Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS51043.roa
File:                     AS51043.roa (raw, json)
Hash identifier:          GRnvt+Sx2Y34H32k9jdYzRnzp2sjQRMZo1KdSXQw8OU=
Subject key identifier:   30:CA:BB:39:BC:BD:47:21:C6:F4:4D:0A:C4:E7:A5:19:50:A4:CA:44
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       31D1B5BACE8EFFBBF7F9E2B3862DB5861F3A70A5
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS51043.roa
Signing time:             Wed 31 Jan 2024 08:05:09 +0000
ROA not before:           Wed 31 Jan 2024 08:00:09 +0000
ROA not after:            Wed 29 Jan 2025 08:05:09 +0000
asID:                     51043
IP address blocks:        45.88.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:d1:b5:ba:ce:8e:ff:bb:f7:f9:e2:b3:86:2d:b5:86:1f:3a:70:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:09 2024 GMT
            Not After : Jan 29 08:05:09 2025 GMT
        Subject: CN=30CABB39BCBD4721C6F44D0AC4E7A51950A4CA44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:4d:6e:e3:ef:1d:55:a8:69:92:50:fa:a3:f9:
                    18:ff:a6:34:56:9c:9f:09:43:4c:9f:b9:3f:4d:0b:
                    f3:e3:bd:5c:0c:fb:48:33:ae:9c:92:48:fc:d0:e8:
                    0b:2c:1f:99:b8:6e:a3:cd:fa:83:f5:a9:4d:57:a1:
                    15:f1:1d:15:20:24:26:2e:1a:46:10:ad:9d:05:a2:
                    f3:b7:9a:94:b2:29:db:02:5d:97:d4:74:96:e6:dd:
                    19:c9:9e:9b:ed:e9:3b:1b:fb:2c:20:96:35:5b:ca:
                    54:8b:b8:82:0f:ac:0a:76:e8:45:cd:29:98:fa:90:
                    15:5e:6e:97:63:f9:d9:14:0f:fe:c9:94:b3:6f:cc:
                    26:dc:aa:90:34:1c:ad:76:3f:40:a0:e6:a3:cd:c4:
                    e7:fe:03:ce:80:cf:e2:8b:db:1b:14:22:ca:8c:6e:
                    11:7e:7b:2d:4a:7e:c1:e5:a2:9f:b6:fd:26:14:9e:
                    5c:44:bd:9b:3a:b6:3e:51:9b:b9:75:c5:23:79:c7:
                    03:1c:0d:59:a5:46:f0:b1:fb:c0:d1:b0:da:66:a5:
                    dd:57:8c:fe:bc:54:37:25:f9:40:0c:ea:43:93:8c:
                    75:d6:94:19:7c:42:a3:2e:c6:2b:1d:81:a0:b9:1f:
                    67:1a:55:85:01:f1:5e:09:90:1d:fd:cd:4c:bf:cb:
                    57:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:CA:BB:39:BC:BD:47:21:C6:F4:4D:0A:C4:E7:A5:19:50:A4:CA:44
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS51043.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:09:38:4f:ba:a1:e7:bc:da:e9:0f:ff:2c:56:6a:84:46:28:
         08:e7:bf:66:c0:e6:41:dd:0c:23:a6:1f:96:ff:57:5c:70:69:
         39:d5:79:7e:50:2c:ed:5a:b9:5c:5c:91:f5:a6:69:dc:ce:bb:
         d3:0d:6c:55:d6:54:61:92:f3:eb:03:7b:90:b4:d2:5b:99:2e:
         7a:c5:51:55:51:42:df:48:bd:b3:a4:de:01:8e:a5:75:f4:dd:
         35:3d:d1:94:6d:54:c1:c0:25:cb:66:58:dd:ec:28:41:00:ee:
         e7:f3:99:fa:64:dc:21:ba:17:c6:94:81:5b:cd:90:2f:42:9f:
         57:c6:04:a1:45:b9:4f:36:c9:50:64:cc:e7:97:f1:79:a6:92:
         b4:c7:6e:20:45:98:66:b4:51:92:f2:c0:3c:7b:9c:e3:1d:7f:
         f3:0c:0f:04:72:3f:e8:28:1d:7d:28:f4:29:c7:39:19:46:4f:
         a2:0a:79:3a:b0:60:be:66:4c:a6:4c:41:1f:d4:a0:48:9c:e0:
         49:28:13:87:ce:9c:36:9d:20:00:b8:97:6c:07:44:bc:0d:26:
         7f:42:1c:24:12:2e:3c:2b:3e:33:54:c2:8b:5f:48:92:ae:39:
         b7:77:96:e4:33:e7:1a:ec:46:6e:bc:95:ce:5c:f2:48:a5:22:
         72:75:67:fe
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUMdG1us6O/7v3+eKzhi21hh86cKUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMDlaFw0yNTAxMjkwODA1MDlaMDMxMTAvBgNV
BAMTKDMwQ0FCQjM5QkNCRDQ3MjFDNkY0NEQwQUM0RTdBNTE5NTBBNENBNDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzTW7j7x1VqGmSUPqj+Rj/pjRW
nJ8JQ0yfuT9NC/PjvVwM+0gzrpySSPzQ6AssH5m4bqPN+oP1qU1XoRXxHRUgJCYu
GkYQrZ0FovO3mpSyKdsCXZfUdJbm3RnJnpvt6Tsb+ywgljVbylSLuIIPrAp26EXN
KZj6kBVebpdj+dkUD/7JlLNvzCbcqpA0HK12P0Cg5qPNxOf+A86Az+KL2xsUIsqM
bhF+ey1KfsHlop+2/SYUnlxEvZs6tj5Rm7l1xSN5xwMcDVmlRvCx+8DRsNpmpd1X
jP68VDcl+UAM6kOTjHXWlBl8QqMuxisdgaC5H2caVYUB8V4JkB39zUy/y1dvAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUMMq7Oby9RyHG9E0KxOelGVCkykQwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTEwNDMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtWGIw
DQYJKoZIhvcNAQELBQADggEBAFoJOE+6oee82ukP/yxWaoRGKAjnv2bA5kHdDCOm
H5b/V1xwaTnVeX5QLO1auVxckfWmadzOu9MNbFXWVGGS8+sDe5C00luZLnrFUVVR
Qt9IvbOk3gGOpXX03TU90ZRtVMHAJctmWN3sKEEA7ufzmfpk3CG6F8aUgVvNkC9C
n1fGBKFFuU82yVBkzOeX8XmmkrTHbiBFmGa0UZLywDx7nOMdf/MMDwRyP+goHX0o
9CnHORlGT6IKeTqwYL5mTKZMQR/UoEic4EkoE4fOnDadIAC4l2wHRLwNJn9CHCQS
LjwrPjNUwotfSJKuObd3luQz5xrsRm68lc5c8kilInJ1Z/4=
-----END CERTIFICATE-----