Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS135391.roa
File:                     AS135391.roa (raw, json)
Hash identifier:          g/gwfWfK6LHsz/F78BQP/+INwKlZgJocLOUumDfknxg=
Subject key identifier:   32:40:66:5C:1F:2B:66:78:4B:14:D1:78:72:3E:94:69:12:56:E4:CA
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       302FDA0EC5F4768F8823A6DD7F6FC5F66225400D
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS135391.roa
Signing time:             Mon 23 Jun 2025 07:54:11 +0000
ROA not before:           Mon 23 Jun 2025 07:49:11 +0000
ROA not after:            Mon 22 Jun 2026 07:54:11 +0000
asID:                     135391
IP address blocks:        181.214.21.0/24 maxlen: 24
                          181.215.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 01:56:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:2f:da:0e:c5:f4:76:8f:88:23:a6:dd:7f:6f:c5:f6:62:25:40:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 23 07:49:11 2025 GMT
            Not After : Jun 22 07:54:11 2026 GMT
        Subject: CN=3240665C1F2B66784B14D178723E94691256E4CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:c0:44:77:2d:a2:8b:fa:8c:34:47:5f:45:9a:
                    67:3c:d9:f7:4e:fd:e3:06:a4:3c:d1:08:60:de:8b:
                    ce:82:71:7c:e8:d2:b8:d8:b0:af:27:bb:b8:4e:cd:
                    11:28:6f:ba:4b:4a:86:d6:39:70:df:ba:4c:ca:cc:
                    ea:32:f3:86:9e:72:ed:98:8c:8d:d6:6f:8d:85:ec:
                    64:ed:9d:5c:f1:c3:ef:6d:56:87:d8:5b:c6:57:18:
                    b5:03:33:72:95:f5:ad:b8:27:30:74:79:f2:cd:6e:
                    52:4e:96:44:50:73:57:57:29:74:91:1f:2f:e5:2f:
                    bf:be:39:ac:8f:f9:97:d0:4e:a6:b6:b1:13:02:02:
                    c2:ec:13:30:28:47:2a:a5:bd:10:72:67:96:ee:f4:
                    fd:45:11:e2:c2:19:11:6a:cc:2b:9a:e5:e6:44:3e:
                    db:74:bc:44:4b:6e:d8:79:48:75:61:d7:b6:a8:10:
                    b7:17:65:8e:f2:1a:64:12:c7:9c:9e:6a:87:f6:0c:
                    88:a8:11:54:56:05:ec:65:54:0d:32:83:0c:22:af:
                    74:15:85:46:3e:84:d8:74:ae:0c:a2:9e:f0:34:a1:
                    03:3b:3e:b8:ec:c5:51:d3:f5:e9:39:44:16:1c:1a:
                    68:d0:41:2f:3f:ef:47:0d:4a:da:c4:47:39:5c:d3:
                    b7:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:40:66:5C:1F:2B:66:78:4B:14:D1:78:72:3E:94:69:12:56:E4:CA
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS135391.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.21.0/24
                  181.215.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:d8:f5:4f:ad:ed:f0:9f:67:25:80:e8:37:78:ad:04:a7:52:
         09:be:b5:49:9c:00:82:b0:a2:96:7a:59:6f:2e:d5:02:4b:0c:
         5f:03:79:bf:91:12:f0:96:4f:94:ce:e4:a0:26:cd:01:3d:38:
         37:71:64:ab:60:76:f0:f2:79:17:94:47:4d:18:18:df:20:61:
         cc:f8:93:5f:42:18:ca:80:3e:fc:d8:55:7b:0e:f5:fe:53:44:
         47:98:14:46:0e:20:c3:4f:bf:39:ee:f5:a5:17:b6:32:de:05:
         ea:26:23:ce:3f:52:df:8b:46:31:ae:35:79:65:f5:4d:5c:3b:
         a8:75:a5:24:e1:a6:c8:d7:81:db:96:c8:86:f8:b4:4b:e4:69:
         20:ad:cd:b7:d9:4f:fd:11:36:58:72:e0:40:8f:65:c8:46:95:
         70:72:e8:9a:21:e2:86:90:cf:44:94:fa:5b:c1:f0:f4:93:7f:
         7c:69:1c:58:5e:8e:a7:8b:c3:c5:db:67:3b:b0:c0:49:3f:1c:
         2e:a5:a8:73:27:59:6f:33:4c:d6:89:49:34:d1:12:25:b6:18:
         62:b5:7d:71:99:df:31:97:c5:13:c7:fc:b9:fd:90:ce:f3:e6:
         61:f0:dc:04:0f:4f:e9:0c:f2:bc:33:0b:c4:a8:ca:6b:bb:57:
         b4:cf:2e:df
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUMC/aDsX0do+II6bdf2/F9mIlQA0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MjMwNzQ5MTFaFw0yNjA2MjIwNzU0MTFaMDMxMTAvBgNV
BAMTKDMyNDA2NjVDMUYyQjY2Nzg0QjE0RDE3ODcyM0U5NDY5MTI1NkU0Q0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDwER3LaKL+ow0R19Fmmc82fdO
/eMGpDzRCGDei86CcXzo0rjYsK8nu7hOzREob7pLSobWOXDfukzKzOoy84aecu2Y
jI3Wb42F7GTtnVzxw+9tVofYW8ZXGLUDM3KV9a24JzB0efLNblJOlkRQc1dXKXSR
Hy/lL7++OayP+ZfQTqa2sRMCAsLsEzAoRyqlvRByZ5bu9P1FEeLCGRFqzCua5eZE
Ptt0vERLbth5SHVh17aoELcXZY7yGmQSx5yeaof2DIioEVRWBexlVA0ygwwir3QV
hUY+hNh0rgyinvA0oQM7PrjsxVHT9ek5RBYcGmjQQS8/70cNStrERzlc07dTAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUMkBmXB8rZnhLFNF4cj6UaRJW5MowHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTM1MzkxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAtdYV
AwQAtdc4MA0GCSqGSIb3DQEBCwUAA4IBAQB62PVPre3wn2clgOg3eK0Ep1IJvrVJ
nACCsKKWellvLtUCSwxfA3m/kRLwlk+UzuSgJs0BPTg3cWSrYHbw8nkXlEdNGBjf
IGHM+JNfQhjKgD782FV7DvX+U0RHmBRGDiDDT7857vWlF7Yy3gXqJiPOP1Lfi0Yx
rjV5ZfVNXDuodaUk4abI14HblsiG+LRL5Gkgrc232U/9ETZYcuBAj2XIRpVwcuia
IeKGkM9ElPpbwfD0k398aRxYXo6ni8PF22c7sMBJPxwupahzJ1lvM0zWiUk00RIl
thhitX1xmd8xl8UTx/y5/ZDO8+Zh8NwED0/pDPK8MwvEqMpru1e0zy7f
-----END CERTIFICATE-----