Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS5511.roa
File:                     AS5511.roa (raw, json)
Hash identifier:          E7NjeaePKQ/RuITbvoMD9xqQUgpk9niW34I6w+yyzpk=
Subject key identifier:   54:78:B2:7A:34:8E:B1:11:9C:77:B2:E7:20:54:8D:F2:FF:7C:67:61
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3ECF4E6D970718324AC31DD4ED2367B4378DA5C6
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS5511.roa
Signing time:             Fri 27 Sep 2024 23:20:40 +0000
ROA not before:           Fri 27 Sep 2024 23:15:40 +0000
ROA not after:            Fri 26 Sep 2025 23:20:40 +0000
asID:                     5511
IP address blocks:        89.19.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:cf:4e:6d:97:07:18:32:4a:c3:1d:d4:ed:23:67:b4:37:8d:a5:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Sep 27 23:15:40 2024 GMT
            Not After : Sep 26 23:20:40 2025 GMT
        Subject: CN=5478B27A348EB1119C77B2E720548DF2FF7C6761
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:39:af:bd:63:b0:84:28:51:56:00:56:5c:f2:
                    ed:73:de:62:a8:2b:1f:c5:f0:50:9b:21:29:88:58:
                    2c:96:c3:5c:3d:06:8e:44:bc:9d:d8:f5:88:8a:aa:
                    97:09:fa:5b:e4:de:c2:ff:80:c2:ba:98:e6:8e:8e:
                    c7:83:7c:c3:01:2f:25:4d:da:f6:39:81:f9:26:1f:
                    64:75:70:19:94:85:eb:51:73:5f:17:0e:8e:0c:ed:
                    e9:72:70:86:a0:ce:73:fb:8d:ee:57:a0:4f:83:4c:
                    b2:36:5c:a4:d8:97:6e:24:4e:c5:ad:56:33:b3:84:
                    64:0d:ee:a8:89:cb:40:2c:d9:d3:c5:29:0a:0e:a4:
                    bb:b9:d6:e7:a2:c5:6d:83:1d:21:4e:6a:b5:af:59:
                    27:52:8d:32:22:a8:7d:eb:55:b5:85:36:1b:3f:a4:
                    05:cd:be:2d:42:b3:e8:c4:a8:5a:88:43:56:ae:5c:
                    a4:78:64:ac:9c:0e:cf:53:00:43:68:c0:da:f7:95:
                    3e:58:50:3e:76:6f:c9:a7:3a:12:18:16:1c:9b:0b:
                    97:29:18:db:21:38:63:c3:c3:eb:70:d0:7c:59:ed:
                    44:ea:d3:cd:95:f4:06:2b:93:2d:26:1b:db:2d:d1:
                    92:8b:c3:3b:77:93:a4:be:f5:ab:02:bd:8c:fd:30:
                    0d:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:78:B2:7A:34:8E:B1:11:9C:77:B2:E7:20:54:8D:F2:FF:7C:67:61
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS5511.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.19.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:f0:3c:b8:27:97:f4:fc:de:ca:ff:f6:33:bd:41:c4:f4:fb:
         97:68:75:45:34:c1:e9:e7:66:96:3d:25:ec:34:9d:62:46:87:
         7c:50:e2:76:91:60:47:b8:57:b5:9d:c3:1c:75:ed:6b:39:4a:
         ab:db:2c:f0:28:50:87:15:cc:58:d8:08:39:04:92:03:22:79:
         4c:7d:5a:e0:81:5d:3f:80:f9:a4:65:b4:01:d2:8f:3b:5c:d0:
         9d:ed:30:92:71:7b:f9:c7:81:96:50:49:7b:55:09:d5:61:da:
         f6:0a:11:fc:0a:40:73:f0:33:8f:d8:6b:06:cb:49:b8:4a:02:
         6d:4e:83:e7:f1:d6:72:ad:fa:db:91:34:d2:02:8d:d8:ff:43:
         f9:27:a6:57:13:c2:76:45:4e:3e:41:6a:89:1f:a1:15:71:32:
         87:89:86:13:34:85:65:72:db:ed:61:61:b9:85:0d:fd:ba:3e:
         76:7a:db:a4:52:f5:68:9d:0c:1a:99:a6:be:46:45:ae:3e:7f:
         78:cc:de:14:ec:d1:ad:43:be:31:ee:a3:cf:12:ee:d1:7d:70:
         7e:23:2d:2e:88:35:a0:57:d7:c8:d8:11:f4:34:93:76:76:04:
         42:a1:2a:7a:c8:3f:7c:58:a7:c3:f9:ca:e1:76:0a:71:dc:87:
         b2:29:de:37
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUPs9ObZcHGDJKwx3U7SNntDeNpcYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA5MjcyMzE1NDBaFw0yNTA5MjYyMzIwNDBaMDMxMTAvBgNV
BAMTKDU0NzhCMjdBMzQ4RUIxMTE5Qzc3QjJFNzIwNTQ4REYyRkY3QzY3NjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6Oa+9Y7CEKFFWAFZc8u1z3mKo
Kx/F8FCbISmIWCyWw1w9Bo5EvJ3Y9YiKqpcJ+lvk3sL/gMK6mOaOjseDfMMBLyVN
2vY5gfkmH2R1cBmUhetRc18XDo4M7elycIagznP7je5XoE+DTLI2XKTYl24kTsWt
VjOzhGQN7qiJy0As2dPFKQoOpLu51ueixW2DHSFOarWvWSdSjTIiqH3rVbWFNhs/
pAXNvi1Cs+jEqFqIQ1auXKR4ZKycDs9TAENowNr3lT5YUD52b8mnOhIYFhybC5cp
GNshOGPDw+tw0HxZ7UTq082V9AYrky0mG9st0ZKLwzt3k6S+9asCvYz9MA1NAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUVHiyejSOsRGcd7LnIFSN8v98Z2EwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTUxMS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFkTMzAN
BgkqhkiG9w0BAQsFAAOCAQEAmfA8uCeX9Pzeyv/2M71BxPT7l2h1RTTB6edmlj0l
7DSdYkaHfFDidpFgR7hXtZ3DHHXtazlKq9ss8ChQhxXMWNgIOQSSAyJ5TH1a4IFd
P4D5pGW0AdKPO1zQne0wknF7+ceBllBJe1UJ1WHa9goR/ApAc/Azj9hrBstJuEoC
bU6D5/HWcq3625E00gKN2P9D+SemVxPCdkVOPkFqiR+hFXEyh4mGEzSFZXLb7WFh
uYUN/bo+dnrbpFL1aJ0MGpmmvkZFrj5/eMzeFOzRrUO+Me6jzxLu0X1wfiMtLog1
oFfXyNgR9DSTdnYEQqEqesg/fFinw/nK4XYKcdyHsineNw==
-----END CERTIFICATE-----