Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS43641.roa
File:                     AS43641.roa (raw, json)
Hash identifier:          B09L5N/reiQMh/zn5HSmiE/Z9YccT0O25J+7A1gLkrU=
Subject key identifier:   78:FC:A0:62:49:A3:90:3E:C3:03:C0:85:76:F2:58:35:67:9F:F9:FC
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       466AF1B8BEC0CDCC94B3B8DD405B7B53153BE99B
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS43641.roa
Signing time:             Fri 25 Oct 2024 14:33:59 +0000
ROA not before:           Fri 25 Oct 2024 14:28:59 +0000
ROA not after:            Fri 24 Oct 2025 14:33:59 +0000
asID:                     43641
IP address blocks:        181.215.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:48:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:6a:f1:b8:be:c0:cd:cc:94:b3:b8:dd:40:5b:7b:53:15:3b:e9:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Oct 25 14:28:59 2024 GMT
            Not After : Oct 24 14:33:59 2025 GMT
        Subject: CN=78FCA06249A3903EC303C08576F25835679FF9FC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:19:de:1f:99:df:cf:ba:89:26:52:d3:b5:38:
                    69:91:37:e4:f9:e4:45:08:5a:fe:4f:50:7a:d4:56:
                    f9:36:12:b0:29:6e:b0:f7:d4:77:f3:f5:bd:13:9d:
                    00:6f:1c:f4:56:4f:6a:57:5a:4a:51:0d:f3:32:6a:
                    61:b3:b7:40:5e:06:59:ff:2e:3c:55:99:a8:f9:0b:
                    fc:bb:1b:df:b5:ed:32:19:e8:d2:61:3e:f2:d2:07:
                    a6:44:a2:c5:93:f3:1b:1f:90:2f:ae:01:bd:e4:40:
                    cb:4e:99:a8:97:27:a7:55:c6:a8:89:5b:61:3d:04:
                    a5:99:43:d4:09:34:9d:cc:0b:30:8f:b2:2a:7d:33:
                    fe:2e:50:fb:ec:c8:74:23:14:da:88:3b:90:54:47:
                    b1:24:e3:30:56:83:78:ec:22:ca:6b:7c:d0:27:f2:
                    37:91:f8:ed:c2:51:5e:c9:4d:6a:1b:dd:29:85:0e:
                    8b:f8:c2:af:f3:30:28:1f:cf:37:0c:0b:8d:9b:0f:
                    21:b0:65:f8:3b:4c:95:ab:a7:2c:8a:57:95:67:84:
                    a6:b8:34:32:31:0a:4e:5b:65:ca:45:75:9d:46:96:
                    2f:19:b6:5b:0a:54:77:23:26:5b:ed:92:44:2e:89:
                    3e:5a:7c:27:3c:ca:9b:81:cb:1a:fb:a0:b0:8b:c7:
                    35:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:FC:A0:62:49:A3:90:3E:C3:03:C0:85:76:F2:58:35:67:9F:F9:FC
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS43641.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:e0:e6:16:29:27:c0:f5:43:6b:9c:41:db:d1:53:b3:7f:a3:
         aa:f7:e1:60:ce:f8:c6:81:44:84:84:fe:63:3f:bb:11:78:7e:
         41:ec:57:89:85:08:ed:86:1c:34:e3:5a:26:ec:8f:d1:04:f3:
         a7:fc:18:40:1f:1b:79:00:af:a3:3c:11:70:0c:73:7d:f0:fe:
         eb:a4:59:52:60:21:1b:57:26:21:69:39:0e:2d:7d:fe:f5:e6:
         07:82:92:36:a1:4f:f3:e9:6f:62:1a:27:93:ae:1f:15:0d:46:
         0d:a4:4c:5d:59:dc:dc:c7:91:46:e2:97:f6:5d:94:a7:02:44:
         95:59:b4:47:8b:ea:9d:ae:90:c8:8c:9d:fe:26:87:5c:46:ac:
         76:b5:ac:6d:cb:30:a3:d5:9b:36:5e:bf:ad:d4:47:c6:84:8e:
         d9:5a:a1:9f:e4:d8:af:f4:22:91:70:f6:e0:44:4d:06:89:28:
         56:cb:7b:73:c6:f5:0c:e9:74:7b:58:43:e4:22:10:2e:b2:88:
         c5:7f:99:39:6c:3d:21:bf:65:fe:a8:d2:0a:08:d9:f1:44:99:
         a7:35:a8:ca:8f:77:68:17:8d:3b:5a:34:8b:49:53:e6:5b:b9:
         9b:c6:ea:85:40:d2:04:45:8f:93:bd:76:f0:2d:c2:31:4f:f9:
         72:70:4f:b2
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIURmrxuL7AzcyUs7jdQFt7UxU76ZswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDEwMjUxNDI4NTlaFw0yNTEwMjQxNDMzNTlaMDMxMTAvBgNV
BAMTKDc4RkNBMDYyNDlBMzkwM0VDMzAzQzA4NTc2RjI1ODM1Njc5RkY5RkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQGd4fmd/PuokmUtO1OGmRN+T5
5EUIWv5PUHrUVvk2ErApbrD31Hfz9b0TnQBvHPRWT2pXWkpRDfMyamGzt0BeBln/
LjxVmaj5C/y7G9+17TIZ6NJhPvLSB6ZEosWT8xsfkC+uAb3kQMtOmaiXJ6dVxqiJ
W2E9BKWZQ9QJNJ3MCzCPsip9M/4uUPvsyHQjFNqIO5BUR7Ek4zBWg3jsIsprfNAn
8jeR+O3CUV7JTWob3SmFDov4wq/zMCgfzzcMC42bDyGwZfg7TJWrpyyKV5VnhKa4
NDIxCk5bZcpFdZ1Gli8ZtlsKVHcjJlvtkkQuiT5afCc8ypuByxr7oLCLxzWfAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUePygYkmjkD7DA8CFdvJYNWef+fwwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDM2NDEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC11zow
DQYJKoZIhvcNAQELBQADggEBAKzg5hYpJ8D1Q2ucQdvRU7N/o6r34WDO+MaBRISE
/mM/uxF4fkHsV4mFCO2GHDTjWibsj9EE86f8GEAfG3kAr6M8EXAMc33w/uukWVJg
IRtXJiFpOQ4tff715geCkjahT/Ppb2IaJ5OuHxUNRg2kTF1Z3NzHkUbil/ZdlKcC
RJVZtEeL6p2ukMiMnf4mh1xGrHa1rG3LMKPVmzZev63UR8aEjtlaoZ/k2K/0IpFw
9uBETQaJKFbLe3PG9QzpdHtYQ+QiEC6yiMV/mTlsPSG/Zf6o0goI2fFEmac1qMqP
d2gXjTtaNItJU+ZbuZvG6oVA0gRFj5O9dvAtwjFP+XJwT7I=
-----END CERTIFICATE-----