Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS47436.roa
File:                     AS47436.roa (raw, json)
Hash identifier:          IbPNJGjISQzosdl98Lr74/u2xVr/SY3jbkIBie+KXB4=
Subject key identifier:   7F:44:5F:C1:5C:63:1D:2E:E6:90:CB:1E:CD:B2:19:20:C9:AB:0B:9B
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       159ED87B1D043B1FB4C7B149F007B555F1C9021A
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS47436.roa
Signing time:             Thu 07 Nov 2024 00:43:27 +0000
ROA not before:           Thu 07 Nov 2024 00:38:27 +0000
ROA not after:            Thu 06 Nov 2025 00:43:27 +0000
asID:                     47436
IP address blocks:        5.252.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:9e:d8:7b:1d:04:3b:1f:b4:c7:b1:49:f0:07:b5:55:f1:c9:02:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Nov  7 00:38:27 2024 GMT
            Not After : Nov  6 00:43:27 2025 GMT
        Subject: CN=7F445FC15C631D2EE690CB1ECDB21920C9AB0B9B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:b4:df:d2:dd:5a:94:fa:1d:f9:03:58:bb:d6:
                    59:9b:c1:af:82:66:16:e7:7e:64:e2:c3:7f:0e:37:
                    5a:0c:6b:2a:ca:66:13:d8:a2:41:dc:5f:95:91:46:
                    88:1f:a6:f5:c7:58:17:53:c8:4b:3a:da:c2:0c:35:
                    b6:f0:ff:57:2a:57:f5:a0:21:47:c6:f6:3f:ac:cd:
                    24:7c:58:2f:a8:d4:e8:c7:0b:2e:74:cd:48:d7:20:
                    80:15:ad:9f:8d:69:bd:26:bb:7c:46:4b:de:76:10:
                    84:c5:a9:71:dc:b5:9d:77:0c:59:b1:38:40:e4:b1:
                    4b:bf:82:a0:60:6c:ee:33:1d:a8:9c:5b:00:fe:0f:
                    6e:95:f3:f7:6f:04:19:42:69:59:5d:08:ba:dc:9f:
                    cc:f5:54:aa:16:a5:2f:b2:c9:06:8d:00:c3:80:5b:
                    8c:02:c6:11:13:ec:57:a9:3d:e8:79:75:b8:af:08:
                    90:99:3e:13:63:03:16:c7:0f:50:fb:69:09:77:84:
                    05:cd:44:17:bd:f6:11:44:ec:e0:7f:03:7c:1d:de:
                    df:83:12:b2:fe:8a:c7:1a:d5:f0:ba:42:e5:65:9b:
                    04:ec:37:40:a5:44:19:b7:4c:c4:95:43:0a:c0:f3:
                    6b:52:90:29:7a:f1:35:1c:6d:53:0e:98:c1:30:f0:
                    d3:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:44:5F:C1:5C:63:1D:2E:E6:90:CB:1E:CD:B2:19:20:C9:AB:0B:9B
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS47436.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:8f:e5:29:91:90:40:b7:7c:e5:ad:4a:0c:74:7f:ef:28:dd:
         b8:b0:92:96:d5:dc:0c:16:c9:d9:f4:5d:d2:74:17:5a:77:80:
         a9:77:a2:c5:50:71:97:ae:17:48:9b:d7:06:23:00:6d:c4:d3:
         97:90:bb:17:f4:8d:55:ad:82:b4:e9:7b:c7:f8:39:c5:a6:d9:
         ac:34:2d:75:1e:58:93:64:23:d5:a1:1b:08:e2:ca:fe:dd:a9:
         d9:50:28:40:78:f9:6d:04:3f:ec:f1:10:d1:ed:c1:6f:f3:29:
         12:eb:d4:18:2f:31:80:e8:f4:12:7e:7c:bf:e0:bc:f0:ae:15:
         aa:33:eb:cb:d6:ae:05:69:6f:5d:7e:12:54:b7:40:6b:73:04:
         57:3b:7b:d2:2b:8f:fc:0a:05:81:c5:56:9c:4f:59:e9:b9:b1:
         e6:f2:c9:e7:1c:10:8f:af:95:36:d5:58:90:c3:45:3c:d3:f6:
         ec:bd:cd:82:23:c2:0b:fa:a4:6f:03:29:01:18:e9:b1:f0:63:
         e0:00:0a:3d:84:5c:6b:86:60:17:65:55:5f:38:b3:64:98:89:
         e1:d5:36:cd:d9:f7:f0:43:92:57:ab:b0:4e:96:ed:c0:ea:03:
         2e:01:37:16:84:c5:38:f9:a8:1e:2c:3b:c9:91:bf:6f:7e:d4:
         36:f6:a7:32
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUFZ7Yex0EOx+0x7FJ8Ae1VfHJAhowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDExMDcwMDM4MjdaFw0yNTExMDYwMDQzMjdaMDMxMTAvBgNV
BAMTKDdGNDQ1RkMxNUM2MzFEMkVFNjkwQ0IxRUNEQjIxOTIwQzlBQjBCOUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUtN/S3VqU+h35A1i71lmbwa+C
ZhbnfmTiw38ON1oMayrKZhPYokHcX5WRRogfpvXHWBdTyEs62sIMNbbw/1cqV/Wg
IUfG9j+szSR8WC+o1OjHCy50zUjXIIAVrZ+Nab0mu3xGS952EITFqXHctZ13DFmx
OEDksUu/gqBgbO4zHaicWwD+D26V8/dvBBlCaVldCLrcn8z1VKoWpS+yyQaNAMOA
W4wCxhET7FepPeh5dbivCJCZPhNjAxbHD1D7aQl3hAXNRBe99hFE7OB/A3wd3t+D
ErL+isca1fC6QuVlmwTsN0ClRBm3TMSVQwrA82tSkCl68TUcbVMOmMEw8NMLAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUf0RfwVxjHS7mkMsezbIZIMmrC5swHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDc0MzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAF/Eow
DQYJKoZIhvcNAQELBQADggEBAFmP5SmRkEC3fOWtSgx0f+8o3biwkpbV3AwWydn0
XdJ0F1p3gKl3osVQcZeuF0ib1wYjAG3E05eQuxf0jVWtgrTpe8f4OcWm2aw0LXUe
WJNkI9WhGwjiyv7dqdlQKEB4+W0EP+zxENHtwW/zKRLr1BgvMYDo9BJ+fL/gvPCu
Faoz68vWrgVpb11+ElS3QGtzBFc7e9Irj/wKBYHFVpxPWem5sebyyeccEI+vlTbV
WJDDRTzT9uy9zYIjwgv6pG8DKQEY6bHwY+AACj2EXGuGYBdlVV84s2SYieHVNs3Z
9/BDklersE6W7cDqAy4BNxaExTj5qB4sO8mRv29+1Db2pzI=
-----END CERTIFICATE-----