Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS36530.roa
File:                     AS36530.roa (raw, json)
Hash identifier:          7NuNjoeWrXSnVoGuuktRKMdM85AGcDMisBY8ari10dc=
Subject key identifier:   72:87:73:34:5B:77:CA:63:F8:3A:13:24:CA:77:C9:43:7D:F6:86:1F
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       438263D29F39EF5D06548156454AAFD98F3A2AB3
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS36530.roa
Signing time:             Tue 24 Sep 2024 04:58:16 +0000
ROA not before:           Tue 24 Sep 2024 04:53:16 +0000
ROA not after:            Tue 23 Sep 2025 04:58:16 +0000
asID:                     36530
IP address blocks:        179.61.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 19:54:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:82:63:d2:9f:39:ef:5d:06:54:81:56:45:4a:af:d9:8f:3a:2a:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Sep 24 04:53:16 2024 GMT
            Not After : Sep 23 04:58:16 2025 GMT
        Subject: CN=728773345B77CA63F83A1324CA77C9437DF6861F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:1f:97:94:0f:ae:50:60:6f:da:db:9d:fa:41:
                    60:ca:70:cc:6e:56:1d:7a:f4:e0:da:c1:90:23:4b:
                    f4:61:e6:86:9d:f5:bc:6b:16:aa:05:71:b8:da:eb:
                    f1:21:8f:5b:ca:68:26:a2:b7:65:68:90:19:5d:b8:
                    8a:3d:21:f9:98:59:4d:42:ac:23:4e:cc:5f:5f:01:
                    5e:f9:63:be:c0:df:cb:f3:7d:43:dd:3a:f0:04:8e:
                    6d:ef:8b:b1:cf:2b:f6:24:8c:54:cc:24:6e:66:8b:
                    72:7f:58:f8:fd:56:39:fe:87:56:fe:20:fe:c9:a8:
                    43:f0:53:19:74:1e:23:1d:1f:be:21:e7:fc:72:8f:
                    dd:e4:4f:e8:cb:85:6a:dd:bd:6a:20:53:1c:ae:03:
                    4d:45:fb:72:3d:e4:4d:33:1e:e1:6d:3d:6f:ac:ba:
                    1d:4e:35:e4:3b:71:ca:02:65:df:92:8d:70:1e:8b:
                    35:b5:cc:b5:28:5a:4a:f8:c4:06:07:08:2a:b7:a3:
                    3e:e2:c9:78:39:86:9b:3a:14:4e:eb:24:ba:70:70:
                    0f:15:8a:cc:e2:09:31:85:c7:6b:c3:ea:69:cb:ab:
                    54:9b:2e:cf:1a:56:80:c0:0c:73:3c:70:fa:ba:60:
                    2e:73:3d:b2:21:36:8e:ab:75:54:00:79:eb:ee:58:
                    93:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:87:73:34:5B:77:CA:63:F8:3A:13:24:CA:77:C9:43:7D:F6:86:1F
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS36530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:a5:08:0d:d4:0d:0a:fa:aa:e3:1d:55:71:49:18:28:a0:69:
         dc:24:13:0d:2d:7c:51:b7:c8:90:9e:33:73:1c:4c:d3:14:69:
         8e:ff:49:8a:fe:8e:f0:c7:f1:1f:c2:aa:8b:3a:cb:63:94:25:
         19:b1:a3:2d:bd:64:74:3c:6c:e0:44:7e:33:bb:2b:79:94:08:
         04:b0:16:61:2f:bc:2c:ad:a9:e0:4d:ad:81:a1:c1:75:9e:d7:
         66:23:07:1f:27:2a:d5:24:99:0e:06:03:6e:93:01:8a:ca:17:
         b8:83:43:eb:60:63:5c:31:71:10:14:9c:3d:a6:4d:96:b0:c0:
         2a:ac:04:d3:ea:d2:94:7d:41:8a:93:64:bf:31:1d:43:6c:eb:
         30:8e:93:82:ee:10:1d:fa:da:97:7a:62:4b:57:52:c0:24:6b:
         a4:32:3c:44:21:fd:cc:50:1d:5b:38:94:b5:84:5f:a8:19:66:
         cb:32:a6:65:ba:fe:76:c0:f0:b3:e8:f0:7a:6d:4d:0c:a9:36:
         07:35:ef:83:7a:cb:cd:52:9e:cf:8f:9d:7e:f3:ab:50:97:0d:
         e5:1a:2d:5d:96:74:6b:2a:b6:e5:bb:8f:80:16:ff:d2:fe:cd:
         5c:45:14:d7:d6:3b:0e:ac:bb:84:da:b2:b1:31:ca:12:1e:3f:
         b8:ca:ec:e2
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUQ4Jj0p85710GVIFWRUqv2Y86KrMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA5MjQwNDUzMTZaFw0yNTA5MjMwNDU4MTZaMDMxMTAvBgNV
BAMTKDcyODc3MzM0NUI3N0NBNjNGODNBMTMyNENBNzdDOTQzN0RGNjg2MUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVH5eUD65QYG/a2536QWDKcMxu
Vh169ODawZAjS/Rh5oad9bxrFqoFcbja6/Ehj1vKaCait2VokBlduIo9IfmYWU1C
rCNOzF9fAV75Y77A38vzfUPdOvAEjm3vi7HPK/YkjFTMJG5mi3J/WPj9Vjn+h1b+
IP7JqEPwUxl0HiMdH74h5/xyj93kT+jLhWrdvWogUxyuA01F+3I95E0zHuFtPW+s
uh1ONeQ7ccoCZd+SjXAeizW1zLUoWkr4xAYHCCq3oz7iyXg5hps6FE7rJLpwcA8V
isziCTGFx2vD6mnLq1SbLs8aVoDADHM8cPq6YC5zPbIhNo6rdVQAeevuWJOtAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUcodzNFt3ymP4OhMkynfJQ332hh8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzY1MzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACzPbkw
DQYJKoZIhvcNAQELBQADggEBAFWlCA3UDQr6quMdVXFJGCigadwkEw0tfFG3yJCe
M3McTNMUaY7/SYr+jvDH8R/Cqos6y2OUJRmxoy29ZHQ8bOBEfjO7K3mUCASwFmEv
vCytqeBNrYGhwXWe12YjBx8nKtUkmQ4GA26TAYrKF7iDQ+tgY1wxcRAUnD2mTZaw
wCqsBNPq0pR9QYqTZL8xHUNs6zCOk4LuEB362pd6YktXUsAka6QyPEQh/cxQHVs4
lLWEX6gZZssypmW6/nbA8LPo8HptTQypNgc174N6y81Sns+PnX7zq1CXDeUaLV2W
dGsqtuW7j4AW/9L+zVxFFNfWOw6su4TasrExyhIeP7jK7OI=
-----END CERTIFICATE-----