Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214025.roa
File:                     AS214025.roa (raw, json)
Hash identifier:          FHbxeiIOfnwmKk7vNSe5wuxfZPJ9Z9DLzE6EyeEKay4=
Subject key identifier:   28:C5:D3:DD:11:12:82:58:44:A3:2E:9B:12:64:E9:4C:78:0A:57:0E
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5C679D91A2992C5D5162630E977A668F66C8099F
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214025.roa
Signing time:             Mon 05 May 2025 17:08:26 +0000
ROA not before:           Mon 05 May 2025 17:03:26 +0000
ROA not after:            Mon 04 May 2026 17:08:26 +0000
asID:                     214025
IP address blocks:        179.61.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:67:9d:91:a2:99:2c:5d:51:62:63:0e:97:7a:66:8f:66:c8:09:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May  5 17:03:26 2025 GMT
            Not After : May  4 17:08:26 2026 GMT
        Subject: CN=28C5D3DD1112825844A32E9B1264E94C780A570E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:27:b8:70:15:d9:9c:bc:de:4c:f0:e8:1f:de:
                    cf:97:54:4d:3f:35:31:c8:7b:b0:21:47:d5:45:f6:
                    38:4b:08:b4:42:b2:c8:fe:a0:44:7f:e4:a3:dc:cf:
                    f2:ff:66:79:74:b7:ff:7b:e5:33:4a:39:d3:c7:6b:
                    f5:c3:be:4f:d9:70:77:68:73:58:60:4e:c2:05:4f:
                    a0:a4:e4:6c:00:31:6c:3a:93:d6:83:49:58:b2:84:
                    9d:54:ba:05:b6:a6:0d:1b:9a:84:25:83:e3:a2:f9:
                    15:b8:63:b3:bd:36:b1:e8:5a:97:fb:64:4d:7e:82:
                    3b:3a:42:0b:53:ae:4c:72:7e:63:3d:4a:9a:dc:00:
                    0b:be:cd:02:bd:91:4e:b6:00:94:3e:c4:a9:a6:0d:
                    f4:8c:e1:eb:c9:a4:15:e5:0f:e8:ab:a3:e9:82:9d:
                    67:7e:25:4b:63:dd:4f:e1:28:63:d9:1c:b2:01:e0:
                    3b:29:d8:e9:7a:b2:a5:3d:5e:15:56:8d:0b:01:d4:
                    d6:f3:fc:bf:bd:1e:5c:f6:22:c8:18:00:5b:a9:1e:
                    18:b8:8c:1f:d2:8a:f7:26:e3:79:43:c8:cb:99:6c:
                    45:10:c7:99:36:33:24:9e:9a:e6:79:a0:44:7a:dd:
                    73:0e:37:61:9b:f8:ce:f7:b3:6f:e0:96:61:0c:88:
                    05:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:C5:D3:DD:11:12:82:58:44:A3:2E:9B:12:64:E9:4C:78:0A:57:0E
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214025.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:a9:56:dd:d8:ef:01:48:47:a1:fb:27:86:af:e6:47:ae:6e:
         0a:d7:a5:6f:67:99:91:28:02:56:07:83:e8:90:8f:9b:64:1c:
         ac:d3:15:d2:00:c5:21:37:9c:28:b4:ae:56:62:ec:60:1d:e2:
         c1:28:fe:9d:af:e3:f5:97:74:c5:c5:11:79:2d:04:69:ae:bb:
         30:31:7f:cf:45:2f:8c:f4:3a:54:b7:d8:7b:96:cb:0e:e5:90:
         0a:46:3f:5b:4f:e7:3a:a6:1b:31:c4:2b:82:44:34:19:7e:2e:
         1b:c1:36:62:3c:bc:96:94:82:13:ad:b6:6c:4e:25:cf:d9:e0:
         3f:fb:47:8f:f6:8e:44:45:c8:2d:60:3a:3d:64:e0:39:05:22:
         db:21:e9:e3:02:e1:21:43:3d:a4:5f:84:1f:a7:11:c7:89:f2:
         b6:d1:ec:3c:37:ee:71:80:ef:9a:63:9b:5f:0e:9c:b4:0e:98:
         67:2e:ee:9c:54:6d:d1:4a:48:09:1d:e0:d6:aa:d6:67:d8:74:
         82:5a:e8:89:db:1a:6f:96:eb:56:a1:59:65:31:00:f7:73:71:
         b1:72:cd:e0:4c:c1:b4:eb:74:bb:b3:fd:94:98:68:07:c1:f3:
         87:c9:3c:6f:52:e0:ad:39:9d:fa:a7:db:b1:f7:2d:30:1d:21:
         b8:7d:fe:27
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUXGedkaKZLF1RYmMOl3pmj2bICZ8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA1MDUxNzAzMjZaFw0yNjA1MDQxNzA4MjZaMDMxMTAvBgNV
BAMTKDI4QzVEM0REMTExMjgyNTg0NEEzMkU5QjEyNjRFOTRDNzgwQTU3MEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHJ7hwFdmcvN5M8Ogf3s+XVE0/
NTHIe7AhR9VF9jhLCLRCssj+oER/5KPcz/L/Znl0t/975TNKOdPHa/XDvk/ZcHdo
c1hgTsIFT6Ck5GwAMWw6k9aDSViyhJ1UugW2pg0bmoQlg+Oi+RW4Y7O9NrHoWpf7
ZE1+gjs6QgtTrkxyfmM9SprcAAu+zQK9kU62AJQ+xKmmDfSM4evJpBXlD+iro+mC
nWd+JUtj3U/hKGPZHLIB4Dsp2Ol6sqU9XhVWjQsB1Nbz/L+9Hlz2IsgYAFupHhi4
jB/Sivcm43lDyMuZbEUQx5k2MySemuZ5oER63XMON2Gb+M73s2/glmEMiAXhAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUKMXT3RESglhEoy6bEmTpTHgKVw4wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE0MDI1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsz25
MA0GCSqGSIb3DQEBCwUAA4IBAQA7qVbd2O8BSEeh+yeGr+ZHrm4K16VvZ5mRKAJW
B4PokI+bZBys0xXSAMUhN5wotK5WYuxgHeLBKP6dr+P1l3TFxRF5LQRprrswMX/P
RS+M9DpUt9h7lssO5ZAKRj9bT+c6phsxxCuCRDQZfi4bwTZiPLyWlIITrbZsTiXP
2eA/+0eP9o5ERcgtYDo9ZOA5BSLbIenjAuEhQz2kX4QfpxHHifK20ew8N+5xgO+a
Y5tfDpy0DphnLu6cVG3RSkgJHeDWqtZn2HSCWuiJ2xpvlutWoVllMQD3c3Gxcs3g
TMG063S7s/2UmGgHwfOHyTxvUuCtOZ36p9ux9y0wHSG4ff4n
-----END CERTIFICATE-----