Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS142146.roa
File:                     AS142146.roa (raw, json)
Hash identifier:          an/dkLtlzoVzZQRiiM5/a3Y72inSxlRxq/CdxPbe9mo=
Subject key identifier:   4D:97:1C:16:6C:7D:3A:F0:4A:C5:44:68:12:44:5C:39:BA:CD:49:07
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       27ACCD9ED74A5D257ED1CBBFD79F77240E577444
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS142146.roa
Signing time:             Mon 19 Aug 2024 00:01:59 +0000
ROA not before:           Sun 18 Aug 2024 23:56:59 +0000
ROA not after:            Mon 18 Aug 2025 00:01:59 +0000
asID:                     142146
IP address blocks:        179.61.176.0/24 maxlen: 24
                          191.101.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:ac:cd:9e:d7:4a:5d:25:7e:d1:cb:bf:d7:9f:77:24:0e:57:74:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug 18 23:56:59 2024 GMT
            Not After : Aug 18 00:01:59 2025 GMT
        Subject: CN=4D971C166C7D3AF04AC5446812445C39BACD4907
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:5b:53:02:3c:ab:89:e9:55:ee:d3:52:23:65:
                    ec:ba:55:8c:d4:97:73:9c:54:b3:5e:c3:06:5b:f3:
                    03:65:10:5d:b0:9d:8f:66:42:b5:c1:35:0a:4c:6e:
                    3c:b6:c2:e8:2b:96:4c:f1:b6:e4:bc:93:5a:8c:61:
                    f8:70:47:4f:a8:25:61:9a:5b:46:d7:10:5d:13:34:
                    fa:48:e3:9a:0d:14:6d:55:b1:9a:79:3b:d5:1f:34:
                    d6:3a:98:01:2e:ae:f4:e3:07:a4:3d:00:b6:ed:91:
                    93:65:fd:f9:a3:ed:31:2f:99:bd:f5:e5:3f:62:fe:
                    21:8b:33:9a:2e:35:14:d6:ba:34:f9:8a:10:a7:fe:
                    f6:f9:13:65:21:bd:9b:b8:27:18:ec:da:b4:5a:a4:
                    d9:d1:95:79:bf:2b:b5:6f:f2:31:ce:f2:6a:15:59:
                    e6:f6:55:9a:9f:15:ed:40:58:8c:19:8a:a5:89:0a:
                    2a:79:e6:da:c9:41:da:c4:11:9b:7a:5f:e7:ea:54:
                    b7:d7:45:d9:2e:4b:6b:f5:2b:a9:f2:87:87:dc:26:
                    72:bb:7f:3f:77:cd:49:4f:db:74:f8:f9:47:9f:0c:
                    c7:48:4c:3d:cf:ee:20:45:5b:5d:36:e0:b5:33:f1:
                    ca:1f:b2:49:04:ad:f4:2e:04:9c:c1:b8:9b:13:39:
                    ad:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:97:1C:16:6C:7D:3A:F0:4A:C5:44:68:12:44:5C:39:BA:CD:49:07
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS142146.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.176.0/24
                  191.101.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:4b:c2:8c:93:42:eb:90:d4:23:4c:a3:fd:05:31:05:78:32:
         3d:bf:de:83:0b:53:94:af:34:0c:b4:ce:a7:e7:72:e0:a7:7a:
         f8:6e:43:7c:ee:f3:8e:7f:f0:49:b1:5c:18:e0:24:bb:64:3d:
         01:71:f0:e5:16:9f:a0:9c:a9:9a:24:9e:57:00:c8:50:d0:d1:
         47:3a:ab:22:cc:e2:2f:4f:b2:a4:df:6d:e4:e2:bb:ff:12:bb:
         fc:94:a3:92:60:2d:a7:0c:8b:2c:5c:85:82:77:10:db:f0:42:
         91:de:90:52:c6:79:96:e8:f4:65:84:4a:2f:9a:f5:23:2c:4d:
         f7:fa:2b:52:6e:a0:3b:3c:e9:7a:f0:d1:10:0a:8f:f2:ed:a2:
         d0:4d:11:88:8f:e8:42:c7:c3:41:bc:3e:6b:f0:61:b7:8d:b6:
         88:63:f8:37:55:92:df:2b:c2:15:ec:b6:02:a1:ca:da:2c:c3:
         6d:0d:28:4a:40:57:b0:e2:8a:36:23:eb:a3:fa:ac:77:b4:6d:
         cf:2f:6d:ac:0e:26:bb:12:ee:ab:ad:b1:00:b9:c3:44:be:7c:
         c7:e8:12:b1:73:2b:ff:96:76:87:db:22:d1:db:d3:f2:02:97:
         8e:30:44:97:f8:91:9e:28:ad:33:49:09:9e:d7:16:26:52:8e:
         71:1f:59:76
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUJ6zNntdKXSV+0cu/1593JA5XdEQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA4MTgyMzU2NTlaFw0yNTA4MTgwMDAxNTlaMDMxMTAvBgNV
BAMTKDREOTcxQzE2NkM3RDNBRjA0QUM1NDQ2ODEyNDQ1QzM5QkFDRDQ5MDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUW1MCPKuJ6VXu01IjZey6VYzU
l3OcVLNewwZb8wNlEF2wnY9mQrXBNQpMbjy2wugrlkzxtuS8k1qMYfhwR0+oJWGa
W0bXEF0TNPpI45oNFG1VsZp5O9UfNNY6mAEurvTjB6Q9ALbtkZNl/fmj7TEvmb31
5T9i/iGLM5ouNRTWujT5ihCn/vb5E2UhvZu4Jxjs2rRapNnRlXm/K7Vv8jHO8moV
Web2VZqfFe1AWIwZiqWJCip55trJQdrEEZt6X+fqVLfXRdkuS2v1K6nyh4fcJnK7
fz93zUlP23T4+UefDMdITD3P7iBFW1024LUz8cofskkErfQuBJzBuJsTOa0xAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUTZccFmx9OvBKxURoEkRcObrNSQcwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTQyMTQ2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsz2w
AwQAv2V+MA0GCSqGSIb3DQEBCwUAA4IBAQBMS8KMk0LrkNQjTKP9BTEFeDI9v96D
C1OUrzQMtM6n53Lgp3r4bkN87vOOf/BJsVwY4CS7ZD0BcfDlFp+gnKmaJJ5XAMhQ
0NFHOqsizOIvT7Kk323k4rv/Erv8lKOSYC2nDIssXIWCdxDb8EKR3pBSxnmW6PRl
hEovmvUjLE33+itSbqA7POl68NEQCo/y7aLQTRGIj+hCx8NBvD5r8GG3jbaIY/g3
VZLfK8IV7LYCocraLMNtDShKQFew4oo2I+uj+qx3tG3PL22sDia7Eu6rrbEAucNE
vnzH6BKxcyv/lnaH2yLR29PyApeOMESX+JGeKK0zSQme1xYmUo5xH1l2
-----END CERTIFICATE-----