Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS30475.roa
File:                     AS30475.roa (raw, json)
Hash identifier:          81omT5ESyxew0e/Oj0MNxveY7tLsY+7kH6vojyxZK2w=
Subject key identifier:   30:47:85:6C:01:E0:E3:1F:2D:F6:10:B1:EF:48:B4:CB:DF:B8:64:5C
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       0F22EFA9581D156880FB6819BD3FD1EE0D2146C3
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS30475.roa
Signing time:             Thu 21 Mar 2024 19:05:14 +0000
ROA not before:           Thu 21 Mar 2024 19:00:14 +0000
ROA not after:            Thu 20 Mar 2025 19:05:14 +0000
asID:                     30475
IP address blocks:        45.95.15.0/24 maxlen: 24
                          185.170.40.0/24 maxlen: 24
                          193.7.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:22:ef:a9:58:1d:15:68:80:fb:68:19:bd:3f:d1:ee:0d:21:46:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 21 19:00:14 2024 GMT
            Not After : Mar 20 19:05:14 2025 GMT
        Subject: CN=3047856C01E0E31F2DF610B1EF48B4CBDFB8645C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:98:b6:d4:3a:5f:9e:18:27:eb:0d:8d:ea:ab:
                    46:cc:c8:79:b4:62:29:45:4e:55:5b:1a:3b:ce:97:
                    9f:ea:88:37:67:93:ef:9e:16:d1:bc:87:93:0f:ba:
                    7a:e7:12:3a:e0:db:7b:d9:e1:9d:b4:9e:f8:18:9a:
                    d1:23:24:1c:28:88:9c:20:6f:89:5e:59:43:81:48:
                    c5:c7:01:b9:6f:6b:a2:d2:0d:28:5f:5f:be:72:06:
                    29:88:12:e2:23:fc:65:70:71:62:1e:ba:bf:2e:dc:
                    16:c3:5b:6b:b9:63:ab:c3:cd:9c:55:50:11:62:e4:
                    a9:fa:89:95:0b:75:22:c8:e1:f0:89:86:a0:ea:6d:
                    64:b0:25:bf:a4:ef:ab:be:cd:f0:42:e0:2b:b3:18:
                    39:1a:af:30:4e:a8:10:a8:68:67:1f:59:67:1f:e6:
                    38:36:2e:01:83:62:51:f6:9b:96:ab:6b:ef:46:d9:
                    27:96:ef:03:24:b4:7a:74:21:88:bb:1a:6c:f4:84:
                    8f:b2:33:13:e7:62:7d:f4:48:d3:3e:0e:19:c7:8d:
                    1f:fc:95:29:05:1b:48:f7:fd:78:fc:15:87:6f:58:
                    79:a8:12:62:15:4f:4f:1f:ef:d1:ce:4e:c6:3d:2e:
                    d5:1d:ed:b9:f5:a0:35:87:3b:02:ac:67:15:8b:69:
                    24:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:47:85:6C:01:E0:E3:1F:2D:F6:10:B1:EF:48:B4:CB:DF:B8:64:5C
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS30475.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.15.0/24
                  185.170.40.0/24
                  193.7.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:e1:db:e1:17:32:d9:20:f4:d9:27:b7:35:39:20:44:46:09:
         d5:04:8b:5c:0f:b0:7a:2f:5c:46:28:11:ab:fc:0d:7c:92:03:
         e0:6d:50:a9:43:61:45:22:eb:4c:fb:b8:3c:f9:f4:ad:8e:49:
         f2:6a:7e:62:3f:21:e3:ce:31:51:89:ab:e9:40:a2:d1:42:16:
         65:52:26:e9:7e:0f:1d:c3:e9:1a:a5:8c:a7:b6:48:a6:b0:ee:
         ce:17:ff:83:d1:fe:34:dd:c8:53:48:fd:c8:33:8e:eb:ad:9b:
         04:a4:b2:87:90:c7:35:e3:57:10:00:44:df:54:b7:2a:00:f0:
         39:f6:6e:ea:57:0b:12:da:9a:8f:ea:79:d1:03:b5:81:01:31:
         80:eb:ec:1a:a3:5c:5a:b6:8d:22:cf:e9:3e:cc:25:bf:2b:d3:
         1d:fd:04:e8:d3:65:8d:e1:9e:f8:0a:b7:63:f5:50:54:34:53:
         9d:fe:60:8a:bf:a8:35:27:31:d7:d6:1d:f8:be:d4:27:92:b7:
         f4:bd:e4:85:e5:3f:fd:db:6f:ae:f7:d0:9b:0f:f7:86:b5:83:
         29:c4:c4:84:47:97:a8:52:76:83:55:80:23:78:1e:28:4a:17:
         cc:16:9b:3d:77:d2:4a:c7:41:e2:0a:30:bb:a8:11:ad:41:87:
         7a:1e:58:54
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUDyLvqVgdFWiA+2gZvT/R7g0hRsMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAzMjExOTAwMTRaFw0yNTAzMjAxOTA1MTRaMDMxMTAvBgNV
BAMTKDMwNDc4NTZDMDFFMEUzMUYyREY2MTBCMUVGNDhCNENCREZCODY0NUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcmLbUOl+eGCfrDY3qq0bMyHm0
YilFTlVbGjvOl5/qiDdnk++eFtG8h5MPunrnEjrg23vZ4Z20nvgYmtEjJBwoiJwg
b4leWUOBSMXHAblva6LSDShfX75yBimIEuIj/GVwcWIeur8u3BbDW2u5Y6vDzZxV
UBFi5Kn6iZULdSLI4fCJhqDqbWSwJb+k76u+zfBC4CuzGDkarzBOqBCoaGcfWWcf
5jg2LgGDYlH2m5ara+9G2SeW7wMktHp0IYi7Gmz0hI+yMxPnYn30SNM+DhnHjR/8
lSkFG0j3/Xj8FYdvWHmoEmIVT08f79HOTsY9LtUd7bn1oDWHOwKsZxWLaSRnAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUMEeFbAHg4x8t9hCx70i0y9+4ZFwwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzA0NzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAAtXw8D
BAC5qigDBADBB8gwDQYJKoZIhvcNAQELBQADggEBAFXh2+EXMtkg9NkntzU5IERG
CdUEi1wPsHovXEYoEav8DXySA+BtUKlDYUUi60z7uDz59K2OSfJqfmI/IePOMVGJ
q+lAotFCFmVSJul+Dx3D6RqljKe2SKaw7s4X/4PR/jTdyFNI/cgzjuutmwSksoeQ
xzXjVxAARN9UtyoA8Dn2bupXCxLamo/qedEDtYEBMYDr7BqjXFq2jSLP6T7MJb8r
0x39BOjTZY3hnvgKt2P1UFQ0U53+YIq/qDUnMdfWHfi+1CeSt/S95IXlP/3bb673
0JsP94a1gynExIRHl6hSdoNVgCN4HihKF8wWmz130krHQeIKMLuoEa1Bh3oeWFQ=
-----END CERTIFICATE-----