Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS396362.roa
File:                     AS396362.roa (raw, json)
Hash identifier:          oBAhXlUdhZchO3EtUKfSYuQTYaOlNJNrCO9XBnJDdhU=
Subject key identifier:   37:98:EB:03:6C:42:7C:98:02:7A:B3:0B:A6:67:9B:C2:1B:D9:52:F7
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       0A32493623D6A5B0519F11D65C9B1BCF8C4EE544
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS396362.roa
Signing time:             Tue 22 Oct 2024 17:17:49 +0000
ROA not before:           Tue 22 Oct 2024 17:12:49 +0000
ROA not after:            Tue 21 Oct 2025 17:17:49 +0000
asID:                     396362
IP address blocks:        185.141.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:32:49:36:23:d6:a5:b0:51:9f:11:d6:5c:9b:1b:cf:8c:4e:e5:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Oct 22 17:12:49 2024 GMT
            Not After : Oct 21 17:17:49 2025 GMT
        Subject: CN=3798EB036C427C98027AB30BA6679BC21BD952F7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:67:23:a4:3a:1a:e4:61:8a:45:14:00:96:ec:
                    2a:d6:ad:b9:3f:16:25:61:0a:9b:8c:00:11:77:6f:
                    6f:93:75:f1:ca:7c:98:2a:b3:12:65:7e:15:43:50:
                    c4:20:25:8e:fe:66:85:ff:08:ff:4a:aa:3e:9e:a8:
                    1a:2d:90:38:0b:81:e2:66:d1:86:21:26:0b:9c:0b:
                    54:37:42:bd:a4:7f:5f:65:cb:c8:72:17:3a:a1:28:
                    2e:a7:eb:ad:c9:dd:25:10:0f:87:a7:eb:12:e3:12:
                    4a:8c:ea:2c:39:8c:b1:7e:55:4f:9b:26:b1:60:5c:
                    4f:87:c8:b0:6d:e5:58:ec:20:d8:d4:58:07:d5:c9:
                    5f:77:98:b7:fc:dc:27:77:17:26:19:a3:d2:e1:69:
                    f3:33:6f:c2:12:71:62:ee:74:f6:41:d3:1c:4e:6f:
                    ff:50:78:dc:0f:e7:e7:17:84:66:ef:18:3a:16:d9:
                    f1:3d:7b:30:25:47:56:9c:3f:0c:8f:19:7f:a2:20:
                    c2:d3:b6:b0:d6:93:d0:99:e1:b4:7b:2b:91:e0:26:
                    85:f8:6b:ae:35:ca:41:12:5b:c9:24:46:92:f2:94:
                    1b:49:4e:e4:cd:c7:4d:ff:47:21:7e:23:97:52:4e:
                    17:a1:98:0e:ff:23:89:8e:14:dd:e5:5d:d6:f7:e8:
                    7a:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:98:EB:03:6C:42:7C:98:02:7A:B3:0B:A6:67:9B:C2:1B:D9:52:F7
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS396362.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:60:eb:7b:d2:19:f6:d0:0e:c1:9f:55:bb:81:b3:bd:c2:c9:
         b6:c1:fc:36:cd:49:0f:cc:08:00:cc:5c:75:14:2d:b3:a4:fc:
         8b:6b:2b:24:6c:6d:4c:1c:dd:03:34:11:72:4e:6b:30:14:1c:
         e6:9d:c2:37:72:60:23:b8:01:85:fd:6c:53:eb:50:42:85:fb:
         ed:e3:bb:ef:9b:2d:a2:33:42:b7:a8:22:2c:b1:af:65:8c:48:
         32:36:66:a9:b4:10:a7:23:0d:b3:a5:90:9b:39:ee:be:13:68:
         d7:91:a9:9b:0c:dc:b6:40:8d:9d:1f:c4:f2:10:74:68:74:bd:
         c1:e1:e1:45:40:a4:a0:d8:09:11:90:64:e8:4a:b4:06:1e:da:
         3c:b6:71:d1:fd:8d:14:c1:96:2b:0a:6d:bb:89:3f:4b:26:b5:
         76:37:06:cc:5c:73:98:8b:e6:83:9a:e6:3d:ba:b3:18:5b:51:
         53:c7:d2:d7:f5:a0:31:d4:03:9e:0d:f3:98:03:97:33:79:79:
         3a:4e:01:d9:c6:3c:d3:14:92:2b:d9:de:b6:cd:2c:cf:ea:35:
         6d:ac:11:75:8e:41:2c:6c:64:a8:78:4f:a2:76:2c:7c:0f:84:
         5b:94:15:cd:13:3b:61:78:d3:53:e3:96:b1:8a:04:30:de:09:
         e0:d6:82:4a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUCjJJNiPWpbBRnxHWXJsbz4xO5UQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDEwMjIxNzEyNDlaFw0yNTEwMjExNzE3NDlaMDMxMTAvBgNV
BAMTKDM3OThFQjAzNkM0MjdDOTgwMjdBQjMwQkE2Njc5QkMyMUJEOTUyRjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnZyOkOhrkYYpFFACW7CrWrbk/
FiVhCpuMABF3b2+TdfHKfJgqsxJlfhVDUMQgJY7+ZoX/CP9Kqj6eqBotkDgLgeJm
0YYhJgucC1Q3Qr2kf19ly8hyFzqhKC6n663J3SUQD4en6xLjEkqM6iw5jLF+VU+b
JrFgXE+HyLBt5VjsINjUWAfVyV93mLf83Cd3FyYZo9LhafMzb8IScWLudPZB0xxO
b/9QeNwP5+cXhGbvGDoW2fE9ezAlR1acPwyPGX+iIMLTtrDWk9CZ4bR7K5HgJoX4
a641ykESW8kkRpLylBtJTuTNx03/RyF+I5dSThehmA7/I4mOFN3lXdb36HpzAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUN5jrA2xCfJgCerMLpmebwhvZUvcwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzk2MzYyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY2m
MA0GCSqGSIb3DQEBCwUAA4IBAQBsYOt70hn20A7Bn1W7gbO9wsm2wfw2zUkPzAgA
zFx1FC2zpPyLayskbG1MHN0DNBFyTmswFBzmncI3cmAjuAGF/WxT61BChfvt47vv
my2iM0K3qCIssa9ljEgyNmaptBCnIw2zpZCbOe6+E2jXkambDNy2QI2dH8TyEHRo
dL3B4eFFQKSg2AkRkGToSrQGHto8tnHR/Y0UwZYrCm27iT9LJrV2NwbMXHOYi+aD
muY9urMYW1FTx9LX9aAx1AOeDfOYA5czeXk6TgHZxjzTFJIr2d62zSzP6jVtrBF1
jkEsbGSoeE+idix8D4RblBXNEztheNNT45axigQw3gng1oJK
-----END CERTIFICATE-----