Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS18796.roa
File:                     AS18796.roa (raw, json)
Hash identifier:          mk5ogy5AhoM2Tei5FQ6RCmZKkbLdbMGYfIu/TdjjbYU=
Subject key identifier:   69:39:7C:9F:E7:63:3A:E8:86:E7:98:2B:A3:CC:FB:25:2E:83:68:E1
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       39CCEC90576B78EDE327BF620EAB487AEB14AAA8
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS18796.roa
Signing time:             Tue 07 Jan 2025 00:01:09 +0000
ROA not before:           Mon 06 Jan 2025 23:56:09 +0000
ROA not after:            Tue 06 Jan 2026 00:01:09 +0000
asID:                     18796
IP address blocks:        191.96.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 07:05:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:cc:ec:90:57:6b:78:ed:e3:27:bf:62:0e:ab:48:7a:eb:14:aa:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan  6 23:56:09 2025 GMT
            Not After : Jan  6 00:01:09 2026 GMT
        Subject: CN=69397C9FE7633AE886E7982BA3CCFB252E8368E1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:a9:e4:d2:1e:7b:29:ff:38:69:c5:bd:c8:38:
                    40:b8:19:6c:34:02:23:5e:1d:75:2f:52:4a:46:f2:
                    a8:87:fc:31:0c:02:aa:57:74:ea:1c:34:9c:79:6e:
                    38:0a:4d:5d:b6:14:ec:9e:28:66:31:c4:60:86:bf:
                    63:ef:33:38:d3:7b:2e:27:84:ba:69:6f:79:b1:b1:
                    0e:44:cd:f8:3b:65:f2:f9:e9:9e:0f:2c:5f:eb:75:
                    93:1a:1c:7c:a3:31:63:5b:dc:fb:44:9d:a6:4a:45:
                    15:fd:76:b2:ee:6a:21:83:fa:76:41:bc:61:09:18:
                    3d:b0:74:0f:39:64:34:c5:ec:d4:98:bf:44:c7:9a:
                    00:f2:f3:5f:16:d0:9e:9a:6e:70:c2:55:86:98:3f:
                    db:0b:30:58:d2:72:5e:15:f2:2b:26:a4:4c:4d:71:
                    b4:b6:a0:4d:96:a9:fa:1e:2f:ee:31:ee:db:49:76:
                    86:f8:c5:08:f6:39:95:fa:ff:3c:9c:b4:6f:26:13:
                    71:fa:59:5a:7d:cc:60:d5:73:84:eb:f8:23:c1:4f:
                    87:8c:b6:3d:18:e5:24:43:b4:49:00:9e:a8:5a:57:
                    ed:3e:13:f8:37:82:97:65:55:7e:91:87:56:b4:83:
                    0f:a6:6d:a4:b7:3a:dd:ab:66:b5:83:2b:fd:f7:42:
                    41:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:39:7C:9F:E7:63:3A:E8:86:E7:98:2B:A3:CC:FB:25:2E:83:68:E1
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS18796.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:c1:68:83:32:52:b7:5f:69:ef:ae:ac:b0:3c:b9:01:3e:de:
         76:ca:c4:ac:a3:8e:c8:d8:5d:c2:91:87:44:a5:cc:4a:90:12:
         b9:58:ea:74:59:c6:48:4d:9d:57:e3:77:d8:6c:01:07:55:e7:
         d5:72:02:e6:fb:f7:7c:e1:e0:b7:c9:45:54:ed:c0:31:76:04:
         28:64:2f:12:e3:0d:4d:ae:88:52:b7:79:ca:78:cc:ab:cc:ae:
         30:c9:18:5f:d3:52:c3:ce:69:4c:33:3a:e8:48:05:1f:8b:cf:
         98:ee:bb:b8:fa:9e:31:a3:f8:51:6d:c0:1e:c3:d6:43:af:f7:
         bd:cd:85:bd:a3:f3:3b:34:50:11:2e:60:b1:e9:b7:a5:6a:99:
         2a:fd:72:8d:b9:93:3c:05:f6:3f:8a:1b:b2:5e:90:21:06:c8:
         8f:67:de:05:f8:2b:15:1c:fc:66:fb:7a:7e:1e:95:55:3e:6b:
         f5:20:cf:91:e5:09:82:d6:59:aa:bf:8a:19:a1:77:dd:45:b4:
         79:e8:28:fc:be:43:d1:68:a6:35:58:e1:ef:4e:40:71:4d:3f:
         79:ff:9d:98:73:2b:8e:ed:9f:73:13:1f:91:b7:90:ff:02:26:
         1a:6e:36:36:b1:31:99:27:db:bb:04:0b:91:29:11:89:be:4b:
         0b:90:aa:06
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUOczskFdreO3jJ79iDqtIeusUqqgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAxMDYyMzU2MDlaFw0yNjAxMDYwMDAxMDlaMDMxMTAvBgNV
BAMTKDY5Mzk3QzlGRTc2MzNBRTg4NkU3OTgyQkEzQ0NGQjI1MkU4MzY4RTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTqeTSHnsp/zhpxb3IOEC4GWw0
AiNeHXUvUkpG8qiH/DEMAqpXdOocNJx5bjgKTV22FOyeKGYxxGCGv2PvMzjTey4n
hLppb3mxsQ5Ezfg7ZfL56Z4PLF/rdZMaHHyjMWNb3PtEnaZKRRX9drLuaiGD+nZB
vGEJGD2wdA85ZDTF7NSYv0THmgDy818W0J6abnDCVYaYP9sLMFjScl4V8ismpExN
cbS2oE2WqfoeL+4x7ttJdob4xQj2OZX6/zyctG8mE3H6WVp9zGDVc4Tr+CPBT4eM
tj0Y5SRDtEkAnqhaV+0+E/g3gpdlVX6Rh1a0gw+mbaS3Ot2rZrWDK/33QkFnAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUaTl8n+djOuiG55gro8z7JS6DaOEwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTg3OTYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/YOcw
DQYJKoZIhvcNAQELBQADggEBAKvBaIMyUrdfae+urLA8uQE+3nbKxKyjjsjYXcKR
h0SlzEqQErlY6nRZxkhNnVfjd9hsAQdV59VyAub793zh4LfJRVTtwDF2BChkLxLj
DU2uiFK3ecp4zKvMrjDJGF/TUsPOaUwzOuhIBR+Lz5juu7j6njGj+FFtwB7D1kOv
973Nhb2j8zs0UBEuYLHpt6VqmSr9co25kzwF9j+KG7JekCEGyI9n3gX4KxUc/Gb7
en4elVU+a/Ugz5HlCYLWWaq/ihmhd91FtHnoKPy+Q9FopjVY4e9OQHFNP3n/nZhz
K47tn3MTH5G3kP8CJhpuNjaxMZkn27sEC5EpEYm+SwuQqgY=
-----END CERTIFICATE-----