Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS32159.roa
File:                     AS32159.roa (raw, json)
Hash identifier:          M8jS+0aQnWGn/dD89S3+Na2e9JzZKvnK9eWSxLPgKJU=
Subject key identifier:   3B:88:78:03:73:B7:13:CF:C4:68:36:22:DD:0B:31:75:C9:61:B6:CB
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       2E7CE2BED5619EC4C4912BFA33CEA1E33D9A78C6
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS32159.roa
Signing time:             Sat 14 Jun 2025 00:54:09 +0000
ROA not before:           Sat 14 Jun 2025 00:49:09 +0000
ROA not after:            Sat 13 Jun 2026 00:54:09 +0000
asID:                     32159
IP address blocks:        181.214.182.0/24 maxlen: 24
                          181.214.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 19:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:7c:e2:be:d5:61:9e:c4:c4:91:2b:fa:33:ce:a1:e3:3d:9a:78:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 14 00:49:09 2025 GMT
            Not After : Jun 13 00:54:09 2026 GMT
        Subject: CN=3B88780373B713CFC4683622DD0B3175C961B6CB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:b4:ed:cc:6c:02:ec:7f:fc:09:4a:01:00:60:
                    47:d8:06:89:e1:0a:f8:01:65:b4:65:16:23:19:9d:
                    5a:80:6f:f0:ca:42:fa:67:e0:a2:92:5d:f0:2d:f1:
                    55:38:72:66:d4:a7:62:f4:6d:0c:6e:b8:01:be:b1:
                    8b:66:f1:e4:bd:ac:ff:5d:d3:42:7e:b1:30:e5:9b:
                    28:9b:53:97:ba:52:1d:b3:49:69:1b:f7:eb:b3:f4:
                    7e:d4:25:31:2d:4e:59:68:2f:cb:f7:bb:28:dd:fb:
                    a1:5d:ac:40:9b:9e:1d:54:a4:0a:19:9b:d7:3e:fd:
                    30:cb:8e:2f:4c:da:c4:b0:23:8a:22:2a:3a:b1:56:
                    6c:f6:da:f8:cc:79:e1:85:05:db:67:f2:c5:c5:c9:
                    44:e7:91:6d:98:aa:c7:18:24:71:da:7a:31:6b:16:
                    bd:59:6f:d0:10:bb:5e:fa:30:9c:c2:a1:f6:16:fb:
                    14:99:cd:f5:ef:e4:1b:c6:89:53:4b:c2:9a:46:a5:
                    1d:fe:dd:b3:dd:b8:0e:e0:4f:63:b8:c0:45:d4:b0:
                    38:ba:78:5d:05:21:dd:b8:a1:49:7c:3c:9c:d3:a9:
                    2e:6b:2a:b3:d5:87:2b:75:61:40:e8:29:52:ef:7f:
                    21:a3:c7:a0:ad:bb:0c:e9:2d:6f:d9:b7:b8:b1:66:
                    47:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:88:78:03:73:B7:13:CF:C4:68:36:22:DD:0B:31:75:C9:61:B6:CB
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS32159.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.182.0/24
                  181.214.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:3f:e1:4a:f5:6a:e2:33:f7:f0:88:6d:25:7a:26:27:bf:25:
         83:a9:7a:63:ec:5f:d0:66:ef:87:20:13:47:11:a9:13:d7:b8:
         3c:22:a4:56:96:4b:e6:ff:82:8d:0c:4a:ae:3b:ca:32:8f:92:
         1f:a5:8a:35:e6:16:32:b5:c0:4b:aa:54:8c:13:0f:79:cc:0a:
         ab:72:0f:45:06:55:44:a3:1b:b7:eb:9c:fb:32:90:dd:17:20:
         28:4c:86:cc:6f:d3:dc:88:04:ed:fa:66:57:8e:89:bf:bb:a1:
         06:69:22:13:36:38:da:c4:50:de:b5:a9:7e:0a:b9:72:7d:ff:
         d3:3f:b2:0f:35:4b:99:82:4e:06:29:1c:4b:cb:cd:c3:35:3d:
         bc:31:22:8f:87:80:8b:8e:14:a9:de:de:35:cd:75:ef:ac:06:
         7d:67:e9:af:b3:2d:00:32:ef:4d:c7:85:7a:12:da:b6:4d:c0:
         8a:52:cf:fc:ce:62:78:ca:fa:5a:f1:e5:4e:c2:19:4e:49:94:
         50:55:e7:d2:28:d0:06:4f:92:ea:35:d5:f0:31:c6:69:c7:f7:
         31:30:22:6d:9b:1a:ad:16:8c:ab:97:a5:77:bf:5b:1d:94:12:
         d4:19:eb:55:32:e7:3c:2c:98:76:ac:f1:ba:1b:95:0d:be:e8:
         fb:2a:bb:4c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIULnzivtVhnsTEkSv6M86h4z2aeMYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MTQwMDQ5MDlaFw0yNjA2MTMwMDU0MDlaMDMxMTAvBgNV
BAMTKDNCODg3ODAzNzNCNzEzQ0ZDNDY4MzYyMkREMEIzMTc1Qzk2MUI2Q0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwtO3MbALsf/wJSgEAYEfYBonh
CvgBZbRlFiMZnVqAb/DKQvpn4KKSXfAt8VU4cmbUp2L0bQxuuAG+sYtm8eS9rP9d
00J+sTDlmyibU5e6Uh2zSWkb9+uz9H7UJTEtTlloL8v3uyjd+6FdrECbnh1UpAoZ
m9c+/TDLji9M2sSwI4oiKjqxVmz22vjMeeGFBdtn8sXFyUTnkW2YqscYJHHaejFr
Fr1Zb9AQu176MJzCofYW+xSZzfXv5BvGiVNLwppGpR3+3bPduA7gT2O4wEXUsDi6
eF0FId24oUl8PJzTqS5rKrPVhyt1YUDoKVLvfyGjx6CtuwzpLW/Zt7ixZkc3AgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUO4h4A3O3E8/EaDYi3QsxdclhtsswHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzIxNTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAC11rYD
BAC11twwDQYJKoZIhvcNAQELBQADggEBAGI/4Ur1auIz9/CIbSV6Jie/JYOpemPs
X9Bm74cgE0cRqRPXuDwipFaWS+b/go0MSq47yjKPkh+lijXmFjK1wEuqVIwTD3nM
CqtyD0UGVUSjG7frnPsykN0XIChMhsxv09yIBO36ZleOib+7oQZpIhM2ONrEUN61
qX4KuXJ9/9M/sg81S5mCTgYpHEvLzcM1PbwxIo+HgIuOFKne3jXNde+sBn1n6a+z
LQAy703HhXoS2rZNwIpSz/zOYnjK+lrx5U7CGU5JlFBV59Io0AZPkuo11fAxxmnH
9zEwIm2bGq0WjKuXpXe/Wx2UEtQZ61Uy5zwsmHas8boblQ2+6Psqu0w=
-----END CERTIFICATE-----