Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS213060.roa
File:                     AS213060.roa (raw, json)
Hash identifier:          xovNJeeymJCEvilsYavzxqbNELdt/GZJlpRutdjarR0=
Subject key identifier:   94:6D:0D:D5:79:A9:C9:05:54:4C:F5:78:48:7E:91:BC:57:60:EB:F6
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       17C2371EDC51D0FB0755112FB5D05CAD99144AF8
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS213060.roa
Signing time:             Wed 07 May 2025 07:20:04 +0000
ROA not before:           Wed 07 May 2025 07:15:04 +0000
ROA not after:            Wed 06 May 2026 07:20:04 +0000
asID:                     213060
IP address blocks:        185.137.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 May 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:c2:37:1e:dc:51:d0:fb:07:55:11:2f:b5:d0:5c:ad:99:14:4a:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May  7 07:15:04 2025 GMT
            Not After : May  6 07:20:04 2026 GMT
        Subject: CN=946D0DD579A9C905544CF578487E91BC5760EBF6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:70:5d:af:85:1b:37:d7:29:63:c1:32:a2:80:
                    5d:3c:ab:98:ce:43:21:8f:3c:89:b1:f4:31:60:32:
                    89:2c:38:c2:37:c0:be:38:97:67:0f:1b:84:5e:f9:
                    e5:10:dd:9d:ea:6e:df:27:a4:76:56:f6:d9:0c:19:
                    80:3c:cb:14:b2:23:ea:3b:c9:6f:3c:f2:36:b3:38:
                    9c:83:20:9d:e7:fb:91:bc:4b:54:91:71:d1:7a:85:
                    c5:ea:d9:cc:db:85:5d:d9:82:e0:34:72:fe:aa:07:
                    86:11:18:06:45:61:cb:43:aa:bd:68:84:4f:c2:51:
                    9a:07:9c:16:09:e0:8a:4b:3d:1b:44:71:6a:c0:95:
                    95:16:7d:d6:10:a3:f9:90:28:f1:b1:47:2a:ae:53:
                    a1:63:b8:79:4f:3b:6b:6e:f9:d9:8b:0c:b9:2f:83:
                    94:e5:1c:d4:ef:49:41:31:0b:86:dc:fe:e5:64:80:
                    bc:2c:93:0c:d4:df:c9:7e:47:0a:60:93:62:d0:0f:
                    d0:65:5f:de:23:b9:ee:f1:66:05:f4:7e:88:aa:e3:
                    3d:21:00:a2:81:61:89:5c:c9:fd:39:36:be:f3:0c:
                    6f:b1:d3:ec:b9:e7:5f:0e:4e:7c:3e:e1:cf:37:a9:
                    fa:fa:cd:ad:81:59:12:36:b3:c4:b8:0b:39:ea:04:
                    69:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:6D:0D:D5:79:A9:C9:05:54:4C:F5:78:48:7E:91:BC:57:60:EB:F6
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS213060.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.137.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:57:7d:69:85:52:5d:d7:d0:2d:12:5a:b4:de:83:1b:66:2c:
         62:87:4c:01:a5:ae:ce:b3:de:99:71:8a:fd:cb:84:4f:6a:58:
         e6:c5:fd:e9:8f:89:a8:88:f2:e9:4c:84:ad:88:79:76:a8:b6:
         2d:5e:31:88:ed:4e:b8:69:1e:d4:b7:ac:31:aa:b7:3c:90:08:
         75:fa:e9:11:94:d5:7e:1e:67:93:ad:3b:44:79:81:2e:57:12:
         e5:d4:18:53:5b:f9:ce:b4:f6:f0:bc:6d:cc:c8:73:81:eb:c3:
         4d:ea:53:16:cf:18:b9:0e:f7:41:96:b3:bc:de:74:6d:dd:33:
         d6:b6:19:14:9b:5e:5b:32:1e:de:7d:81:75:97:75:bf:ec:25:
         af:e5:21:d4:03:95:29:b0:5f:cc:54:d6:c9:33:2e:1a:4e:04:
         b8:20:8a:b8:6d:e1:95:3f:79:12:41:2b:5a:6a:3c:8b:2f:27:
         d2:e2:cb:44:7e:d5:b7:ac:a2:b8:96:f7:d0:b8:2c:ad:c6:5d:
         46:4f:de:08:e2:4a:d1:cc:a6:78:ce:91:82:bf:f1:5a:32:5d:
         69:e7:f5:d4:1e:20:ca:54:cc:09:97:8d:32:ed:b6:a7:9c:6f:
         01:4b:77:44:8e:23:d6:e0:60:de:65:e0:2d:98:e7:6f:e6:df:
         8b:92:fd:11
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUF8I3HtxR0PsHVREvtdBcrZkUSvgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA1MDcwNzE1MDRaFw0yNjA1MDYwNzIwMDRaMDMxMTAvBgNV
BAMTKDk0NkQwREQ1NzlBOUM5MDU1NDRDRjU3ODQ4N0U5MUJDNTc2MEVCRjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCucF2vhRs31yljwTKigF08q5jO
QyGPPImx9DFgMoksOMI3wL44l2cPG4Re+eUQ3Z3qbt8npHZW9tkMGYA8yxSyI+o7
yW888jazOJyDIJ3n+5G8S1SRcdF6hcXq2czbhV3ZguA0cv6qB4YRGAZFYctDqr1o
hE/CUZoHnBYJ4IpLPRtEcWrAlZUWfdYQo/mQKPGxRyquU6FjuHlPO2tu+dmLDLkv
g5TlHNTvSUExC4bc/uVkgLwskwzU38l+Rwpgk2LQD9BlX94jue7xZgX0foiq4z0h
AKKBYYlcyf05Nr7zDG+x0+y5518OTnw+4c83qfr6za2BWRI2s8S4CznqBGnDAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUlG0N1XmpyQVUTPV4SH6RvFdg6/YwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjEzMDYwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYkP
MA0GCSqGSIb3DQEBCwUAA4IBAQAqV31phVJd19AtElq03oMbZixih0wBpa7Os96Z
cYr9y4RPaljmxf3pj4moiPLpTIStiHl2qLYtXjGI7U64aR7Ut6wxqrc8kAh1+ukR
lNV+HmeTrTtEeYEuVxLl1BhTW/nOtPbwvG3MyHOB68NN6lMWzxi5DvdBlrO83nRt
3TPWthkUm15bMh7efYF1l3W/7CWv5SHUA5UpsF/MVNbJMy4aTgS4IIq4beGVP3kS
QStaajyLLyfS4stEftW3rKK4lvfQuCytxl1GT94I4krRzKZ4zpGCv/FaMl1p5/XU
HiDKVMwJl40y7bannG8BS3dEjiPW4GDeZeAtmOdv5t+Lkv0R
-----END CERTIFICATE-----