Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13768.roa
File:                     AS13768.roa (raw, json)
Hash identifier:          yYknY29ENO9K/thaw2xOhGiLe/2hlLaaMdGIOKt3hGI=
Subject key identifier:   AE:F7:2B:BD:E1:4C:9B:70:C1:1E:39:AD:7F:24:6A:D1:84:82:50:FF
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       19D24E2C6ECA44684C87965E7B7CAFC6E4E2FAFC
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13768.roa
Signing time:             Wed 31 Jan 2024 08:05:11 +0000
ROA not before:           Wed 31 Jan 2024 08:00:11 +0000
ROA not after:            Wed 29 Jan 2025 08:05:11 +0000
asID:                     13768
IP address blocks:        181.215.249.0/24 maxlen: 24
                          191.96.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:d2:4e:2c:6e:ca:44:68:4c:87:96:5e:7b:7c:af:c6:e4:e2:fa:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:11 2024 GMT
            Not After : Jan 29 08:05:11 2025 GMT
        Subject: CN=AEF72BBDE14C9B70C11E39AD7F246AD1848250FF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:e0:45:0d:2a:f0:a9:38:6d:bb:64:f9:d8:26:
                    01:64:d7:3f:6a:f2:80:ce:cb:3b:01:de:48:37:ea:
                    84:d3:f8:d1:77:c0:0f:89:4d:83:29:ea:33:87:fc:
                    a0:86:3a:dc:6e:e9:ad:f6:1b:09:04:c8:72:24:63:
                    8d:50:bd:b3:d3:89:ae:9d:df:11:16:c6:cf:a9:51:
                    66:58:0a:8e:19:d9:21:3b:c8:86:10:f8:ba:41:1f:
                    29:88:99:a0:ec:59:a5:51:f6:21:bd:e4:0f:24:01:
                    7d:4d:08:68:f3:4e:d4:6b:6f:d4:00:ee:1b:de:88:
                    48:ec:96:b7:c3:7f:37:bd:67:d4:f9:88:bb:59:0d:
                    eb:66:d6:79:e4:32:f3:85:a4:cf:4e:cc:79:b7:7d:
                    38:df:a7:54:62:6b:e2:96:37:1d:0d:ec:a3:05:08:
                    04:d6:9e:a1:96:fa:33:fb:0a:58:41:a8:4d:11:5b:
                    42:88:a1:e4:02:84:ad:94:9f:68:18:69:c8:09:95:
                    5e:df:81:59:82:66:95:62:db:53:2e:ae:58:d2:72:
                    17:34:6c:7e:51:0e:fa:71:de:c2:fe:a2:37:3f:86:
                    34:e4:0f:39:c7:76:7a:22:b2:e5:a7:cb:de:f2:0a:
                    7d:a8:e3:34:c2:e3:05:44:9d:c9:40:cf:47:ab:f6:
                    93:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:F7:2B:BD:E1:4C:9B:70:C1:1E:39:AD:7F:24:6A:D1:84:82:50:FF
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13768.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.249.0/24
                  191.96.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:54:03:96:1b:e0:ff:80:bb:70:60:75:0e:d1:4f:4d:2f:c4:
         09:97:99:6d:9c:a4:4d:02:9b:4f:f3:29:b9:a2:49:5c:ba:7e:
         4b:2e:20:46:12:92:72:db:a3:f8:b0:07:df:7c:b4:2d:14:53:
         b2:bf:b2:c6:a2:df:57:36:86:be:c3:2e:5b:c5:7f:30:63:bd:
         e9:94:ea:2c:0b:3e:74:5e:d4:27:53:05:9e:c7:47:27:95:eb:
         d3:f9:73:ab:21:92:9e:eb:f0:f1:fa:ed:4b:d1:ff:df:14:af:
         ed:9d:36:aa:b2:2a:be:60:4c:10:dd:0f:d4:9a:d6:50:63:0a:
         20:75:bb:61:d6:d8:40:85:db:3b:27:86:eb:73:a7:02:d7:cf:
         b8:c7:0d:87:c1:9f:ab:5b:f8:98:3e:25:07:ff:ce:79:17:76:
         0e:4a:82:ef:48:e2:b2:a5:a4:31:52:57:81:e5:c1:27:f4:57:
         e6:dc:a1:d9:27:07:7e:43:3a:a8:bf:de:f2:2f:77:39:95:25:
         8a:5b:fe:c8:c3:de:76:e8:95:1d:db:39:fc:4d:f5:c3:1d:76:
         03:1c:51:07:c1:0a:75:28:10:02:db:91:6c:76:a4:f2:08:59:
         22:8d:4d:17:ab:37:3b:81:60:9a:db:c5:1d:aa:97:c2:cf:51:
         be:c5:8a:fc
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUGdJOLG7KRGhMh5Zee3yvxuTi+vwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMTFaFw0yNTAxMjkwODA1MTFaMDMxMTAvBgNV
BAMTKEFFRjcyQkJERTE0QzlCNzBDMTFFMzlBRDdGMjQ2QUQxODQ4MjUwRkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCX4EUNKvCpOG27ZPnYJgFk1z9q
8oDOyzsB3kg36oTT+NF3wA+JTYMp6jOH/KCGOtxu6a32GwkEyHIkY41QvbPTia6d
3xEWxs+pUWZYCo4Z2SE7yIYQ+LpBHymImaDsWaVR9iG95A8kAX1NCGjzTtRrb9QA
7hveiEjslrfDfze9Z9T5iLtZDetm1nnkMvOFpM9OzHm3fTjfp1Ria+KWNx0N7KMF
CATWnqGW+jP7ClhBqE0RW0KIoeQChK2Un2gYacgJlV7fgVmCZpVi21MurljSchc0
bH5RDvpx3sL+ojc/hjTkDznHdnoisuWny97yCn2o4zTC4wVEnclAz0er9pPrAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUrvcrveFMm3DBHjmtfyRq0YSCUP8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTM3Njgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAC11/kD
BAC/YB4wDQYJKoZIhvcNAQELBQADggEBABpUA5Yb4P+Au3BgdQ7RT00vxAmXmW2c
pE0Cm0/zKbmiSVy6fksuIEYSknLbo/iwB998tC0UU7K/ssai31c2hr7DLlvFfzBj
vemU6iwLPnRe1CdTBZ7HRyeV69P5c6shkp7r8PH67UvR/98Ur+2dNqqyKr5gTBDd
D9Sa1lBjCiB1u2HW2ECF2zsnhutzpwLXz7jHDYfBn6tb+Jg+JQf/znkXdg5Kgu9I
4rKlpDFSV4HlwSf0V+bcodknB35DOqi/3vIvdzmVJYpb/sjD3nbolR3bOfxN9cMd
dgMcUQfBCnUoEALbkWx2pPIIWSKNTRerNzuBYJrbxR2ql8LPUb7Fivw=
-----END CERTIFICATE-----