Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS61317.roa
File:                     AS61317.roa (raw, json)
Hash identifier:          pJEG3VJQ86JS6ZJS4yJOzYvqWEDoffK+vDxOehRHfro=
Subject key identifier:   A3:79:D9:16:06:47:BA:32:2C:F5:39:F2:C0:3B:9D:7D:A0:86:6D:FC
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       34E072DCC570462889894272AE4BA2D8A1C8D95F
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS61317.roa
Signing time:             Sat 07 Dec 2024 08:29:51 +0000
ROA not before:           Sat 07 Dec 2024 08:24:51 +0000
ROA not after:            Sat 06 Dec 2025 08:29:51 +0000
asID:                     61317
IP address blocks:        147.79.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Dec 2024 16:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:e0:72:dc:c5:70:46:28:89:89:42:72:ae:4b:a2:d8:a1:c8:d9:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Dec  7 08:24:51 2024 GMT
            Not After : Dec  6 08:29:51 2025 GMT
        Subject: CN=A379D9160647BA322CF539F2C03B9D7DA0866DFC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:2a:ce:b6:af:9c:72:42:38:3c:32:0c:2d:bc:
                    61:0e:96:05:02:00:08:43:2c:6a:bc:41:98:72:4c:
                    6a:fd:c2:f6:e6:69:be:ae:af:08:96:78:0a:e5:5c:
                    e2:46:25:6d:1a:7a:3b:a0:0e:f6:a2:02:c1:60:b9:
                    bf:92:da:2c:57:10:2d:de:9c:b3:c8:4c:af:bf:e3:
                    47:b9:ce:2e:f7:5c:d1:52:47:80:5a:97:b3:7e:68:
                    9b:30:25:69:04:48:18:61:ff:03:a7:e5:8e:87:97:
                    f8:6a:5b:3f:62:27:79:3a:8f:25:70:8b:d1:94:aa:
                    87:4b:01:16:3c:fe:b8:ca:6c:cf:a6:6c:7b:d6:3c:
                    83:d0:55:59:de:e2:4b:6f:ef:68:63:08:d7:5e:d3:
                    cf:6a:d6:50:69:a8:6b:29:b7:2f:7b:95:cf:7b:f8:
                    39:44:ba:0b:e2:83:16:a1:c1:78:a4:18:0b:e7:e5:
                    e9:f7:b1:ff:bc:75:aa:28:06:fb:75:4e:e4:5d:e8:
                    73:fa:cc:c5:f8:04:42:90:9c:b3:57:f6:77:5d:ec:
                    4c:27:5e:b9:a9:ad:ce:91:f5:9b:90:f3:0b:b8:59:
                    f0:db:2c:34:75:0a:ea:ba:28:c7:60:00:75:7c:61:
                    ab:d9:e5:27:d7:01:75:65:d3:c1:ae:82:68:f1:30:
                    dc:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:79:D9:16:06:47:BA:32:2C:F5:39:F2:C0:3B:9D:7D:A0:86:6D:FC
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS61317.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.79.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:a5:bb:e4:90:05:ff:33:20:d6:4a:22:41:b6:ec:d4:46:d7:
         14:9c:29:6d:6b:9a:29:52:5f:0d:c6:3d:5f:d9:df:e9:48:07:
         0a:60:c3:75:62:57:09:5f:9c:5e:3c:d8:5e:16:47:eb:1d:54:
         64:fc:4e:93:6b:2c:a1:80:6d:f7:cf:41:5a:36:5d:db:f0:36:
         1a:27:9b:f7:36:c9:2c:20:cb:71:74:55:f4:9c:52:90:5f:8e:
         d6:96:e5:ba:6c:39:3d:c2:87:9e:ed:db:79:57:c3:99:94:bc:
         3d:86:63:83:dd:18:1b:25:c7:d5:ab:d1:53:0e:2b:c6:69:c8:
         44:42:00:40:66:15:69:0f:92:dd:e2:8a:11:37:9d:90:76:c5:
         e1:49:d4:3d:19:95:0e:45:44:02:a7:6a:0d:56:8e:f2:2f:b3:
         00:2d:70:c7:9e:88:b0:cd:85:83:d5:eb:ff:51:02:43:31:11:
         1a:15:28:ac:2e:1f:5b:93:0e:64:8a:17:14:ce:96:32:44:54:
         d7:ee:42:e8:c3:b9:ae:09:ae:aa:d8:a7:a2:e2:93:d3:1c:64:
         a0:2f:b5:d0:79:54:9a:88:18:a0:65:ac:47:33:d8:4b:b4:04:
         b4:4f:06:4a:5c:0f:50:20:a6:a0:84:ca:65:19:49:33:3d:5d:
         9b:22:c7:64
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUNOBy3MVwRiiJiUJyrkui2KHI2V8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDEyMDcwODI0NTFaFw0yNTEyMDYwODI5NTFaMDMxMTAvBgNV
BAMTKEEzNzlEOTE2MDY0N0JBMzIyQ0Y1MzlGMkMwM0I5RDdEQTA4NjZERkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDsKs62r5xyQjg8MgwtvGEOlgUC
AAhDLGq8QZhyTGr9wvbmab6urwiWeArlXOJGJW0aejugDvaiAsFgub+S2ixXEC3e
nLPITK+/40e5zi73XNFSR4Bal7N+aJswJWkESBhh/wOn5Y6Hl/hqWz9iJ3k6jyVw
i9GUqodLARY8/rjKbM+mbHvWPIPQVVne4ktv72hjCNde089q1lBpqGspty97lc97
+DlEugvigxahwXikGAvn5en3sf+8daooBvt1TuRd6HP6zMX4BEKQnLNX9ndd7Ewn
Xrmprc6R9ZuQ8wu4WfDbLDR1Cuq6KMdgAHV8YavZ5SfXAXVl08GugmjxMNwbAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUo3nZFgZHujIs9TnywDudfaCGbfwwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNjEzMTcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACTTx0w
DQYJKoZIhvcNAQELBQADggEBAF6lu+SQBf8zINZKIkG27NRG1xScKW1rmilSXw3G
PV/Z3+lIBwpgw3ViVwlfnF482F4WR+sdVGT8TpNrLKGAbffPQVo2XdvwNhonm/c2
ySwgy3F0VfScUpBfjtaW5bpsOT3Ch57t23lXw5mUvD2GY4PdGBslx9Wr0VMOK8Zp
yERCAEBmFWkPkt3iihE3nZB2xeFJ1D0ZlQ5FRAKnag1WjvIvswAtcMeeiLDNhYPV
6/9RAkMxERoVKKwuH1uTDmSKFxTOljJEVNfuQujDua4JrqrYp6Lik9McZKAvtdB5
VJqIGKBlrEcz2Eu0BLRPBkpcD1AgpqCEymUZSTM9XZsix2Q=
-----END CERTIFICATE-----