Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS401084.roa
File:                     AS401084.roa (raw, json)
Hash identifier:          tyeXIZT/Mq8VGtfL7lthIT5z/Rr26c/Zaal7WsQZ9Q8=
Subject key identifier:   C1:30:79:42:01:74:F7:A5:F7:33:A1:2C:8A:43:1E:8B:09:26:68:A4
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       2E67D45F23183E2A77C7F5B7C017E7E1D7A5C9D6
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS401084.roa
Signing time:             Tue 04 Jun 2024 20:26:32 +0000
ROA not before:           Tue 04 Jun 2024 20:21:32 +0000
ROA not after:            Tue 03 Jun 2025 20:26:32 +0000
asID:                     401084
IP address blocks:        179.61.181.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:48:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:67:d4:5f:23:18:3e:2a:77:c7:f5:b7:c0:17:e7:e1:d7:a5:c9:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun  4 20:21:32 2024 GMT
            Not After : Jun  3 20:26:32 2025 GMT
        Subject: CN=C13079420174F7A5F733A12C8A431E8B092668A4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:9e:a6:9a:26:59:f6:64:82:b5:ab:9c:41:a3:
                    9b:f2:97:e5:42:b2:99:80:ac:42:80:60:ad:36:15:
                    8b:22:6c:f8:bf:79:01:fa:e9:12:02:2f:d7:b9:50:
                    58:6c:9b:15:ec:54:ff:22:b8:09:9b:75:f0:28:ff:
                    d3:a9:80:1b:0e:72:69:51:ad:10:41:c1:86:64:07:
                    58:1f:ab:00:8b:fe:6d:08:14:a6:17:5b:94:26:7c:
                    80:b7:a1:bc:b4:63:ef:6b:ac:a5:a7:8c:45:66:de:
                    88:e6:76:85:ae:19:b4:14:c6:33:6a:b4:a6:93:94:
                    e3:4a:52:f2:a4:18:8d:38:18:ad:a4:17:78:96:fb:
                    61:d1:c4:2d:dc:93:a1:ed:35:ce:53:51:a9:e1:0a:
                    00:41:86:09:4a:dd:b7:fc:4b:28:4a:c5:78:d9:60:
                    f7:c0:f7:32:44:77:3b:42:1e:b5:47:45:15:b3:65:
                    dd:2a:ae:b5:ac:54:6b:78:d5:bc:85:37:4e:ba:93:
                    f1:63:03:2f:3a:fc:10:04:5c:a8:16:a9:fd:20:34:
                    7f:6e:04:bc:80:56:b7:21:b1:ba:29:8f:5d:36:52:
                    d8:03:72:86:da:d1:2c:30:e9:f0:ba:51:8c:40:6b:
                    bf:5a:9f:8c:5b:a2:0d:fb:78:51:ae:c4:cd:a7:c3:
                    96:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:30:79:42:01:74:F7:A5:F7:33:A1:2C:8A:43:1E:8B:09:26:68:A4
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS401084.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:02:7d:2c:90:b8:c0:c9:40:89:a3:fe:4b:e8:a1:ce:a7:37:
         ae:83:d8:04:c5:ba:ab:78:63:2c:42:ad:f7:a8:bd:c2:6e:3a:
         da:d0:a2:a1:16:f5:30:c9:78:3b:0b:4b:9f:cf:36:b1:f3:16:
         84:7f:ba:dc:93:b4:ec:0d:54:2e:55:b1:bd:74:47:4a:b0:16:
         57:d4:2a:da:5c:97:20:b0:af:c2:bf:0e:88:2f:c5:e4:8b:ba:
         88:83:38:09:97:c8:69:94:20:d8:66:a3:08:0e:01:61:dc:a8:
         8d:bf:39:82:fd:cc:43:1a:b0:0d:57:2a:26:30:66:ec:f5:d6:
         be:96:15:a5:de:e9:43:05:01:f6:59:65:4f:77:82:22:bf:dd:
         f2:14:32:e3:08:59:32:47:87:50:a2:33:3c:2c:df:d6:27:c2:
         f8:c5:bb:1d:9c:eb:89:69:04:1b:db:1b:46:17:ac:1f:33:6e:
         fb:f3:67:82:df:e1:2f:09:1c:e3:a8:93:6d:1e:61:76:a3:36:
         f9:a8:ec:44:81:8a:be:44:c4:cc:ab:58:09:d7:f7:4b:4b:67:
         53:2b:ca:c3:05:5e:b1:ce:28:e4:45:b6:69:02:41:bd:f9:e5:
         8f:83:27:07:e1:4a:41:e7:a5:68:cd:ca:0e:a6:df:32:d9:3f:
         fd:20:32:1d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIULmfUXyMYPip3x/W3wBfn4delydYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA2MDQyMDIxMzJaFw0yNTA2MDMyMDI2MzJaMDMxMTAvBgNV
BAMTKEMxMzA3OTQyMDE3NEY3QTVGNzMzQTEyQzhBNDMxRThCMDkyNjY4QTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnnqaaJln2ZIK1q5xBo5vyl+VC
spmArEKAYK02FYsibPi/eQH66RICL9e5UFhsmxXsVP8iuAmbdfAo/9OpgBsOcmlR
rRBBwYZkB1gfqwCL/m0IFKYXW5QmfIC3oby0Y+9rrKWnjEVm3ojmdoWuGbQUxjNq
tKaTlONKUvKkGI04GK2kF3iW+2HRxC3ck6HtNc5TUanhCgBBhglK3bf8SyhKxXjZ
YPfA9zJEdztCHrVHRRWzZd0qrrWsVGt41byFN066k/FjAy86/BAEXKgWqf0gNH9u
BLyAVrchsbopj102UtgDcoba0Sww6fC6UYxAa79an4xbog37eFGuxM2nw5ZNAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUwTB5QgF096X3M6EsikMeiwkmaKQwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDAxMDg0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsz21
MA0GCSqGSIb3DQEBCwUAA4IBAQCmAn0skLjAyUCJo/5L6KHOpzeug9gExbqreGMs
Qq33qL3Cbjra0KKhFvUwyXg7C0ufzzax8xaEf7rck7TsDVQuVbG9dEdKsBZX1Cra
XJcgsK/Cvw6IL8Xki7qIgzgJl8hplCDYZqMIDgFh3KiNvzmC/cxDGrANVyomMGbs
9da+lhWl3ulDBQH2WWVPd4Iiv93yFDLjCFkyR4dQojM8LN/WJ8L4xbsdnOuJaQQb
2xtGF6wfM27782eC3+EvCRzjqJNtHmF2ozb5qOxEgYq+RMTMq1gJ1/dLS2dTK8rD
BV6xzijkRbZpAkG9+eWPgycH4UpB56VozcoOpt8y2T/9IDId
-----END CERTIFICATE-----