Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS136744.roa
File:                     AS136744.roa (raw, json)
Hash identifier:          L2reKHYI8d17BYxrSlh68v3k/Ngf3+/CMndm3GkuR94=
Subject key identifier:   51:65:B7:87:AD:DB:0C:1F:B6:F5:26:98:BF:E3:D6:17:46:CC:20:5B
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3DD9F7CDB799C8E0DE05CE14987148894C078C7B
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS136744.roa
Signing time:             Wed 31 Jan 2024 08:05:10 +0000
ROA not before:           Wed 31 Jan 2024 08:00:10 +0000
ROA not after:            Wed 29 Jan 2025 08:05:10 +0000
asID:                     136744
IP address blocks:        92.118.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:d9:f7:cd:b7:99:c8:e0:de:05:ce:14:98:71:48:89:4c:07:8c:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:10 2024 GMT
            Not After : Jan 29 08:05:10 2025 GMT
        Subject: CN=5165B787ADDB0C1FB6F52698BFE3D61746CC205B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:2e:fb:9f:c3:4f:ce:57:89:9e:8c:8b:dd:5a:
                    e7:0d:63:1c:1a:46:3f:96:27:e2:43:9b:2e:1a:19:
                    e8:a0:a1:bb:2e:49:e3:77:6c:0f:54:fc:69:30:8f:
                    da:89:ff:42:dd:13:71:90:05:8b:8d:1a:53:12:61:
                    77:3e:30:0e:64:14:03:a2:85:85:be:8c:8b:8a:ba:
                    92:64:55:a3:35:c3:eb:25:85:f9:f8:07:af:ca:1b:
                    79:00:3f:4b:7b:21:81:7c:21:3c:95:22:06:2f:43:
                    5d:ce:81:39:27:7e:ea:04:36:97:f9:f0:f4:25:61:
                    52:6b:2a:2b:58:8d:d9:09:8c:d0:ba:69:0d:2b:7c:
                    d6:35:30:13:0d:89:c0:52:d2:d5:7f:f0:e1:94:dd:
                    e7:79:f8:98:31:68:eb:3f:6a:ce:0e:08:0f:66:be:
                    e8:7d:5a:a3:07:21:98:f5:bd:13:0b:ea:23:35:11:
                    3b:11:53:e6:92:5d:85:a3:bc:02:58:cd:95:90:b2:
                    75:c5:65:4b:25:d0:f3:19:fe:46:e3:aa:0a:b3:6b:
                    c4:45:f9:3f:d3:ba:47:6a:8f:94:28:e2:d0:22:95:
                    d4:bd:10:10:a3:79:ad:6e:32:c3:37:b9:26:1f:14:
                    46:4a:3f:49:09:84:d5:be:f9:af:54:08:88:50:cd:
                    9c:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:65:B7:87:AD:DB:0C:1F:B6:F5:26:98:BF:E3:D6:17:46:CC:20:5B
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS136744.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.118.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:09:4e:ef:1d:d5:5c:fa:6a:7d:03:d0:4d:e6:d6:d8:76:19:
         a6:4b:0f:e8:94:8d:dd:d9:79:62:9b:d2:87:29:2d:c6:37:0e:
         85:e3:33:32:5c:7e:0b:90:e1:67:6b:7c:c5:f4:da:9c:cc:db:
         97:c4:12:3c:12:fc:85:58:14:eb:72:ed:e1:eb:a1:db:c0:0a:
         07:e5:b7:f4:a1:7e:30:b1:b0:e9:ee:c2:b7:fe:05:26:a1:8e:
         31:53:67:85:66:eb:29:8a:1c:38:18:e1:e0:0e:9c:9c:2f:b0:
         16:68:8e:1e:66:6e:c9:31:84:16:2a:5b:f9:ac:b5:17:95:81:
         0e:c1:11:a5:ad:38:cc:21:44:59:6a:0f:f7:9e:cf:83:13:51:
         44:05:b6:66:1b:4f:a6:f1:28:04:1c:2a:40:32:27:5b:40:d1:
         1e:be:0f:27:04:23:f7:7d:2e:4d:bf:a1:90:3e:f5:ec:00:db:
         d7:f7:ff:c1:88:0f:89:68:33:82:a0:fb:84:84:70:c2:bc:6e:
         b4:63:bb:b9:ae:05:a5:65:90:48:0c:52:14:fc:fe:ac:f6:04:
         6a:7c:90:5c:e9:4a:86:75:8c:b4:fa:53:d8:c1:03:d2:00:21:
         87:ba:c0:05:6b:45:47:44:70:37:b6:81:b4:1c:a8:67:d1:36:
         9f:0c:51:46
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUPdn3zbeZyODeBc4UmHFIiUwHjHswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMTBaFw0yNTAxMjkwODA1MTBaMDMxMTAvBgNV
BAMTKDUxNjVCNzg3QUREQjBDMUZCNkY1MjY5OEJGRTNENjE3NDZDQzIwNUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQLvufw0/OV4mejIvdWucNYxwa
Rj+WJ+JDmy4aGeigobsuSeN3bA9U/Gkwj9qJ/0LdE3GQBYuNGlMSYXc+MA5kFAOi
hYW+jIuKupJkVaM1w+slhfn4B6/KG3kAP0t7IYF8ITyVIgYvQ13OgTknfuoENpf5
8PQlYVJrKitYjdkJjNC6aQ0rfNY1MBMNicBS0tV/8OGU3ed5+JgxaOs/as4OCA9m
vuh9WqMHIZj1vRML6iM1ETsRU+aSXYWjvAJYzZWQsnXFZUsl0PMZ/kbjqgqza8RF
+T/Tukdqj5Qo4tAildS9EBCjea1uMsM3uSYfFEZKP0kJhNW++a9UCIhQzZxTAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUUWW3h63bDB+29SaYv+PWF0bMIFswHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTM2NzQ0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXHai
MA0GCSqGSIb3DQEBCwUAA4IBAQArCU7vHdVc+mp9A9BN5tbYdhmmSw/olI3d2Xli
m9KHKS3GNw6F4zMyXH4LkOFna3zF9NqczNuXxBI8EvyFWBTrcu3h66HbwAoH5bf0
oX4wsbDp7sK3/gUmoY4xU2eFZuspihw4GOHgDpycL7AWaI4eZm7JMYQWKlv5rLUX
lYEOwRGlrTjMIURZag/3ns+DE1FEBbZmG0+m8SgEHCpAMidbQNEevg8nBCP3fS5N
v6GQPvXsANvX9//BiA+JaDOCoPuEhHDCvG60Y7u5rgWlZZBIDFIU/P6s9gRqfJBc
6UqGdYy0+lPYwQPSACGHusAFa0VHRHA3toG0HKhn0TafDFFG
-----END CERTIFICATE-----