Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS41720.roa
File:                     AS41720.roa (raw, json)
Hash identifier:          z/bolAC3IqOZKf/Rh7SD+nviH7Dhcz4hpPX43w8Lcp4=
Subject key identifier:   45:CB:B7:A6:8E:61:4C:C9:D3:69:C1:C1:50:31:52:A2:70:77:A1:01
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       776173B796C1C5661D85C12EA82B7A2EFE6324B3
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS41720.roa
Signing time:             Tue 27 Aug 2024 07:01:12 +0000
ROA not before:           Tue 27 Aug 2024 06:56:12 +0000
ROA not after:            Tue 26 Aug 2025 07:01:12 +0000
asID:                     41720
IP address blocks:        179.61.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 07:05:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:61:73:b7:96:c1:c5:66:1d:85:c1:2e:a8:2b:7a:2e:fe:63:24:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug 27 06:56:12 2024 GMT
            Not After : Aug 26 07:01:12 2025 GMT
        Subject: CN=45CBB7A68E614CC9D369C1C1503152A27077A101
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:88:94:c3:78:54:ee:8c:3f:00:27:99:84:34:
                    91:36:b2:41:54:c7:66:78:58:e4:7c:05:82:da:ed:
                    ed:82:a8:1f:0d:09:9f:46:63:03:5f:0e:1f:10:e9:
                    29:48:e6:0e:27:13:30:4a:d7:b1:ee:5b:53:19:11:
                    d0:da:0b:d6:e9:6a:8a:82:27:20:ee:81:77:ad:89:
                    17:0f:c1:32:cd:44:c6:14:05:61:2a:f1:a2:29:a4:
                    20:21:69:20:13:e4:fb:b7:9b:35:18:69:e5:e2:6d:
                    63:19:83:73:21:c5:bc:20:95:c6:6d:8b:ee:24:65:
                    20:86:c5:31:a7:96:76:2f:64:81:4a:fa:e9:d5:0f:
                    a9:c5:c0:9e:b6:93:3c:94:f5:36:93:80:52:8c:43:
                    87:76:62:43:c7:93:05:5d:87:ec:44:98:bf:d7:52:
                    61:b0:13:2e:aa:2d:36:09:16:82:50:ca:ae:02:21:
                    fc:ca:44:ba:25:9f:2f:11:ea:12:30:a5:68:71:50:
                    7a:e0:6c:16:82:cb:5c:7c:49:27:5a:df:07:67:6e:
                    8a:59:83:fe:b6:c6:28:ee:1b:f9:88:2f:96:bf:6c:
                    22:9a:17:bc:c2:01:12:80:ed:b1:68:d6:14:e2:99:
                    ca:5e:ba:20:74:a4:62:03:d9:84:72:eb:f0:77:60:
                    50:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:CB:B7:A6:8E:61:4C:C9:D3:69:C1:C1:50:31:52:A2:70:77:A1:01
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS41720.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:b3:0b:42:74:c2:94:de:b5:4b:5e:d7:49:84:9d:53:c8:b0:
         96:44:cc:b8:2b:e6:f2:d8:48:0f:73:fc:67:67:9a:c6:b0:a1:
         b0:68:50:82:09:a1:02:ec:37:47:98:3b:07:56:40:bf:8e:ea:
         aa:d7:66:a7:3a:40:d9:dd:54:8e:7c:62:79:b8:3c:e4:dd:7a:
         c1:f8:c3:f0:4a:82:31:15:ec:8e:b7:2d:f3:95:89:ad:78:b3:
         f3:71:7b:8e:7a:56:d7:c3:f6:02:5b:91:0e:db:e6:17:4e:5e:
         75:aa:c5:de:ff:be:9f:12:4b:70:58:0f:67:86:7c:80:08:ea:
         26:5a:0c:ed:da:92:73:9c:dc:47:be:30:aa:d5:23:a0:88:8c:
         6b:d8:73:37:e5:77:cb:35:9e:4a:9e:eb:a2:8b:ee:5c:ea:4b:
         2c:c4:40:4e:65:14:50:59:32:60:8b:03:11:73:dc:e3:19:37:
         c6:c7:2c:e7:0e:62:5b:03:85:5f:40:7b:6b:ce:dc:67:90:24:
         4b:d9:ad:95:f2:0b:cf:bb:b1:86:cb:61:7b:80:e3:57:39:8b:
         af:09:08:a4:fb:52:e5:ed:f3:26:dd:8a:96:5d:e2:e7:db:65:
         2b:35:c0:09:e9:ac:aa:5b:84:2d:84:6a:1a:c0:f6:76:0e:df:
         bd:d6:75:75
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUd2Fzt5bBxWYdhcEuqCt6Lv5jJLMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA4MjcwNjU2MTJaFw0yNTA4MjYwNzAxMTJaMDMxMTAvBgNV
BAMTKDQ1Q0JCN0E2OEU2MTRDQzlEMzY5QzFDMTUwMzE1MkEyNzA3N0ExMDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwiJTDeFTujD8AJ5mENJE2skFU
x2Z4WOR8BYLa7e2CqB8NCZ9GYwNfDh8Q6SlI5g4nEzBK17HuW1MZEdDaC9bpaoqC
JyDugXetiRcPwTLNRMYUBWEq8aIppCAhaSAT5Pu3mzUYaeXibWMZg3MhxbwglcZt
i+4kZSCGxTGnlnYvZIFK+unVD6nFwJ62kzyU9TaTgFKMQ4d2YkPHkwVdh+xEmL/X
UmGwEy6qLTYJFoJQyq4CIfzKRLolny8R6hIwpWhxUHrgbBaCy1x8SSda3wdnbopZ
g/62xijuG/mIL5a/bCKaF7zCARKA7bFo1hTimcpeuiB0pGID2YRy6/B3YFDRAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQURcu3po5hTMnTacHBUDFSonB3oQEwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDE3MjAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACzPZQw
DQYJKoZIhvcNAQELBQADggEBABGzC0J0wpTetUte10mEnVPIsJZEzLgr5vLYSA9z
/GdnmsawobBoUIIJoQLsN0eYOwdWQL+O6qrXZqc6QNndVI58Ynm4POTdesH4w/BK
gjEV7I63LfOVia14s/Nxe456VtfD9gJbkQ7b5hdOXnWqxd7/vp8SS3BYD2eGfIAI
6iZaDO3aknOc3Ee+MKrVI6CIjGvYczfld8s1nkqe66KL7lzqSyzEQE5lFFBZMmCL
AxFz3OMZN8bHLOcOYlsDhV9Ae2vO3GeQJEvZrZXyC8+7sYbLYXuA41c5i68JCKT7
UuXt8ybdipZd4ufbZSs1wAnprKpbhC2EahrA9nYO373WdXU=
-----END CERTIFICATE-----