Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS51561.roa
File:                     AS51561.roa (raw, json)
Hash identifier:          +IjPQa6IbutfEB2AE4qVVf34wjPfobCG9fdmdOvT/K0=
Subject key identifier:   A8:56:D2:62:49:CF:B4:F7:94:C8:86:29:AD:63:27:C8:D5:7C:79:21
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7FA449316C61267F54FB1C7772EBC06E30FE9BA1
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS51561.roa
Signing time:             Tue 13 Aug 2024 10:27:17 +0000
ROA not before:           Tue 13 Aug 2024 10:22:17 +0000
ROA not after:            Tue 12 Aug 2025 10:27:17 +0000
asID:                     51561
IP address blocks:        181.215.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:a4:49:31:6c:61:26:7f:54:fb:1c:77:72:eb:c0:6e:30:fe:9b:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug 13 10:22:17 2024 GMT
            Not After : Aug 12 10:27:17 2025 GMT
        Subject: CN=A856D26249CFB4F794C88629AD6327C8D57C7921
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:d2:3d:20:4c:37:3f:da:ca:d3:fd:6c:9e:b4:
                    48:b1:67:1e:a3:14:e6:1c:57:e4:13:34:d4:d5:f1:
                    f3:26:d6:36:6e:51:73:d5:cf:8c:14:20:8e:a9:90:
                    33:75:d5:53:5c:da:af:b1:b6:30:c1:44:84:11:da:
                    7b:97:1a:95:24:40:e1:27:31:f4:f2:f6:89:a0:68:
                    df:8b:8c:64:ac:30:7b:1a:97:05:35:e9:d1:ce:5d:
                    f4:20:ba:b9:42:07:84:b2:61:f1:67:57:54:36:9d:
                    56:67:73:e3:12:57:5b:51:f9:d1:7e:68:c6:c7:20:
                    dd:9d:8e:43:4f:b2:fc:1d:be:fa:70:df:6e:b7:8a:
                    98:05:f0:7d:06:e6:84:0d:41:5e:34:16:84:39:20:
                    da:eb:85:28:89:3e:35:5d:8d:11:6c:d5:f5:3f:1e:
                    5e:6e:45:fb:c1:54:01:c4:3f:3b:ef:d0:00:ce:37:
                    c9:4a:a1:ba:3e:eb:62:b8:ca:0b:c5:e8:32:51:ca:
                    0e:31:d2:07:af:7a:71:f5:5c:8e:a9:c5:6f:b8:65:
                    f1:d0:20:08:24:ee:7d:b4:04:c9:55:3e:58:13:48:
                    72:5d:a4:bf:1a:16:af:c5:e5:b3:3c:3f:71:b2:73:
                    17:c4:fe:42:52:7e:af:0a:30:39:07:ae:c3:b6:9c:
                    55:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:56:D2:62:49:CF:B4:F7:94:C8:86:29:AD:63:27:C8:D5:7C:79:21
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS51561.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:fb:49:79:ae:65:dd:60:d1:20:f6:a6:a6:82:c0:88:6c:2c:
         83:b7:37:9b:57:c8:df:fa:9f:6e:a6:60:a0:70:6f:ec:18:92:
         8a:bd:99:20:fd:d2:85:02:46:f6:89:65:3e:80:9e:1b:80:67:
         90:b8:26:04:ec:7d:c2:0b:a8:da:23:4a:f1:5b:73:1e:f0:f6:
         6e:d3:44:7a:b6:06:9e:9a:1c:7e:c3:e9:dc:fc:82:98:3c:f1:
         2d:8e:c1:7b:ca:7b:8e:a4:38:8c:76:9f:da:8f:ca:8d:cc:30:
         47:7a:c8:de:52:5b:26:a7:c9:4f:b0:47:3e:11:07:0e:d8:aa:
         a7:9e:03:50:07:f1:04:35:c9:c1:8c:15:ba:23:61:f4:34:e7:
         96:e8:6f:69:f9:10:59:ac:77:7d:24:da:9a:c3:d5:50:51:e0:
         2d:a3:f3:93:84:32:66:a1:4f:7c:cb:e2:de:02:7f:14:bc:46:
         62:e1:a5:0c:41:c3:d2:c7:03:52:d0:f2:f2:a1:b3:40:26:10:
         59:07:4e:da:9c:01:dd:4b:ac:4a:22:27:34:c2:29:fc:71:ba:
         59:37:97:ce:51:d3:34:c0:bd:0e:f3:f0:9e:4b:12:e2:f1:5f:
         b7:3e:66:bf:28:6d:50:8c:35:22:9d:a2:5b:36:30:44:5b:89:
         99:95:07:38
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUf6RJMWxhJn9U+xx3cuvAbjD+m6EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA4MTMxMDIyMTdaFw0yNTA4MTIxMDI3MTdaMDMxMTAvBgNV
BAMTKEE4NTZEMjYyNDlDRkI0Rjc5NEM4ODYyOUFENjMyN0M4RDU3Qzc5MjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCk0j0gTDc/2srT/WyetEixZx6j
FOYcV+QTNNTV8fMm1jZuUXPVz4wUII6pkDN11VNc2q+xtjDBRIQR2nuXGpUkQOEn
MfTy9omgaN+LjGSsMHsalwU16dHOXfQgurlCB4SyYfFnV1Q2nVZnc+MSV1tR+dF+
aMbHIN2djkNPsvwdvvpw3263ipgF8H0G5oQNQV40FoQ5INrrhSiJPjVdjRFs1fU/
Hl5uRfvBVAHEPzvv0ADON8lKobo+62K4ygvF6DJRyg4x0gevenH1XI6pxW+4ZfHQ
IAgk7n20BMlVPlgTSHJdpL8aFq/F5bM8P3GycxfE/kJSfq8KMDkHrsO2nFVlAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUqFbSYknPtPeUyIYprWMnyNV8eSEwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTE1NjEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC11yAw
DQYJKoZIhvcNAQELBQADggEBADX7SXmuZd1g0SD2pqaCwIhsLIO3N5tXyN/6n26m
YKBwb+wYkoq9mSD90oUCRvaJZT6AnhuAZ5C4JgTsfcILqNojSvFbcx7w9m7TRHq2
Bp6aHH7D6dz8gpg88S2OwXvKe46kOIx2n9qPyo3MMEd6yN5SWyanyU+wRz4RBw7Y
qqeeA1AH8QQ1ycGMFbojYfQ055bob2n5EFmsd30k2prD1VBR4C2j85OEMmahT3zL
4t4CfxS8RmLhpQxBw9LHA1LQ8vKhs0AmEFkHTtqcAd1LrEoiJzTCKfxxulk3l85R
0zTAvQ7z8J5LEuLxX7c+Zr8obVCMNSKdols2MERbiZmVBzg=
-----END CERTIFICATE-----