Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS133944.roa
File:                     AS133944.roa (raw, json)
Hash identifier:          MQcBlE35lzkGa40Q6KEL47xFcwl8mkRVXPfxujA8CWE=
Subject key identifier:   55:5A:BC:72:11:67:A4:BA:8B:94:6E:31:FD:40:7F:EC:B9:21:92:2F
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       13F9B672B0DDFAD15050533E261B3829F6891A3D
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS133944.roa
Signing time:             Thu 12 Jun 2025 14:16:40 +0000
ROA not before:           Thu 12 Jun 2025 14:11:40 +0000
ROA not after:            Thu 11 Jun 2026 14:16:40 +0000
asID:                     133944
IP address blocks:        2a0a:a607::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 01:56:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:f9:b6:72:b0:dd:fa:d1:50:50:53:3e:26:1b:38:29:f6:89:1a:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 12 14:11:40 2025 GMT
            Not After : Jun 11 14:16:40 2026 GMT
        Subject: CN=555ABC721167A4BA8B946E31FD407FECB921922F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:1f:fb:f3:10:94:c0:bf:ad:37:24:59:29:ff:
                    c9:f8:2d:d9:37:fd:0e:b7:eb:cc:bc:1f:26:49:a9:
                    10:19:73:42:40:4c:b7:3a:1a:87:7d:15:50:0c:a0:
                    5a:75:96:d9:08:83:f8:41:84:d6:2d:1d:b5:a6:30:
                    9d:f0:53:30:6d:56:01:39:d4:0e:6c:89:ef:b9:4e:
                    21:a7:5b:a3:1b:fa:8b:50:10:84:5b:f9:ff:50:37:
                    1a:8a:01:2a:fd:1f:61:8c:fd:d9:37:92:25:3c:3b:
                    9e:63:26:f8:b1:7f:d1:c3:9d:70:7a:c7:4c:f7:33:
                    43:45:00:68:64:7d:fb:15:48:ac:23:57:dc:d6:2d:
                    f7:21:7a:cb:49:95:52:0f:c4:c4:c5:15:c3:a0:57:
                    11:70:fc:b8:f8:e0:e6:b1:62:d6:92:37:5f:30:53:
                    93:6d:19:4c:33:f0:31:13:2d:79:6d:ac:db:cb:0a:
                    07:13:9b:36:30:75:32:75:77:80:65:0d:01:7e:34:
                    55:1f:ef:13:10:ac:9b:89:0f:67:70:68:a0:2f:44:
                    cf:14:c1:f4:4f:52:fa:73:a2:ef:2b:f6:de:d2:d8:
                    f4:33:23:ac:0b:f8:33:54:21:49:3e:4b:0f:c5:e4:
                    1e:ad:82:da:84:74:c0:92:30:41:26:b7:31:a6:c9:
                    3d:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:5A:BC:72:11:67:A4:BA:8B:94:6E:31:FD:40:7F:EC:B9:21:92:2F
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS133944.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:a607::/32

    Signature Algorithm: sha256WithRSAEncryption
         53:63:ed:58:3c:ef:f6:d9:aa:15:e4:66:48:ea:13:04:fd:b4:
         56:fe:9c:1a:70:77:ba:e8:e8:5c:e1:fe:64:1d:82:69:a4:9d:
         38:ce:c3:e1:ce:e7:af:b6:26:09:aa:a4:2f:00:80:b3:05:fb:
         ad:ce:10:79:65:d7:dd:34:39:e0:cc:3d:47:e7:7c:db:6f:df:
         27:15:68:1b:80:37:2b:b5:f3:fe:94:a5:0d:5f:70:5f:7f:1f:
         31:db:e1:b6:eb:9e:a0:2d:28:f9:04:4d:9d:8b:61:25:33:2e:
         73:f1:6d:b0:12:f4:ab:04:91:eb:49:e9:d0:1c:16:6e:aa:4d:
         fe:44:43:67:68:9f:66:56:03:bb:59:3e:3a:a8:91:85:13:a3:
         47:14:ee:8c:5c:d2:19:f7:a5:e1:ff:9f:f0:e3:73:f0:9d:c4:
         1c:20:f5:b4:37:5a:2f:08:5e:b4:a9:b1:d9:86:c8:7c:18:ea:
         9b:35:bb:eb:8e:f4:37:2b:ed:2d:d4:63:09:39:ba:b9:d6:0d:
         d1:28:9d:26:53:e3:44:3f:16:e1:1d:7a:f8:ae:9d:85:3a:48:
         71:0e:8f:f4:6f:c7:54:05:87:1b:74:d5:4a:d7:3c:33:05:14:
         df:98:4c:95:12:bb:e6:c8:4f:c5:0e:a9:d4:7a:70:a1:95:d5:
         64:09:d0:c3
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIUE/m2crDd+tFQUFM+Jhs4KfaJGj0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MTIxNDExNDBaFw0yNjA2MTExNDE2NDBaMDMxMTAvBgNV
BAMTKDU1NUFCQzcyMTE2N0E0QkE4Qjk0NkUzMUZENDA3RkVDQjkyMTkyMkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAH/vzEJTAv603JFkp/8n4Ldk3
/Q6368y8HyZJqRAZc0JATLc6God9FVAMoFp1ltkIg/hBhNYtHbWmMJ3wUzBtVgE5
1A5sie+5TiGnW6Mb+otQEIRb+f9QNxqKASr9H2GM/dk3kiU8O55jJvixf9HDnXB6
x0z3M0NFAGhkffsVSKwjV9zWLfchestJlVIPxMTFFcOgVxFw/Lj44OaxYtaSN18w
U5NtGUwz8DETLXltrNvLCgcTmzYwdTJ1d4BlDQF+NFUf7xMQrJuJD2dwaKAvRM8U
wfRPUvpzou8r9t7S2PQzI6wL+DNUIUk+Sw/F5B6tgtqEdMCSMEEmtzGmyT2tAgMB
AAGjggILMIICBzAdBgNVHQ4EFgQUVVq8chFnpLqLlG4x/UB/7Lkhki8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTMzOTQ0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgqm
BzANBgkqhkiG9w0BAQsFAAOCAQEAU2PtWDzv9tmqFeRmSOoTBP20Vv6cGnB3uujo
XOH+ZB2CaaSdOM7D4c7nr7YmCaqkLwCAswX7rc4QeWXX3TQ54Mw9R+d822/fJxVo
G4A3K7Xz/pSlDV9wX38fMdvhtuueoC0o+QRNnYthJTMuc/FtsBL0qwSR60np0BwW
bqpN/kRDZ2ifZlYDu1k+OqiRhROjRxTujFzSGfel4f+f8ONz8J3EHCD1tDdaLwhe
tKmx2YbIfBjqmzW76470NyvtLdRjCTm6udYN0SidJlPjRD8W4R16+K6dhTpIcQ6P
9G/HVAWHG3TVStc8MwUU35hMlRK75shPxQ6p1HpwoZXVZAnQww==
-----END CERTIFICATE-----