Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS61112.roa
File:                     AS61112.roa (raw, json)
Hash identifier:          oXvcN8oq8yGRLjjHd4TlDQo4KQAUCDoxqQRtzmzU0Eo=
Subject key identifier:   89:B1:30:48:96:05:6E:CA:C8:0C:6B:09:E2:FD:30:16:43:9A:C9:2C
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       79AFE37EE6FA257289840914C93C579FDE1ACBBD
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS61112.roa
Signing time:             Wed 15 May 2024 09:05:16 +0000
ROA not before:           Wed 15 May 2024 09:00:16 +0000
ROA not after:            Wed 14 May 2025 09:05:16 +0000
asID:                     61112
IP address blocks:        181.214.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:af:e3:7e:e6:fa:25:72:89:84:09:14:c9:3c:57:9f:de:1a:cb:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 15 09:00:16 2024 GMT
            Not After : May 14 09:05:16 2025 GMT
        Subject: CN=89B1304896056ECAC80C6B09E2FD3016439AC92C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:46:a2:14:c2:34:32:0a:c0:d8:eb:a1:9a:ec:
                    c6:57:5e:8e:9a:fa:ca:9c:c7:d6:1b:9c:48:5a:08:
                    b3:08:2e:dd:e6:a9:4e:0e:dc:7c:aa:4b:b5:b0:c0:
                    5a:91:20:57:73:f7:64:bb:97:6b:36:d4:4b:7c:74:
                    e6:50:d8:31:4c:a0:96:fd:c5:7b:52:65:06:6f:42:
                    77:78:a1:73:44:2e:8a:1e:6e:32:d6:4c:95:c8:17:
                    ed:55:d4:8b:59:b7:4b:83:de:3e:41:41:4c:25:fb:
                    00:e5:5c:88:e4:d2:9a:df:7e:29:ae:cc:cf:3f:9b:
                    f7:16:16:2f:bc:58:fe:a4:9b:4f:8c:32:44:fb:09:
                    06:81:48:20:f8:b6:44:ef:29:0d:0e:c5:51:71:39:
                    ab:e8:88:75:67:25:9b:1e:9d:3f:86:53:f1:87:4e:
                    d4:23:62:76:04:1b:06:5a:43:44:39:d8:46:af:04:
                    4e:3f:81:ac:24:ce:39:2f:17:4e:d5:4b:d2:0b:20:
                    36:63:34:61:c5:de:88:db:47:90:d4:2d:e4:69:71:
                    2d:8c:a8:ee:62:58:f6:10:c3:7d:fb:d3:a4:54:89:
                    45:ec:0a:fe:e5:e4:22:01:9d:fa:6d:1e:92:ed:bd:
                    5e:08:89:a4:e2:57:b5:42:d3:d1:04:01:27:0b:33:
                    c6:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:B1:30:48:96:05:6E:CA:C8:0C:6B:09:E2:FD:30:16:43:9A:C9:2C
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS61112.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:2f:5c:58:fb:b7:8f:68:51:be:2c:07:ca:95:a6:b7:ae:d7:
         d9:52:12:aa:3a:9d:52:b0:01:46:d6:eb:e1:ad:f8:30:36:bf:
         30:85:53:aa:81:2f:12:0f:a9:27:39:30:5a:81:77:78:56:b7:
         bd:57:26:4c:7a:d9:77:40:bf:7d:a6:ea:19:d0:8f:ff:cc:35:
         5a:0f:17:39:5c:9a:a6:54:67:cb:d6:62:16:b1:e0:92:82:c8:
         ef:70:9f:d2:90:aa:86:3c:43:37:10:95:75:31:ef:b4:3e:78:
         18:8e:10:e3:db:6a:12:1c:8e:bb:0b:36:6f:64:08:0e:5f:25:
         68:e1:3b:1f:29:cd:85:ae:a3:c0:6c:4e:70:f6:a4:e4:a4:a4:
         91:6c:12:96:55:12:b8:fd:f6:2d:ba:b4:60:2f:cd:92:c2:ee:
         a0:07:c2:c8:46:62:21:a3:b2:ff:58:43:0d:89:5b:91:60:70:
         cb:32:92:3e:a9:92:22:f3:e2:d6:0f:d8:e1:8b:3b:02:7a:0b:
         5c:fc:b7:ae:ad:e9:b5:66:7c:05:71:7e:38:06:1f:66:a5:d3:
         51:e9:e0:2b:b3:b7:2b:54:f6:fa:f9:eb:2c:01:ed:c9:9d:f1:
         b0:fa:2a:3b:d5:0e:52:85:69:c0:4b:17:53:84:bd:22:2c:80:
         b0:ee:8b:76
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUea/jfub6JXKJhAkUyTxXn94ay70wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA1MTUwOTAwMTZaFw0yNTA1MTQwOTA1MTZaMDMxMTAvBgNV
BAMTKDg5QjEzMDQ4OTYwNTZFQ0FDODBDNkIwOUUyRkQzMDE2NDM5QUM5MkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiRqIUwjQyCsDY66Ga7MZXXo6a
+sqcx9YbnEhaCLMILt3mqU4O3HyqS7WwwFqRIFdz92S7l2s21Et8dOZQ2DFMoJb9
xXtSZQZvQnd4oXNELooebjLWTJXIF+1V1ItZt0uD3j5BQUwl+wDlXIjk0prffimu
zM8/m/cWFi+8WP6km0+MMkT7CQaBSCD4tkTvKQ0OxVFxOavoiHVnJZsenT+GU/GH
TtQjYnYEGwZaQ0Q52EavBE4/gawkzjkvF07VS9ILIDZjNGHF3ojbR5DULeRpcS2M
qO5iWPYQw33706RUiUXsCv7l5CIBnfptHpLtvV4IiaTiV7VC09EEAScLM8YFAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUibEwSJYFbsrIDGsJ4v0wFkOaySwwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNjExMTIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC11ogw
DQYJKoZIhvcNAQELBQADggEBAFEvXFj7t49oUb4sB8qVpreu19lSEqo6nVKwAUbW
6+Gt+DA2vzCFU6qBLxIPqSc5MFqBd3hWt71XJkx62XdAv32m6hnQj//MNVoPFzlc
mqZUZ8vWYhax4JKCyO9wn9KQqoY8QzcQlXUx77Q+eBiOEOPbahIcjrsLNm9kCA5f
JWjhOx8pzYWuo8BsTnD2pOSkpJFsEpZVErj99i26tGAvzZLC7qAHwshGYiGjsv9Y
Qw2JW5FgcMsykj6pkiLz4tYP2OGLOwJ6C1z8t66t6bVmfAVxfjgGH2al01Hp4Cuz
tytU9vr56ywB7cmd8bD6KjvVDlKFacBLF1OEvSIsgLDui3Y=
-----END CERTIFICATE-----