Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS57814.roa
File:                     AS57814.roa (raw, json)
Hash identifier:          /5OY1AmltQa7UKr2Gqi6JHewMSvsf9fHgpji54zppbQ=
Subject key identifier:   94:60:87:C6:F1:24:89:F8:E3:1D:2E:76:C5:E1:7D:77:1B:8E:67:0B
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4ECEF21E4468F1C9085316E64013B62075D838FD
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS57814.roa
Signing time:             Thu 13 Jun 2024 09:05:18 +0000
ROA not before:           Thu 13 Jun 2024 09:00:18 +0000
ROA not after:            Thu 12 Jun 2025 09:05:18 +0000
asID:                     57814
IP address blocks:        45.95.20.0/24 maxlen: 24
                          109.106.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 07:05:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:ce:f2:1e:44:68:f1:c9:08:53:16:e6:40:13:b6:20:75:d8:38:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 13 09:00:18 2024 GMT
            Not After : Jun 12 09:05:18 2025 GMT
        Subject: CN=946087C6F12489F8E31D2E76C5E17D771B8E670B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:17:37:28:c4:ba:bd:fe:d7:17:7f:5c:b0:5e:
                    d5:c7:a3:ec:99:4e:eb:30:55:cd:b2:58:59:85:b2:
                    0e:26:ac:64:28:ef:7e:88:99:e3:91:ae:73:c9:5c:
                    0b:b9:7d:71:10:8e:17:a8:cb:69:1f:45:9b:c0:00:
                    a0:8b:11:26:01:5a:3e:a6:f0:14:e5:3a:e2:d2:5c:
                    41:96:0f:c4:c8:a2:2a:93:44:ae:91:f0:2d:b1:57:
                    68:16:64:74:e8:5a:a3:ef:c0:6a:4c:b7:65:a8:cd:
                    b4:bb:cb:3d:91:b1:32:cb:26:0e:05:5b:b2:d3:4c:
                    da:9a:c5:69:ba:61:89:cd:f6:2d:90:8e:2d:f7:45:
                    b9:d1:fc:d0:21:42:7d:35:4d:57:79:c5:16:e3:d5:
                    da:02:83:e8:bd:32:44:7e:75:d9:2e:55:ab:8c:86:
                    75:38:bc:4e:6a:97:ba:c0:1c:bb:70:5a:9a:ff:92:
                    0f:28:8c:1f:0f:3e:79:da:ec:b7:2e:29:0b:4f:2c:
                    77:7c:2f:2b:48:ae:44:bf:e5:f3:e6:d6:4d:89:24:
                    3f:ea:23:88:19:49:dc:6b:4a:9d:db:10:7f:a1:37:
                    54:2b:3f:47:6c:20:a4:90:da:0f:aa:f6:5e:81:97:
                    17:93:39:6a:e6:fa:f1:ee:b9:6d:bd:81:2f:0d:2e:
                    95:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:60:87:C6:F1:24:89:F8:E3:1D:2E:76:C5:E1:7D:77:1B:8E:67:0B
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS57814.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.20.0/24
                  109.106.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:fb:e7:09:cd:6a:68:7d:02:3a:ac:ec:3a:ea:6f:ca:f8:3d:
         51:dc:ce:35:01:65:4d:63:ac:32:9c:85:d7:8b:7f:fe:69:65:
         66:0f:d2:bc:bc:f7:4a:e1:cc:e5:4f:d1:ed:db:56:1d:43:22:
         8f:ba:b0:13:f8:60:6f:34:c1:63:cd:a5:ba:a2:9d:1b:31:2a:
         22:c8:b0:23:79:e4:ec:8b:ad:ac:ef:75:d5:01:94:08:f6:2f:
         05:18:b8:83:90:b1:f5:b1:55:d6:78:9c:eb:60:f0:1d:af:4a:
         1b:84:8d:00:ab:32:6b:f8:ed:85:d9:cc:83:c7:01:a1:64:d8:
         a0:88:b7:2b:8d:27:6b:2d:06:e3:f0:a9:42:19:c1:79:a4:c8:
         35:94:60:42:77:7d:f4:96:f7:f4:96:05:35:d7:c3:43:26:1f:
         c8:53:94:09:d7:86:29:ea:61:68:5e:5c:ad:db:89:28:74:cd:
         8f:ee:31:b7:0e:cb:26:46:e6:96:72:ca:fe:ef:e0:17:b7:6a:
         33:cb:ff:da:79:aa:ee:3e:f9:33:73:03:7c:63:86:5c:35:21:
         d1:ac:8f:e4:5d:c2:f9:4b:a9:cd:b7:09:25:2d:76:c0:c0:36:
         af:f9:a0:fb:1c:18:7d:64:54:22:9a:91:28:d1:07:53:09:56:
         cb:67:d8:a9
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUTs7yHkRo8ckIUxbmQBO2IHXYOP0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA2MTMwOTAwMThaFw0yNTA2MTIwOTA1MThaMDMxMTAvBgNV
BAMTKDk0NjA4N0M2RjEyNDg5RjhFMzFEMkU3NkM1RTE3RDc3MUI4RTY3MEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChFzcoxLq9/tcXf1ywXtXHo+yZ
TuswVc2yWFmFsg4mrGQo736ImeORrnPJXAu5fXEQjheoy2kfRZvAAKCLESYBWj6m
8BTlOuLSXEGWD8TIoiqTRK6R8C2xV2gWZHToWqPvwGpMt2WozbS7yz2RsTLLJg4F
W7LTTNqaxWm6YYnN9i2Qji33RbnR/NAhQn01TVd5xRbj1doCg+i9MkR+ddkuVauM
hnU4vE5ql7rAHLtwWpr/kg8ojB8PPnna7LcuKQtPLHd8LytIrkS/5fPm1k2JJD/q
I4gZSdxrSp3bEH+hN1QrP0dsIKSQ2g+q9l6BlxeTOWrm+vHuuW29gS8NLpWxAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUlGCHxvEkifjjHS52xeF9dxuOZwswHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTc4MTQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAtXxQD
BABtagAwDQYJKoZIhvcNAQELBQADggEBAHz75wnNamh9Ajqs7Drqb8r4PVHczjUB
ZU1jrDKchdeLf/5pZWYP0ry890rhzOVP0e3bVh1DIo+6sBP4YG80wWPNpbqinRsx
KiLIsCN55OyLrazvddUBlAj2LwUYuIOQsfWxVdZ4nOtg8B2vShuEjQCrMmv47YXZ
zIPHAaFk2KCItyuNJ2stBuPwqUIZwXmkyDWUYEJ3ffSW9/SWBTXXw0MmH8hTlAnX
hinqYWheXK3biSh0zY/uMbcOyyZG5pZyyv7v4Be3ajPL/9p5qu4++TNzA3xjhlw1
IdGsj+RdwvlLqc23CSUtdsDANq/5oPscGH1kVCKakSjRB1MJVstn2Kk=
-----END CERTIFICATE-----