Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS137517.roa
File:                     AS137517.roa (raw, json)
Hash identifier:          /I2jIJo8zhoZRhbhcYJAwnO21Oxz3sFGZmkSg8x7gdY=
Subject key identifier:   72:F6:A4:64:E6:5F:08:67:EF:99:53:A1:DB:E2:CF:21:8E:8D:C6:B4
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       31C6444C89C6FE5FA8B500EAB68EC393546E4B7E
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS137517.roa
Signing time:             Wed 25 Dec 2024 01:59:08 +0000
ROA not before:           Wed 25 Dec 2024 01:54:08 +0000
ROA not after:            Wed 24 Dec 2025 01:59:08 +0000
asID:                     137517
IP address blocks:        45.89.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 19:35:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:c6:44:4c:89:c6:fe:5f:a8:b5:00:ea:b6:8e:c3:93:54:6e:4b:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Dec 25 01:54:08 2024 GMT
            Not After : Dec 24 01:59:08 2025 GMT
        Subject: CN=72F6A464E65F0867EF9953A1DBE2CF218E8DC6B4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:95:15:fd:25:15:2b:72:d6:24:e5:e4:f3:6d:
                    8d:9f:ce:bd:65:06:95:5e:37:28:75:5d:52:da:df:
                    b2:f4:f1:e0:f6:74:80:98:33:de:0a:93:01:e0:32:
                    ea:3a:17:7e:a5:9c:f8:70:94:c4:dc:72:fc:47:9e:
                    f3:bd:0a:ae:42:a2:6d:01:30:21:0d:4b:bd:63:2d:
                    16:10:d8:c3:b2:2a:a0:15:9c:52:0e:07:7a:43:c2:
                    d5:bc:5c:e1:c9:57:ee:20:98:55:5c:1c:b0:72:c4:
                    3a:58:30:5d:be:c9:de:bf:89:47:8b:b8:a8:2c:1d:
                    fb:01:aa:70:cb:d5:d8:d8:a5:b4:92:37:59:ee:a6:
                    33:41:a0:72:ef:fc:f0:84:eb:08:5a:05:34:ee:66:
                    62:76:68:a8:39:9a:1d:c5:53:c4:f2:1a:55:5d:cc:
                    b8:21:29:80:94:0e:d4:7b:2c:33:6f:c4:62:30:c6:
                    21:c7:92:61:23:8e:e8:28:86:74:55:0a:a9:2c:06:
                    cd:85:53:bb:be:89:d0:f1:c9:6b:cf:e9:e4:5a:c7:
                    d0:5a:04:96:04:a7:e1:8f:6d:fe:8f:82:6a:95:57:
                    30:59:1c:c1:62:ab:a9:9d:47:3d:68:b7:75:c0:98:
                    e8:62:4c:2e:f9:7e:6c:db:dd:87:a8:84:1a:6c:c5:
                    af:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:F6:A4:64:E6:5F:08:67:EF:99:53:A1:DB:E2:CF:21:8E:8D:C6:B4
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS137517.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:12:3f:da:97:f2:24:91:15:8a:e0:1c:05:49:94:79:fd:66:
         fc:2d:58:70:88:7d:61:08:7e:7d:53:43:d2:9d:95:e3:c6:07:
         4e:50:52:66:5e:2f:fb:96:d6:0a:90:1b:60:dd:0a:65:ec:d9:
         cb:5c:bb:86:30:f8:13:20:5b:ef:0e:f7:53:bd:a6:f1:38:e1:
         72:3d:52:77:02:57:61:61:77:2b:6d:73:94:2e:a2:aa:da:e1:
         5e:5d:c0:19:ca:dc:7c:74:26:26:34:f5:82:38:f4:a8:e3:07:
         47:16:25:e1:25:b1:09:36:3d:c5:1c:c0:ce:a4:c5:1d:6d:b2:
         ba:d1:41:8b:ae:ed:4e:2a:9f:26:d5:b9:c4:86:78:f3:80:2b:
         f3:0b:7e:dd:ec:79:8a:57:51:68:e5:ba:f4:be:3b:3c:e6:45:
         d8:57:0d:5f:08:65:6f:e4:b1:42:94:a5:84:da:1d:d2:f0:03:
         07:cb:5b:cb:0e:87:7a:af:f7:99:d1:9a:6e:d0:fa:44:73:8b:
         8a:57:e2:31:f4:36:de:3d:b8:57:7f:a0:d4:41:07:69:f6:b4:
         5b:4e:3b:bd:0a:dd:01:32:95:b2:ef:00:1a:8e:50:da:89:67:
         e9:cd:5a:af:12:6a:e3:aa:f0:e3:39:70:0c:71:ce:50:75:33:
         e6:6c:17:e4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUMcZETInG/l+otQDqto7Dk1RuS34wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDEyMjUwMTU0MDhaFw0yNTEyMjQwMTU5MDhaMDMxMTAvBgNV
BAMTKDcyRjZBNDY0RTY1RjA4NjdFRjk5NTNBMURCRTJDRjIxOEU4REM2QjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDlRX9JRUrctYk5eTzbY2fzr1l
BpVeNyh1XVLa37L08eD2dICYM94KkwHgMuo6F36lnPhwlMTccvxHnvO9Cq5Com0B
MCENS71jLRYQ2MOyKqAVnFIOB3pDwtW8XOHJV+4gmFVcHLByxDpYMF2+yd6/iUeL
uKgsHfsBqnDL1djYpbSSN1nupjNBoHLv/PCE6whaBTTuZmJ2aKg5mh3FU8TyGlVd
zLghKYCUDtR7LDNvxGIwxiHHkmEjjugohnRVCqksBs2FU7u+idDxyWvP6eRax9Ba
BJYEp+GPbf6PgmqVVzBZHMFiq6mdRz1ot3XAmOhiTC75fmzb3YeohBpsxa9VAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUcvakZOZfCGfvmVOh2+LPIY6NxrQwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTM3NTE3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVn9
MA0GCSqGSIb3DQEBCwUAA4IBAQAbEj/al/IkkRWK4BwFSZR5/Wb8LVhwiH1hCH59
U0PSnZXjxgdOUFJmXi/7ltYKkBtg3Qpl7NnLXLuGMPgTIFvvDvdTvabxOOFyPVJ3
AldhYXcrbXOULqKq2uFeXcAZytx8dCYmNPWCOPSo4wdHFiXhJbEJNj3FHMDOpMUd
bbK60UGLru1OKp8m1bnEhnjzgCvzC37d7HmKV1Fo5br0vjs85kXYVw1fCGVv5LFC
lKWE2h3S8AMHy1vLDod6r/eZ0Zpu0PpEc4uKV+Ix9DbePbhXf6DUQQdp9rRbTju9
Ct0BMpWy7wAajlDaiWfpzVqvEmrjqvDjOXAMcc5QdTPmbBfk
-----END CERTIFICATE-----