Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS15830.roa
File:                     AS15830.roa (raw, json)
Hash identifier:          1wYDQyURH2d//0fstg9J64hIrB/nAjaqOn++MYWBOgg=
Subject key identifier:   0D:05:F1:62:37:1C:11:18:60:1E:CC:B8:99:91:C9:7C:FD:3D:1D:64
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3BB2EA37478B779EFC28442E7BCB77F11E26A759
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS15830.roa
Signing time:             Wed 31 Jan 2024 08:05:12 +0000
ROA not before:           Wed 31 Jan 2024 08:00:12 +0000
ROA not after:            Wed 29 Jan 2025 08:05:12 +0000
asID:                     15830
IP address blocks:        85.209.178.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:b2:ea:37:47:8b:77:9e:fc:28:44:2e:7b:cb:77:f1:1e:26:a7:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:12 2024 GMT
            Not After : Jan 29 08:05:12 2025 GMT
        Subject: CN=0D05F162371C1118601ECCB89991C97CFD3D1D64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:92:9b:12:ad:51:3c:ee:45:2b:d6:b8:64:0b:
                    d6:1c:d4:5a:8c:8e:67:7c:ef:ec:59:22:80:ac:b1:
                    d1:c7:0c:a5:63:c7:83:54:43:d2:07:2e:44:30:86:
                    6a:6a:2e:72:68:bd:80:4d:ac:c3:d4:5c:0f:82:a9:
                    3a:e8:cb:b0:7e:71:a0:29:c9:89:82:5c:4b:38:c6:
                    ea:7d:78:7d:5e:bc:6e:83:66:18:6f:f2:c4:eb:0a:
                    81:e3:ae:f7:8b:54:7c:f1:2b:19:43:ac:9f:f6:95:
                    01:e6:eb:e7:b3:72:d7:b8:40:c0:55:a5:a1:81:54:
                    4f:ec:3b:79:d3:21:97:c0:61:99:a6:43:ca:1c:3b:
                    58:6c:6a:1e:74:54:7f:08:24:29:e3:58:26:69:12:
                    d4:fc:3f:d7:76:8b:d8:bc:da:a2:c2:71:5c:1a:86:
                    a3:6d:18:ef:f4:71:12:39:2a:21:e1:f0:46:df:2e:
                    f6:69:20:00:49:c3:43:53:41:4d:4e:f5:bd:81:88:
                    b7:7e:28:93:93:e9:19:d1:e4:6c:2b:35:d7:fc:a6:
                    49:1c:b0:0c:20:b3:be:4c:e6:cf:35:81:7c:12:02:
                    93:f4:2f:50:ae:85:71:e9:e1:9d:11:30:33:b8:5c:
                    37:53:68:7d:b0:c1:3f:d9:9a:92:0e:90:0a:b6:0a:
                    83:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:05:F1:62:37:1C:11:18:60:1E:CC:B8:99:91:C9:7C:FD:3D:1D:64
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS15830.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:ca:b7:ed:c8:d9:a1:93:d2:8b:c6:ac:eb:41:df:d2:53:eb:
         bb:cf:b1:d2:62:06:2c:0a:50:9e:08:ce:ad:65:93:f9:0b:0e:
         40:cc:01:71:4b:7f:b5:a2:8d:83:ec:71:31:59:bf:9c:db:77:
         97:75:a4:59:09:55:02:ef:7d:d8:0c:52:91:29:d8:65:a7:19:
         cf:98:4b:b4:9d:a3:7e:ce:08:4b:e5:12:85:84:4b:d9:a4:67:
         97:75:2c:ea:cc:1e:ba:62:47:5a:2f:7b:2e:f3:8a:67:c1:06:
         08:5d:dd:17:4a:f5:ea:2c:77:a2:b7:2f:9c:a2:0c:f9:30:d4:
         29:d3:45:b7:af:e3:54:09:90:56:69:81:2c:0a:01:c4:ab:4a:
         19:f3:bb:54:da:1f:98:f4:18:f6:22:61:fd:49:b9:56:e2:74:
         31:2c:d8:b7:1b:3f:9a:ca:4a:6d:90:e2:1b:0c:e3:ce:68:57:
         82:f2:6b:87:da:d0:a0:53:26:af:55:96:02:1d:0a:b5:da:12:
         d4:e4:03:01:52:c7:ed:07:65:f3:63:47:12:0c:f6:f0:30:f0:
         ea:f7:6a:30:8d:1b:91:01:e5:f3:9a:c0:80:ce:1c:69:62:dc:
         3e:0e:29:88:78:53:6d:b9:7d:b7:c2:ca:d1:7c:9a:98:63:cf:
         98:28:cf:78
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUO7LqN0eLd578KEQue8t38R4mp1kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMTJaFw0yNTAxMjkwODA1MTJaMDMxMTAvBgNV
BAMTKDBEMDVGMTYyMzcxQzExMTg2MDFFQ0NCODk5OTFDOTdDRkQzRDFENjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrkpsSrVE87kUr1rhkC9Yc1FqM
jmd87+xZIoCssdHHDKVjx4NUQ9IHLkQwhmpqLnJovYBNrMPUXA+CqTroy7B+caAp
yYmCXEs4xup9eH1evG6DZhhv8sTrCoHjrveLVHzxKxlDrJ/2lQHm6+ezcte4QMBV
paGBVE/sO3nTIZfAYZmmQ8ocO1hsah50VH8IJCnjWCZpEtT8P9d2i9i82qLCcVwa
hqNtGO/0cRI5KiHh8EbfLvZpIABJw0NTQU1O9b2BiLd+KJOT6RnR5GwrNdf8pkkc
sAwgs75M5s81gXwSApP0L1CuhXHp4Z0RMDO4XDdTaH2wwT/ZmpIOkAq2CoPPAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUDQXxYjccERhgHsy4mZHJfP09HWQwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTU4MzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABV0bIw
DQYJKoZIhvcNAQELBQADggEBAEvKt+3I2aGT0ovGrOtB39JT67vPsdJiBiwKUJ4I
zq1lk/kLDkDMAXFLf7WijYPscTFZv5zbd5d1pFkJVQLvfdgMUpEp2GWnGc+YS7Sd
o37OCEvlEoWES9mkZ5d1LOrMHrpiR1ovey7zimfBBghd3RdK9eosd6K3L5yiDPkw
1CnTRbev41QJkFZpgSwKAcSrShnzu1TaH5j0GPYiYf1JuVbidDEs2LcbP5rKSm2Q
4hsM485oV4Lya4fa0KBTJq9VlgIdCrXaEtTkAwFSx+0HZfNjRxIM9vAw8Or3ajCN
G5EB5fOawIDOHGli3D4OKYh4U225fbfCytF8mphjz5goz3g=
-----END CERTIFICATE-----