Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS28753.roa
File:                     AS28753.roa (raw, json)
Hash identifier:          zNRyph2ot04h4hpR+XT2M15QcakLp8CKXAYTxzUi2AU=
Subject key identifier:   BE:5A:5C:39:6C:DF:4C:0C:EB:66:5B:88:2D:EC:AC:19:17:42:99:AA
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3DB6287D47F5BA2C17388B80C2C384EB66A60E88
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS28753.roa
Signing time:             Wed 31 Jan 2024 08:05:08 +0000
ROA not before:           Wed 31 Jan 2024 08:00:08 +0000
ROA not after:            Wed 29 Jan 2025 08:05:08 +0000
asID:                     28753
IP address blocks:        45.137.119.0/24 maxlen: 24
                          92.118.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:b6:28:7d:47:f5:ba:2c:17:38:8b:80:c2:c3:84:eb:66:a6:0e:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:08 2024 GMT
            Not After : Jan 29 08:05:08 2025 GMT
        Subject: CN=BE5A5C396CDF4C0CEB665B882DECAC19174299AA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:a3:7d:cd:6b:8e:d3:09:c8:5d:63:f3:c4:6a:
                    d2:9f:49:ef:5b:4c:42:f2:58:66:1e:78:cb:64:f1:
                    8d:93:c9:6e:b1:d9:94:1d:87:80:f6:64:e3:c8:b9:
                    42:55:57:49:35:8f:ca:7c:9d:84:ae:9c:3e:25:f1:
                    3f:f8:80:d2:0a:82:b0:57:6c:21:e8:36:99:9c:8d:
                    d0:61:80:91:3d:36:79:fe:5c:15:6e:fe:0b:1c:72:
                    34:1b:d2:27:4e:62:20:51:12:1e:32:e7:c0:0f:75:
                    f2:2a:17:93:f3:43:e2:64:e4:b9:63:9a:8b:de:3e:
                    29:f3:d9:72:61:87:a3:28:ac:5c:9c:55:78:03:c6:
                    39:d1:a1:08:a1:1b:91:78:f4:94:89:69:1f:62:d0:
                    d5:e5:45:4f:fa:d7:b8:b3:e1:5d:f1:ba:71:a5:c8:
                    f9:80:d7:2d:41:d1:66:fa:81:08:f9:59:d3:2a:6c:
                    15:77:89:39:c6:97:93:b4:22:78:8b:be:fe:d9:fd:
                    67:ae:01:44:e9:58:92:50:df:75:02:0d:9a:b6:a4:
                    7b:a2:09:af:26:bb:11:cf:44:df:da:87:fa:a1:15:
                    6a:15:6b:55:13:a5:3e:24:69:89:91:64:00:29:6a:
                    22:c3:e1:d4:c0:ae:61:aa:c8:da:e2:03:50:16:b2:
                    a1:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:5A:5C:39:6C:DF:4C:0C:EB:66:5B:88:2D:EC:AC:19:17:42:99:AA
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS28753.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.119.0/24
                  92.118.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:ba:cc:62:b6:a8:52:11:44:48:db:d8:c7:9b:98:bb:6d:7b:
         6a:f9:7f:9c:05:9c:ba:1d:53:b9:79:f3:1d:8a:43:63:1c:70:
         5d:04:f9:d3:fa:4e:47:f9:1a:d9:a8:cc:cf:bf:64:fe:2f:39:
         fc:70:fd:41:82:c1:99:fa:84:e4:54:82:1e:21:d9:d2:f5:fd:
         ec:4a:ea:f0:cb:ea:03:42:ad:75:e3:4e:bf:c5:5e:a2:d0:f6:
         3c:6c:4a:e5:30:5b:2f:d1:c7:92:1d:f5:c8:83:6a:e2:58:64:
         2f:bb:67:79:50:ae:e7:b1:e1:6c:b2:a0:a0:73:b5:95:b7:7c:
         26:1d:b1:c4:40:50:7a:76:02:cd:46:95:8c:74:cd:fd:ea:5b:
         0d:3f:e7:67:8d:fb:de:3e:07:af:ca:f4:43:94:f7:01:53:41:
         62:01:50:18:08:2e:6c:9c:34:ac:4b:a6:4e:f1:eb:af:55:8d:
         d2:aa:0c:fc:5c:2d:78:7f:8c:fd:a0:5f:fc:72:99:5c:87:4a:
         39:2f:eb:c6:48:1a:f4:b5:57:6a:28:be:98:79:2a:56:cb:eb:
         68:b9:bf:bb:7d:1d:53:cf:aa:68:10:a1:43:5c:ad:92:6a:4f:
         44:b7:0d:66:89:2d:28:a3:be:ff:71:b5:24:30:02:5d:ca:3d:
         64:b8:d1:51
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUPbYofUf1uiwXOIuAwsOE62amDogwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMDhaFw0yNTAxMjkwODA1MDhaMDMxMTAvBgNV
BAMTKEJFNUE1QzM5NkNERjRDMENFQjY2NUI4ODJERUNBQzE5MTc0Mjk5QUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLo33Na47TCchdY/PEatKfSe9b
TELyWGYeeMtk8Y2TyW6x2ZQdh4D2ZOPIuUJVV0k1j8p8nYSunD4l8T/4gNIKgrBX
bCHoNpmcjdBhgJE9Nnn+XBVu/gsccjQb0idOYiBREh4y58APdfIqF5PzQ+Jk5Llj
movePinz2XJhh6MorFycVXgDxjnRoQihG5F49JSJaR9i0NXlRU/617iz4V3xunGl
yPmA1y1B0Wb6gQj5WdMqbBV3iTnGl5O0IniLvv7Z/WeuAUTpWJJQ33UCDZq2pHui
Ca8muxHPRN/ah/qhFWoVa1UTpT4kaYmRZAApaiLD4dTArmGqyNriA1AWsqFhAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUvlpcOWzfTAzrZluILeysGRdCmaowHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjg3NTMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAtiXcD
BABcdqMwDQYJKoZIhvcNAQELBQADggEBABC6zGK2qFIRREjb2MebmLtte2r5f5wF
nLodU7l58x2KQ2MccF0E+dP6Tkf5GtmozM+/ZP4vOfxw/UGCwZn6hORUgh4h2dL1
/exK6vDL6gNCrXXjTr/FXqLQ9jxsSuUwWy/Rx5Id9ciDauJYZC+7Z3lQruex4Wyy
oKBztZW3fCYdscRAUHp2As1GlYx0zf3qWw0/52eN+94+B6/K9EOU9wFTQWIBUBgI
LmycNKxLpk7x669VjdKqDPxcLXh/jP2gX/xymVyHSjkv68ZIGvS1V2oovph5KlbL
62i5v7t9HVPPqmgQoUNcrZJqT0S3DWaJLSijvv9xtSQwAl3KPWS40VE=
-----END CERTIFICATE-----