Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS53356.roa
File:                     AS53356.roa (raw, json)
Hash identifier:          rjNfST9epGyqGcAJbeKwtVBSMG7zTNJnwDBg7aqYUKI=
Subject key identifier:   2D:8F:AC:E9:89:86:03:06:D6:25:D1:9C:7F:63:36:AD:2C:7C:AE:85
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4408454B73837115B02F85E841FE569EF32C162D
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS53356.roa
Signing time:             Fri 20 Jun 2025 00:00:06 +0000
ROA not before:           Thu 19 Jun 2025 23:55:06 +0000
ROA not after:            Fri 19 Jun 2026 00:00:06 +0000
asID:                     53356
IP address blocks:        181.214.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 01:56:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:08:45:4b:73:83:71:15:b0:2f:85:e8:41:fe:56:9e:f3:2c:16:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 19 23:55:06 2025 GMT
            Not After : Jun 19 00:00:06 2026 GMT
        Subject: CN=2D8FACE989860306D625D19C7F6336AD2C7CAE85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:a2:ea:e3:7a:70:f7:00:b4:08:5b:14:c9:2c:
                    d2:52:a4:09:8f:32:c4:8d:e9:4e:87:c2:99:69:ff:
                    c7:89:32:7c:fb:cf:9b:b5:22:4b:7b:75:aa:ec:3a:
                    95:32:b4:70:9e:9f:49:d6:9a:75:b9:35:62:26:66:
                    f3:39:21:8e:ca:3e:21:34:80:93:ec:37:e0:f1:1d:
                    b5:ef:6c:59:ca:f2:ab:c9:14:3a:ba:25:9b:43:92:
                    f2:bd:1b:2a:08:ce:07:cd:ea:cb:ed:13:59:00:d7:
                    b3:11:6f:be:c1:20:2c:97:cd:9a:6a:e4:32:33:88:
                    a6:9c:70:7e:08:a3:cc:11:d3:2f:fa:c3:79:38:34:
                    a1:87:fa:b6:b0:90:49:f4:4a:0e:05:e2:3c:ba:c8:
                    38:67:af:80:13:d7:5f:92:22:20:af:67:99:5f:65:
                    ae:2f:ec:d5:52:69:92:af:4f:db:9a:8b:43:5c:a1:
                    49:5d:4d:03:0c:e2:a5:39:11:40:89:4d:9a:35:fe:
                    60:5a:d4:96:f4:3e:c9:b6:22:51:c3:4c:90:3f:fb:
                    73:a1:30:bf:f1:ed:24:eb:07:97:88:95:83:2a:81:
                    04:ea:f5:6a:d0:1c:af:a5:73:63:9e:b6:27:3b:79:
                    28:3a:e1:66:c1:7b:20:8e:21:28:a1:e7:8c:45:f4:
                    91:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:8F:AC:E9:89:86:03:06:D6:25:D1:9C:7F:63:36:AD:2C:7C:AE:85
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS53356.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:68:49:96:a7:11:ab:ab:aa:a6:e8:c3:2d:64:df:a0:8f:33:
         6b:d3:f0:b3:ca:c2:23:1e:49:4d:6a:76:b9:93:0d:a4:f5:49:
         9b:02:76:d0:b5:65:54:34:10:13:67:92:df:fc:6e:03:41:ba:
         7d:7b:9b:7f:7a:f1:e3:80:0e:26:85:3b:a6:5e:2c:d3:6b:dd:
         c0:49:9f:ac:f1:ad:e5:79:f8:24:26:39:c0:ad:b4:80:22:98:
         77:32:19:46:2c:d6:0d:a3:ef:94:1c:26:02:54:97:fa:5c:f4:
         25:7c:f4:c9:1f:81:f7:13:85:2f:46:b7:df:9a:e4:cb:1a:7f:
         be:bc:23:53:26:c5:cd:a1:73:2d:bb:98:b1:e1:cb:72:e3:ef:
         e9:44:ea:e7:b3:bc:2e:ba:1a:af:20:4d:a9:33:85:fe:50:b8:
         76:db:d1:b1:5d:7f:25:01:8a:59:a3:b2:93:0e:d8:a8:a0:0c:
         6f:e4:d5:e7:07:6d:01:c0:93:4f:eb:e4:eb:1a:a1:ec:89:b9:
         eb:33:e0:85:77:24:ab:c9:ee:7d:da:c0:c3:94:11:ca:c4:aa:
         f8:63:12:62:f0:4f:7d:22:80:9c:47:ad:de:c6:84:cc:49:6f:
         05:10:b3:2c:10:c8:7e:b2:72:4b:ea:8c:b0:b5:39:13:a3:09:
         be:f4:5a:eb
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIURAhFS3ODcRWwL4XoQf5WnvMsFi0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MTkyMzU1MDZaFw0yNjA2MTkwMDAwMDZaMDMxMTAvBgNV
BAMTKDJEOEZBQ0U5ODk4NjAzMDZENjI1RDE5QzdGNjMzNkFEMkM3Q0FFODUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSourjenD3ALQIWxTJLNJSpAmP
MsSN6U6Hwplp/8eJMnz7z5u1Ikt7darsOpUytHCen0nWmnW5NWImZvM5IY7KPiE0
gJPsN+DxHbXvbFnK8qvJFDq6JZtDkvK9GyoIzgfN6svtE1kA17MRb77BICyXzZpq
5DIziKaccH4Io8wR0y/6w3k4NKGH+rawkEn0Sg4F4jy6yDhnr4AT11+SIiCvZ5lf
Za4v7NVSaZKvT9uai0NcoUldTQMM4qU5EUCJTZo1/mBa1Jb0Psm2IlHDTJA/+3Oh
ML/x7STrB5eIlYMqgQTq9WrQHK+lc2Oetic7eSg64WbBeyCOISih54xF9JGHAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQULY+s6YmGAwbWJdGcf2M2rSx8roUwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTMzNTYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC11icw
DQYJKoZIhvcNAQELBQADggEBAG5oSZanEaurqqbowy1k36CPM2vT8LPKwiMeSU1q
drmTDaT1SZsCdtC1ZVQ0EBNnkt/8bgNBun17m3968eOADiaFO6ZeLNNr3cBJn6zx
reV5+CQmOcCttIAimHcyGUYs1g2j75QcJgJUl/pc9CV89MkfgfcThS9Gt9+a5Msa
f768I1Mmxc2hcy27mLHhy3Lj7+lE6uezvC66Gq8gTakzhf5QuHbb0bFdfyUBilmj
spMO2KigDG/k1ecHbQHAk0/r5OsaoeyJuesz4IV3JKvJ7n3awMOUEcrEqvhjEmLw
T30igJxHrd7GhMxJbwUQsywQyH6yckvqjLC1OROjCb70Wus=
-----END CERTIFICATE-----