Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS267507.roa
File:                     AS267507.roa (raw, json)
Hash identifier:          7dgk5wKm2PWgd2kaMGWqlBPyR+STeVHLdPuXgq7/3jo=
Subject key identifier:   58:32:5E:22:E9:BF:F8:A4:BE:CA:51:75:7C:30:B5:A8:05:DC:68:3C
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       46DB4F6B63284857A3D186AB242092AF9DA778AC
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS267507.roa
Signing time:             Fri 05 Sep 2025 14:42:48 +0000
ROA not before:           Fri 05 Sep 2025 14:37:48 +0000
ROA not after:            Fri 04 Sep 2026 14:42:48 +0000
asID:                     267507
IP address blocks:        191.96.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:db:4f:6b:63:28:48:57:a3:d1:86:ab:24:20:92:af:9d:a7:78:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Sep  5 14:37:48 2025 GMT
            Not After : Sep  4 14:42:48 2026 GMT
        Subject: CN=58325E22E9BFF8A4BECA51757C30B5A805DC683C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c7:ea:9f:d1:d8:6f:7c:68:d8:09:e1:57:70:
                    65:d4:4f:ce:31:c7:4c:70:11:e1:78:d4:e7:7c:3a:
                    45:d5:6d:19:52:bd:a1:0f:c0:35:84:ec:0e:cf:fb:
                    e3:3f:eb:4c:1a:03:0e:cd:2b:9b:94:86:10:60:8a:
                    72:f4:21:1e:fb:d3:32:5c:0d:d5:51:f8:f1:c9:57:
                    04:45:8c:38:c5:45:dd:ad:28:a3:15:e1:f0:30:64:
                    73:a3:65:16:ba:5a:f7:d6:2b:3d:04:e7:70:d3:65:
                    8d:cf:66:3a:25:62:57:8a:98:47:15:76:af:7f:8f:
                    1b:b1:4f:a6:3c:c8:04:5f:5a:5f:e3:af:94:e4:54:
                    53:35:44:ce:fa:22:2f:9e:f0:c4:42:3b:6b:25:da:
                    5d:31:2a:2f:8e:89:68:a8:8e:d2:54:cc:57:89:f1:
                    25:9b:4a:a7:fd:ad:66:ea:6d:02:9e:69:98:e0:a2:
                    13:87:34:2f:98:82:01:a6:d1:02:6b:25:cf:a3:8b:
                    52:74:5f:20:8a:55:f4:b7:09:b3:27:63:1d:55:d5:
                    32:08:2d:8d:1b:0c:8d:f4:ed:55:cb:b0:02:f9:30:
                    84:b4:4d:f5:26:2e:ba:ab:58:30:52:f7:3d:b9:b4:
                    74:cf:96:d8:6a:7f:c3:56:60:02:ed:75:65:25:89:
                    f5:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:32:5E:22:E9:BF:F8:A4:BE:CA:51:75:7C:30:B5:A8:05:DC:68:3C
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS267507.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:ce:31:df:1a:b3:43:ef:b7:eb:17:2a:21:7e:1f:44:0d:ec:
         74:f8:f2:3d:44:ca:2f:1b:f9:8b:ce:91:65:aa:ae:5f:cf:96:
         b5:93:32:9d:6e:c8:10:8f:fb:ba:ab:aa:12:d4:e9:65:b2:77:
         10:b7:ac:d8:1b:f0:4e:21:41:37:c3:03:7f:e2:33:b6:b8:02:
         1c:94:57:52:c4:06:15:3e:c4:1d:76:c3:95:68:70:94:ac:66:
         ca:13:6b:1f:50:37:01:df:de:5b:09:7d:ee:73:ef:e6:c3:5d:
         ec:88:11:5e:9a:a5:58:f4:e5:fd:38:6e:ac:50:82:b7:71:8e:
         d0:d9:f5:c9:90:46:ea:8a:d8:25:71:51:03:7c:30:cd:44:08:
         40:c9:a5:fb:ff:2e:29:65:e4:98:68:3a:7d:fa:3e:b5:62:f7:
         1b:64:ef:e4:5f:96:f3:8c:87:62:d4:50:59:34:4f:f7:25:7f:
         45:b1:46:fb:42:f9:88:c1:a7:53:92:58:05:b2:0e:fe:21:c4:
         ee:da:3c:02:7b:ba:2b:fc:e5:92:0b:f8:97:52:26:3d:26:38:
         51:c4:fc:9b:e1:fc:07:9d:0d:70:a1:fa:4d:03:9b:89:6a:22:
         26:31:0e:bc:6b:c7:c6:f0:a8:7a:ed:3c:63:41:5d:0b:e5:32:
         53:88:42:a8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURttPa2MoSFej0YarJCCSr52neKwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA5MDUxNDM3NDhaFw0yNjA5MDQxNDQyNDhaMDMxMTAvBgNV
BAMTKDU4MzI1RTIyRTlCRkY4QTRCRUNBNTE3NTdDMzBCNUE4MDVEQzY4M0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1x+qf0dhvfGjYCeFXcGXUT84x
x0xwEeF41Od8OkXVbRlSvaEPwDWE7A7P++M/60waAw7NK5uUhhBginL0IR770zJc
DdVR+PHJVwRFjDjFRd2tKKMV4fAwZHOjZRa6WvfWKz0E53DTZY3PZjolYleKmEcV
dq9/jxuxT6Y8yARfWl/jr5TkVFM1RM76Ii+e8MRCO2sl2l0xKi+OiWiojtJUzFeJ
8SWbSqf9rWbqbQKeaZjgohOHNC+YggGm0QJrJc+ji1J0XyCKVfS3CbMnYx1V1TII
LY0bDI307VXLsAL5MIS0TfUmLrqrWDBS9z25tHTPlthqf8NWYALtdWUlifXPAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUWDJeIum/+KS+ylF1fDC1qAXcaDwwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjY3NTA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2AO
MA0GCSqGSIb3DQEBCwUAA4IBAQCJzjHfGrND77frFyohfh9EDex0+PI9RMovG/mL
zpFlqq5fz5a1kzKdbsgQj/u6q6oS1OllsncQt6zYG/BOIUE3wwN/4jO2uAIclFdS
xAYVPsQddsOVaHCUrGbKE2sfUDcB395bCX3uc+/mw13siBFemqVY9OX9OG6sUIK3
cY7Q2fXJkEbqitglcVEDfDDNRAhAyaX7/y4pZeSYaDp9+j61YvcbZO/kX5bzjIdi
1FBZNE/3JX9FsUb7QvmIwadTklgFsg7+IcTu2jwCe7or/OWSC/iXUiY9JjhRxPyb
4fwHnQ1wofpNA5uJaiImMQ68a8fG8Kh67TxjQV0L5TJTiEKo
-----END CERTIFICATE-----