Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS57397.roa
File:                     AS57397.roa (raw, json)
Hash identifier:          daiSMZ/Buq4ieRPlwvQuHA/BLdkS2El0I3JEFdK/BUk=
Subject key identifier:   A4:C8:0C:3F:74:B4:6D:E7:F5:95:C9:5F:A3:84:1E:B0:DA:07:DB:CA
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       088683C733ECC4707384A5E3F051EE0925635DF0
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS57397.roa
Signing time:             Fri 20 Jun 2025 14:27:48 +0000
ROA not before:           Fri 20 Jun 2025 14:22:48 +0000
ROA not after:            Fri 19 Jun 2026 14:27:48 +0000
asID:                     57397
IP address blocks:        185.231.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:86:83:c7:33:ec:c4:70:73:84:a5:e3:f0:51:ee:09:25:63:5d:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Jun 20 14:22:48 2025 GMT
            Not After : Jun 19 14:27:48 2026 GMT
        Subject: CN=A4C80C3F74B46DE7F595C95FA3841EB0DA07DBCA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:8e:d8:a1:a3:cb:ea:7c:7b:a1:30:14:51:ac:
                    f5:93:77:41:3c:3a:b0:94:71:76:9f:00:e4:4a:8c:
                    fb:93:57:a5:54:c3:72:63:cb:77:ac:1f:9b:0c:05:
                    23:21:a1:99:2d:2d:f7:c2:ed:44:5d:79:3b:74:49:
                    ea:86:b4:c4:94:0b:1b:a4:72:79:2c:0a:c1:12:6f:
                    7c:23:90:c6:e7:a0:19:8d:b9:ec:f5:b3:a2:d4:b2:
                    66:92:23:17:a1:e3:24:61:ec:aa:63:50:cc:81:80:
                    e9:e7:ec:fc:da:22:51:31:b8:b1:86:62:50:b5:e9:
                    ff:b7:25:a5:57:bf:a3:81:23:bd:87:16:a1:da:a0:
                    75:63:57:dc:41:a3:d7:31:1c:20:d7:c3:21:9a:5b:
                    4a:f4:ec:e1:ac:47:70:71:2d:93:56:48:4f:d2:0b:
                    5b:16:c0:ab:8a:f7:13:8a:2d:c0:c7:db:a4:ba:95:
                    98:25:31:56:fd:f1:2f:b8:ff:c6:b2:a3:51:f7:dd:
                    30:0d:c3:94:bb:af:7b:86:d4:bd:bc:4f:7b:d3:f1:
                    67:f4:e6:6b:99:cf:69:6e:5c:46:5f:49:b6:81:57:
                    a9:8e:43:cd:32:c7:9f:67:61:aa:05:e6:8b:bd:39:
                    99:49:15:eb:5f:e7:b9:03:5d:e4:db:e3:37:7c:a7:
                    b9:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:C8:0C:3F:74:B4:6D:E7:F5:95:C9:5F:A3:84:1E:B0:DA:07:DB:CA
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS57397.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.231.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:bf:a0:ca:61:5e:09:d6:48:6d:23:94:b0:db:1b:99:76:f4:
         f6:cb:f5:4f:87:ce:6b:49:dd:84:55:c4:0f:dc:a5:f7:7d:1d:
         5f:a4:90:dc:af:55:7b:84:d0:13:e5:e9:3c:12:58:85:e0:a3:
         d9:8d:4b:d8:bf:ae:f0:eb:00:2c:5f:87:ca:19:26:ad:59:52:
         0b:85:9c:55:4f:40:3d:8b:e9:fc:a4:43:d9:9b:ba:a8:2e:58:
         a3:39:a5:3b:9f:5d:07:f7:8d:54:1a:a2:2f:fc:a6:c9:7f:e4:
         02:a6:83:36:b7:9e:a8:88:6f:fb:d2:8c:95:b1:6e:90:5c:29:
         89:ed:66:73:b0:00:28:85:5f:97:e6:86:af:1e:b0:05:8a:c8:
         9e:47:8e:a9:64:28:b2:07:69:72:28:d1:7d:f1:07:24:3d:6f:
         f5:f3:37:67:7d:14:e6:61:6b:d4:33:e7:bf:2f:64:71:b2:d2:
         86:a8:1b:0f:2b:d7:b3:f1:04:19:c8:69:3c:dd:23:e3:41:dd:
         f9:78:cd:58:e8:c1:35:b1:24:35:c3:67:50:96:bd:b9:3b:c6:
         5d:7e:ac:e2:4f:35:73:13:32:51:21:97:bc:eb:ff:4d:a5:dc:
         fe:4e:45:a0:88:9e:17:8e:90:78:69:3f:55:ab:5f:ae:dd:ff:
         a9:3c:af:60
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUCIaDxzPsxHBzhKXj8FHuCSVjXfAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTA2MjAxNDIyNDhaFw0yNjA2MTkxNDI3NDhaMDMxMTAvBgNV
BAMTKEE0QzgwQzNGNzRCNDZERTdGNTk1Qzk1RkEzODQxRUIwREEwN0RCQ0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyjtiho8vqfHuhMBRRrPWTd0E8
OrCUcXafAORKjPuTV6VUw3Jjy3esH5sMBSMhoZktLffC7URdeTt0SeqGtMSUCxuk
cnksCsESb3wjkMbnoBmNuez1s6LUsmaSIxeh4yRh7KpjUMyBgOnn7PzaIlExuLGG
YlC16f+3JaVXv6OBI72HFqHaoHVjV9xBo9cxHCDXwyGaW0r07OGsR3BxLZNWSE/S
C1sWwKuK9xOKLcDH26S6lZglMVb98S+4/8ayo1H33TANw5S7r3uG1L28T3vT8Wf0
5muZz2luXEZfSbaBV6mOQ80yx59nYaoF5ou9OZlJFetf57kDXeTb4zd8p7lJAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUpMgMP3S0bef1lclfo4QesNoH28owHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTNTczOTcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC55+Aw
DQYJKoZIhvcNAQELBQADggEBAKS/oMphXgnWSG0jlLDbG5l29PbL9U+HzmtJ3YRV
xA/cpfd9HV+kkNyvVXuE0BPl6TwSWIXgo9mNS9i/rvDrACxfh8oZJq1ZUguFnFVP
QD2L6fykQ9mbuqguWKM5pTufXQf3jVQaoi/8psl/5AKmgza3nqiIb/vSjJWxbpBc
KYntZnOwACiFX5fmhq8esAWKyJ5HjqlkKLIHaXIo0X3xByQ9b/XzN2d9FOZha9Qz
578vZHGy0oaoGw8r17PxBBnIaTzdI+NB3fl4zVjowTWxJDXDZ1CWvbk7xl1+rOJP
NXMTMlEhl7zr/02l3P5ORaCInheOkHhpP1WrX67d/6k8r2A=
-----END CERTIFICATE-----