8:02:0c:4d:9e:e3:37:89:fc:6a:79:03:
         b8:3a:f2:f9:2f:52:24:bc:ff:75:bd:f0:cb:cf:57:67:a0:2c:
         90:42:90:21
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUTqyuU7NMzN+qz/KW0w1HnN9fMxowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA3MDcwNTQ5MTNaFw0yNjA3MDYwNTU0MTNaMDMxMTAvBgNV
BAMTKDFBNkZENjk3QTA5MUU5QzFFOUY3MzFFMjAxNkFEMUEwODRDMDNEMkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClQE1bnaCy0hkd53smPILjJJ8z
Yc3XvcrEk0ay8XFZKCpgAHqlt1keTczc0f5pkYWMBRmYHh5ErmhFGa7pa3q1LvZA
q0heGQLw/+lo2OSaswAjN9cD5j7HV8gJYT8b6ayG65dDpAmAvrt4mP2NYB1y2e1I
3OjsYbQcb2GndGf6IfT5J909WIZlzOLEba4wK0hdLo2b98fy/5H1DPynGkiXc5+5
0XiuWOToG6V8gb+K2nCDxUP8fS1U3qcm4nvOUOit8M+8M5qrj5Pn9sqpY/y/fSYt
IuE6tZuVeGjcNQmePTB8Fq+mCMnefkwKmXf17oAnUrJ+sXmS/kZ30ufMMEXDAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUGm/Wl6CR6cHp9zHiAWrRoITAPS8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAyNjYyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCv2Dw
MA0GCSqGSIb3DQEBCwUAA4IBAQBbcR1EhInf7UKezP4A+1iz2YeZk+38NWkg8bAc
UkzwUMzm1lN4HQ3HRmdj0zwd4MCpF2gDdUSgW6yt/voy58CCrSPsqk6gvQwcAU5N
zCTlFk1qhFgV4OVo7+OupFxAPtp8aIJzbYSklVqta8xkEy2xCuXOVeouGqIDgMxB
kvx7Fb1sfaB8CXVfrG1Ho8vmvO1s8Y0OUYr0DYmrfXQw6j2VqcdReThqWr+tWcOi
8yfmjCpbWYJWmgdHgRBMlBrGbrZHfbPSII0KTFzqR4+Hbcp06I7zxAtz+OiiJeFf
C5DYAgxNnuM3ifxqeQO4OvL5L1IkvP91vfDLz1dnoCyQQpAh
-----END CERTIFICATE-----