Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214326.roa
File:                     AS214326.roa (raw, json)
Hash identifier:          Fpsdx4XWjbrxMv46gPaE2B+5aA8QrkVlk7v0aA81FCU=
Subject key identifier:   57:68:F9:7C:9F:72:4A:F9:C3:C6:EF:F9:FA:18:67:B3:C1:61:98:BD
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       78FA9AE8F34EA765C535888685EF1BA9BA344749
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214326.roa
Signing time:             Sun 03 Aug 2025 09:54:13 +0000
ROA not before:           Sun 03 Aug 2025 09:49:13 +0000
ROA not after:            Sun 02 Aug 2026 09:54:13 +0000
asID:                     214326
IP address blocks:        179.61.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:fa:9a:e8:f3:4e:a7:65:c5:35:88:86:85:ef:1b:a9:ba:34:47:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug  3 09:49:13 2025 GMT
            Not After : Aug  2 09:54:13 2026 GMT
        Subject: CN=5768F97C9F724AF9C3C6EFF9FA1867B3C16198BD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:29:d2:a4:e5:91:c6:6a:c5:a3:9f:ab:95:b2:
                    38:ae:31:e7:ce:6c:54:ce:a6:7b:22:ee:3a:eb:2f:
                    57:71:ac:e5:97:d4:e1:18:43:fb:28:70:e4:7d:ab:
                    08:7b:93:16:8b:ef:b2:93:c2:38:66:10:05:bb:90:
                    72:7a:7e:10:b5:46:48:7e:21:fe:a7:6f:28:fe:93:
                    3a:79:4d:c4:36:9a:79:ad:98:3f:4f:b1:df:78:47:
                    42:a6:7f:6a:57:65:d4:1e:78:24:92:c6:75:7d:36:
                    78:7f:b7:6c:6d:4f:c0:dc:e4:b2:00:41:67:bf:d7:
                    92:74:d6:a3:7d:7e:84:47:c4:82:6f:c2:81:63:1c:
                    f2:db:d1:1c:44:16:71:62:6c:e8:fb:14:28:76:3e:
                    a9:60:d1:69:32:c3:b9:85:f7:d3:5e:59:48:5a:04:
                    bd:e7:bc:83:2c:7f:41:52:5d:b4:9f:7a:ec:08:e7:
                    c6:54:53:de:6c:08:5c:03:d0:e4:48:f0:15:5d:c6:
                    01:07:38:70:c9:9c:15:b0:4b:61:d1:a9:07:d5:ee:
                    56:a1:bf:f3:72:fe:db:30:37:9f:1e:0b:7a:c5:87:
                    63:d6:85:3e:59:77:9d:0c:ac:a4:65:5d:a6:77:98:
                    eb:3e:56:c4:fc:cb:88:8d:a8:91:06:df:4a:16:d0:
                    1b:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:68:F9:7C:9F:72:4A:F9:C3:C6:EF:F9:FA:18:67:B3:C1:61:98:BD
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214326.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:a5:1d:9a:ef:88:4b:2a:8c:76:8a:56:bd:cd:5a:5b:ae:ad:
         f2:47:4b:5f:03:0a:5c:78:a8:e2:4c:34:37:fb:a9:ba:c8:56:
         49:5f:bb:78:93:d8:56:0a:4f:5a:9a:9e:5f:b6:f4:1b:2d:b0:
         90:96:26:f5:e1:d8:bc:a6:b8:dd:8a:97:3d:c7:4e:6e:cb:17:
         85:18:27:2c:c6:03:0b:41:14:a2:fe:94:d6:27:0a:2a:c0:4e:
         0b:14:7c:eb:e4:51:94:43:c9:11:4a:aa:d1:15:40:0f:88:ef:
         7d:5f:71:6d:0e:cc:fc:d0:2c:7a:42:b6:91:4a:19:95:87:af:
         07:af:eb:15:30:08:94:29:f1:45:ba:e8:4d:13:54:f2:b8:1b:
         e8:57:b6:76:bf:16:bc:95:75:eb:13:0a:09:fb:1b:87:d4:55:
         1a:4b:b3:30:0b:0c:b6:a8:e5:88:62:b8:db:56:4c:ad:1b:b0:
         29:85:6c:c2:4b:8b:01:30:c7:37:5f:d4:60:5f:4b:c9:96:cc:
         ff:fa:08:9c:6a:4b:3f:a6:f1:3b:dd:1b:eb:e1:b4:93:a3:12:
         97:3d:51:06:75:76:8e:d2:87:62:5c:08:61:f7:d5:ff:0a:ff:
         ee:39:7e:72:de:c9:d1:5e:26:54:f2:6b:df:fc:b5:f8:e2:9f:
         a1:59:07:dc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUePqa6PNOp2XFNYiGhe8bqbo0R0kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA4MDMwOTQ5MTNaFw0yNjA4MDIwOTU0MTNaMDMxMTAvBgNV
BAMTKDU3NjhGOTdDOUY3MjRBRjlDM0M2RUZGOUZBMTg2N0IzQzE2MTk4QkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXKdKk5ZHGasWjn6uVsjiuMefO
bFTOpnsi7jrrL1dxrOWX1OEYQ/socOR9qwh7kxaL77KTwjhmEAW7kHJ6fhC1Rkh+
If6nbyj+kzp5TcQ2mnmtmD9Psd94R0Kmf2pXZdQeeCSSxnV9Nnh/t2xtT8Dc5LIA
QWe/15J01qN9foRHxIJvwoFjHPLb0RxEFnFibOj7FCh2Pqlg0Wkyw7mF99NeWUha
BL3nvIMsf0FSXbSfeuwI58ZUU95sCFwD0ORI8BVdxgEHOHDJnBWwS2HRqQfV7lah
v/Ny/tswN58eC3rFh2PWhT5Zd50MrKRlXaZ3mOs+VsT8y4iNqJEG30oW0BspAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUV2j5fJ9ySvnDxu/5+hhns8FhmL0wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE0MzI2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsz2u
MA0GCSqGSIb3DQEBCwUAA4IBAQBlpR2a74hLKox2ila9zVpbrq3yR0tfAwpceKji
TDQ3+6m6yFZJX7t4k9hWCk9amp5ftvQbLbCQlib14di8prjdipc9x05uyxeFGCcs
xgMLQRSi/pTWJwoqwE4LFHzr5FGUQ8kRSqrRFUAPiO99X3FtDsz80Cx6QraRShmV
h68Hr+sVMAiUKfFFuuhNE1TyuBvoV7Z2vxa8lXXrEwoJ+xuH1FUaS7MwCwy2qOWI
YrjbVkytG7AphWzCS4sBMMc3X9RgX0vJlsz/+gicaks/pvE73Rvr4bSToxKXPVEG
dXaO0odiXAhh99X/Cv/uOX5y3snRXiZU8mvf/LX44p+hWQfc
-----END CERTIFICATE-----