Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205733.roa
File:                     AS205733.roa (raw, json)
Hash identifier:          xxwkAj/WdLcGmBWSZQUWRh4hs+T9ZE4IHN8xduRqyPs=
Subject key identifier:   40:B3:A4:19:D5:DE:76:93:AD:98:67:79:71:C2:C2:D1:09:22:EE:A7
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7943545CA3815C1613412E1E279F4C815694BB84
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205733.roa
Signing time:             Sat 19 Apr 2025 23:54:02 +0000
ROA not before:           Sat 19 Apr 2025 23:49:02 +0000
ROA not after:            Sat 18 Apr 2026 23:54:02 +0000
asID:                     205733
IP address blocks:        149.62.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 May 2025 21:15:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:43:54:5c:a3:81:5c:16:13:41:2e:1e:27:9f:4c:81:56:94:bb:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr 19 23:49:02 2025 GMT
            Not After : Apr 18 23:54:02 2026 GMT
        Subject: CN=40B3A419D5DE7693AD98677971C2C2D10922EEA7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:27:0d:11:11:4b:79:56:32:96:da:f8:24:02:
                    86:a1:cd:42:56:1f:78:57:9b:21:05:5b:21:6e:cd:
                    59:d1:d1:26:b7:b6:1d:bc:04:05:de:0a:24:f0:75:
                    3d:86:24:26:af:e5:69:fd:63:0c:84:c3:1f:a7:1b:
                    18:8a:40:ef:ce:af:45:88:fc:be:9b:90:03:28:c5:
                    04:74:b4:53:88:bc:84:b4:dd:f0:63:d4:5c:61:e8:
                    42:98:74:57:08:9d:ff:24:5e:88:2a:de:9b:23:8f:
                    3e:50:19:f7:6c:3d:2f:68:49:15:99:07:00:3b:71:
                    cc:0f:a9:0e:d0:9b:da:f6:62:24:2b:1f:52:a7:a6:
                    b8:d2:f9:b9:fd:3d:74:30:a7:ce:c7:9d:5a:af:27:
                    0a:26:69:c0:4d:37:ab:ee:81:2e:7e:6b:2a:da:4c:
                    ae:01:0b:a6:fb:f8:bd:27:72:af:02:c4:e9:33:87:
                    c3:fb:b2:96:45:15:00:3d:62:b9:54:8e:43:22:d6:
                    bf:21:23:cc:4d:e8:e1:1f:7a:88:20:ed:b5:c8:f1:
                    04:a8:fc:7e:72:93:28:20:f8:31:47:25:25:49:77:
                    38:5d:0d:53:14:58:8d:19:99:ad:a0:43:2a:c1:31:
                    ef:84:6e:fc:1b:f1:43:d4:ff:82:b9:25:1f:c4:df:
                    c0:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:B3:A4:19:D5:DE:76:93:AD:98:67:79:71:C2:C2:D1:09:22:EE:A7
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.62.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:10:b7:ab:75:f1:ef:fa:9e:26:6a:b0:94:05:b1:7f:4c:f0:
         df:9e:e3:ae:89:fd:90:00:a5:36:0a:f2:39:32:07:a9:e1:be:
         c6:2e:79:8c:6f:a9:29:ee:10:c7:b0:ef:6c:e0:83:be:48:e3:
         53:bd:03:94:70:fb:f7:10:fe:77:7f:14:ef:87:5c:c3:bc:81:
         0f:54:34:ec:e6:ca:8e:1e:0e:5c:ed:57:ef:5d:41:db:48:97:
         5f:da:f6:ba:a2:45:49:f2:d8:14:85:b5:0e:00:d8:85:6f:5d:
         c1:d5:3c:91:f6:2b:64:29:f9:4c:4f:a9:fa:69:c4:25:b0:a7:
         09:12:e8:59:bf:ea:da:c3:b8:c9:f2:11:32:49:5e:10:1e:43:
         f2:9c:24:76:41:86:b1:ae:2d:20:8c:67:2b:1d:92:75:03:e9:
         83:80:76:cf:28:07:bc:82:4f:84:da:8b:23:06:57:64:6a:ad:
         ca:75:16:e1:95:8c:16:65:71:85:2f:fb:80:e9:1d:5d:01:89:
         73:33:11:e7:5c:64:9e:38:7c:6a:e9:3e:2c:97:7e:4c:ed:89:
         dc:3b:1b:71:69:47:13:09:2d:d6:e0:43:35:fb:76:37:69:1f:
         be:2a:ce:3b:26:4a:bc:af:01:7f:f0:4e:46:b0:e8:48:bb:ad:
         00:4f:6e:58
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUeUNUXKOBXBYTQS4eJ59MgVaUu4QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA0MTkyMzQ5MDJaFw0yNjA0MTgyMzU0MDJaMDMxMTAvBgNV
BAMTKDQwQjNBNDE5RDVERTc2OTNBRDk4Njc3OTcxQzJDMkQxMDkyMkVFQTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcJw0REUt5VjKW2vgkAoahzUJW
H3hXmyEFWyFuzVnR0Sa3th28BAXeCiTwdT2GJCav5Wn9YwyEwx+nGxiKQO/Or0WI
/L6bkAMoxQR0tFOIvIS03fBj1Fxh6EKYdFcInf8kXogq3psjjz5QGfdsPS9oSRWZ
BwA7ccwPqQ7Qm9r2YiQrH1KnprjS+bn9PXQwp87HnVqvJwomacBNN6vugS5+ayra
TK4BC6b7+L0ncq8CxOkzh8P7spZFFQA9YrlUjkMi1r8hI8xN6OEfeogg7bXI8QSo
/H5ykygg+DFHJSVJdzhdDVMUWI0Zma2gQyrBMe+Ebvwb8UPU/4K5JR/E38CXAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUQLOkGdXedpOtmGd5ccLC0Qki7qcwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA1NzMzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlT4o
MA0GCSqGSIb3DQEBCwUAA4IBAQASELerdfHv+p4marCUBbF/TPDfnuOuif2QAKU2
CvI5Mgep4b7GLnmMb6kp7hDHsO9s4IO+SONTvQOUcPv3EP53fxTvh1zDvIEPVDTs
5sqOHg5c7VfvXUHbSJdf2va6okVJ8tgUhbUOANiFb13B1TyR9itkKflMT6n6acQl
sKcJEuhZv+raw7jJ8hEySV4QHkPynCR2QYaxri0gjGcrHZJ1A+mDgHbPKAe8gk+E
2osjBldkaq3KdRbhlYwWZXGFL/uA6R1dAYlzMxHnXGSeOHxq6T4sl35M7YncOxtx
aUcTCS3W4EM1+3Y3aR++Ks47Jkq8rwF/8E5GsOhIu60AT25Y
-----END CERTIFICATE-----