Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13768.roa
File:                     AS13768.roa (raw, json)
Hash identifier:          QUGXbPlpwnQz4goQFYLHj3JGt9P9o9L9+BUWs7x1OlM=
Subject key identifier:   45:39:CD:2E:4D:96:79:2E:CF:C8:9D:12:F9:C6:DD:36:B7:D5:8C:48
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6F953C722C6D294A92078120148C28B7ABA1C57D
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13768.roa
Signing time:             Wed 14 Aug 2024 11:14:40 +0000
ROA not before:           Wed 14 Aug 2024 11:09:40 +0000
ROA not after:            Wed 13 Aug 2025 11:14:40 +0000
asID:                     13768
IP address blocks:        181.215.249.0/24 maxlen: 24
                          191.96.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:95:3c:72:2c:6d:29:4a:92:07:81:20:14:8c:28:b7:ab:a1:c5:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug 14 11:09:40 2024 GMT
            Not After : Aug 13 11:14:40 2025 GMT
        Subject: CN=4539CD2E4D96792ECFC89D12F9C6DD36B7D58C48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:9a:bd:7f:2d:5a:79:26:9c:85:6c:da:14:1d:
                    e6:3b:0c:64:8a:14:5c:3a:7c:42:4c:71:ae:7d:ee:
                    3f:6c:80:3f:22:bb:0b:88:ed:13:a2:18:ad:bc:ee:
                    a3:53:61:03:8c:0c:71:d9:d0:2a:16:03:ab:98:f1:
                    a8:c2:cb:bb:c4:a0:58:4d:9a:1a:76:20:1b:03:4a:
                    ae:fa:6d:a6:c9:bd:82:25:2e:db:ed:a8:5b:23:66:
                    b4:b7:ab:53:66:14:79:50:73:0c:b2:be:dc:13:e4:
                    65:ef:8c:80:65:06:ca:de:5d:54:39:ca:da:3c:0f:
                    c5:40:72:de:29:42:1f:bc:78:4d:50:ad:6b:98:67:
                    8f:4d:d3:66:7a:6e:74:ac:9c:ce:9a:db:70:c1:87:
                    65:e3:0f:b0:e8:4c:b9:ae:d2:1c:23:4b:fd:ce:72:
                    35:75:15:cf:d7:a8:f6:45:10:0a:50:fb:7c:8a:93:
                    28:85:fb:dc:9c:4f:3e:c2:a2:80:e4:1e:84:9b:eb:
                    67:70:d7:9f:5a:d7:9d:a1:7c:4c:37:c6:23:de:9c:
                    ff:db:65:ba:52:25:f7:27:b5:8a:da:4d:d0:70:8f:
                    64:0c:dc:29:3f:39:44:d7:f1:d7:fb:75:12:da:dd:
                    7a:e0:a5:af:79:97:0d:df:35:a2:31:f7:b8:70:45:
                    7f:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:39:CD:2E:4D:96:79:2E:CF:C8:9D:12:F9:C6:DD:36:B7:D5:8C:48
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13768.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.249.0/24
                  191.96.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:41:5e:c4:e0:77:9d:47:8e:c3:1e:f9:60:af:43:65:88:e7:
         01:3d:8d:f2:11:3a:38:fb:f5:69:47:25:0c:41:c8:59:45:46:
         88:74:ff:1d:84:d6:28:82:d4:00:7c:ce:5c:80:e2:ee:b5:38:
         9a:92:af:5c:3d:77:ab:4d:56:01:6c:f7:78:ba:2f:06:02:20:
         d5:2a:22:2e:fe:d8:fd:19:bc:17:47:f3:54:6c:87:96:f0:4b:
         e2:80:c3:c9:d4:e8:44:42:5f:f3:6d:52:03:fa:3d:fd:75:9d:
         06:04:e7:88:9b:c5:d0:cb:0d:f6:79:d9:0c:35:26:f2:db:9e:
         13:ee:09:8d:db:70:66:11:29:91:1a:fe:a6:74:07:f0:68:52:
         d1:d5:15:e8:ea:89:5d:95:12:7e:38:81:37:5b:4e:c8:b9:1f:
         bf:1d:76:b1:e4:e6:d5:a9:dd:9b:93:6e:58:a8:8f:c1:6f:b2:
         f8:d2:a6:d0:94:ce:f3:30:0d:db:05:15:50:ff:56:01:2d:e1:
         e8:30:5a:26:7c:ca:5a:3b:c9:1a:33:fe:29:f5:db:55:1c:ee:
         68:c1:8c:b4:5a:a3:cf:72:ed:62:0b:d4:86:b9:01:a2:0a:cb:
         0d:9f:21:a8:cf:14:05:fd:4d:6b:47:8d:39:00:fe:e9:58:65:
         9c:26:3b:b2
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUb5U8cixtKUqSB4EgFIwot6uhxX0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA4MTQxMTA5NDBaFw0yNTA4MTMxMTE0NDBaMDMxMTAvBgNV
BAMTKDQ1MzlDRDJFNEQ5Njc5MkVDRkM4OUQxMkY5QzZERDM2QjdENThDNDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWmr1/LVp5JpyFbNoUHeY7DGSK
FFw6fEJMca597j9sgD8iuwuI7ROiGK287qNTYQOMDHHZ0CoWA6uY8ajCy7vEoFhN
mhp2IBsDSq76babJvYIlLtvtqFsjZrS3q1NmFHlQcwyyvtwT5GXvjIBlBsreXVQ5
yto8D8VAct4pQh+8eE1QrWuYZ49N02Z6bnSsnM6a23DBh2XjD7DoTLmu0hwjS/3O
cjV1Fc/XqPZFEApQ+3yKkyiF+9ycTz7CooDkHoSb62dw159a152hfEw3xiPenP/b
ZbpSJfcntYraTdBwj2QM3Ck/OUTX8df7dRLa3Xrgpa95lw3fNaIx97hwRX97AgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQURTnNLk2WeS7PyJ0S+cbdNrfVjEgwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTM3Njgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAC11/kD
BAC/YB4wDQYJKoZIhvcNAQELBQADggEBAB9BXsTgd51HjsMe+WCvQ2WI5wE9jfIR
Ojj79WlHJQxByFlFRoh0/x2E1iiC1AB8zlyA4u61OJqSr1w9d6tNVgFs93i6LwYC
INUqIi7+2P0ZvBdH81Rsh5bwS+KAw8nU6ERCX/NtUgP6Pf11nQYE54ibxdDLDfZ5
2Qw1JvLbnhPuCY3bcGYRKZEa/qZ0B/BoUtHVFejqiV2VEn44gTdbTsi5H78ddrHk
5tWp3ZuTblioj8FvsvjSptCUzvMwDdsFFVD/VgEt4egwWiZ8ylo7yRoz/in121Uc
7mjBjLRao89y7WIL1Ia5AaIKyw2fIajPFAX9TWtHjTkA/ulYZZwmO7I=
-----END CERTIFICATE-----