Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS17819.roa
File:                     AS17819.roa (raw, json)
Hash identifier:          Os0oNE7P4ZMaBLZfggbe00RONbwykp/eLymIyHwkvPs=
Subject key identifier:   36:57:EE:D0:20:84:3C:5E:AC:00:9F:D1:F4:AA:FE:27:8E:BB:46:04
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       52D7AA6FB6E669BBA00DD69BA5A79EF2CE4B7CB5
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS17819.roa
Signing time:             Wed 31 Jan 2024 08:05:09 +0000
ROA not before:           Wed 31 Jan 2024 08:00:09 +0000
ROA not after:            Wed 29 Jan 2025 08:05:09 +0000
asID:                     17819
IP address blocks:        45.95.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:d7:aa:6f:b6:e6:69:bb:a0:0d:d6:9b:a5:a7:9e:f2:ce:4b:7c:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:09 2024 GMT
            Not After : Jan 29 08:05:09 2025 GMT
        Subject: CN=3657EED020843C5EAC009FD1F4AAFE278EBB4604
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:f0:40:4b:df:98:12:74:52:96:20:40:bc:a2:
                    9e:5a:1f:cb:9b:e7:c8:d0:d5:3f:fb:4f:5f:3f:fc:
                    47:58:83:61:d0:60:8f:19:df:4d:ff:07:e3:20:4f:
                    65:d0:a2:2f:60:48:97:b5:23:7c:e9:f7:60:03:77:
                    6d:eb:60:d8:ac:be:6c:21:6f:1f:f5:9c:de:ce:e5:
                    56:99:90:9d:5e:70:48:7a:d2:c0:80:95:07:dc:b4:
                    51:19:99:c4:e0:2c:6a:18:6d:ba:57:31:d0:99:c0:
                    b3:43:39:5f:b4:d5:35:66:7f:91:09:42:1c:64:35:
                    b2:6d:1e:43:7b:86:69:5f:03:9d:07:39:e6:96:32:
                    e5:76:2c:bf:34:ae:8f:87:a2:59:01:8b:23:60:f0:
                    6b:82:86:59:68:38:87:c3:c0:21:da:80:d3:d5:f6:
                    81:85:69:b3:8d:b7:59:a2:f5:36:1c:5a:fa:1d:2c:
                    b2:95:84:b6:2f:52:b0:34:e6:41:7d:cf:3e:f7:96:
                    b5:50:f8:55:20:1c:e7:4b:03:d4:5b:58:2c:3b:e5:
                    4e:f3:22:bd:1e:57:14:33:ba:62:0f:3f:8c:a4:23:
                    38:2c:72:2d:71:d3:bf:f7:d4:0e:c4:02:a0:5c:37:
                    bc:31:93:d0:80:25:91:20:8f:f1:f5:f1:f1:b0:af:
                    03:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:57:EE:D0:20:84:3C:5E:AC:00:9F:D1:F4:AA:FE:27:8E:BB:46:04
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS17819.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:a3:14:d4:fb:b2:36:43:9e:1e:5c:82:da:33:ce:2d:b0:37:
         0c:89:49:99:ad:a9:76:bd:5a:8b:ab:b5:92:b7:32:e1:8b:7c:
         27:98:b1:ec:de:71:73:fb:d8:0b:2c:3a:59:66:51:e2:a7:70:
         bf:92:d8:d0:3c:39:5a:fd:f1:d4:ed:ec:b1:97:1c:14:08:fa:
         d7:d5:49:dc:19:08:fe:28:f0:17:c3:3e:ca:bf:f5:36:8a:4f:
         9d:64:95:a1:61:e5:eb:54:a9:02:aa:1a:2c:05:7e:11:1c:b1:
         9b:26:42:d2:a7:10:43:d3:8e:b0:1e:1c:98:9f:58:9d:68:b7:
         4f:80:fa:c4:d2:60:7e:51:2c:40:6e:08:7b:8c:03:7f:a9:66:
         b8:5a:d3:3d:f0:b2:98:fa:03:d7:2e:f2:c1:2a:ad:4f:e4:3c:
         f3:1a:fc:32:2a:d6:45:54:e2:23:37:af:b2:7a:b9:e1:3e:cd:
         e5:f6:5b:a5:fb:00:ce:08:4b:55:a9:17:c3:0b:7f:d0:ff:90:
         c5:43:c9:cc:41:54:32:a9:09:7d:01:3a:f1:de:3c:01:31:11:
         7d:d8:09:6b:ee:27:95:a8:e7:05:d9:3e:2d:0f:19:b5:ca:f2:
         15:e0:5f:4f:1f:2a:cc:9f:b8:08:f5:f4:87:74:94:6a:73:0c:
         19:fe:a5:82
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUUteqb7bmabugDdabpaee8s5LfLUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMDlaFw0yNTAxMjkwODA1MDlaMDMxMTAvBgNV
BAMTKDM2NTdFRUQwMjA4NDNDNUVBQzAwOUZEMUY0QUFGRTI3OEVCQjQ2MDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx8EBL35gSdFKWIEC8op5aH8ub
58jQ1T/7T18//EdYg2HQYI8Z303/B+MgT2XQoi9gSJe1I3zp92ADd23rYNisvmwh
bx/1nN7O5VaZkJ1ecEh60sCAlQfctFEZmcTgLGoYbbpXMdCZwLNDOV+01TVmf5EJ
QhxkNbJtHkN7hmlfA50HOeaWMuV2LL80ro+HolkBiyNg8GuChlloOIfDwCHagNPV
9oGFabONt1mi9TYcWvodLLKVhLYvUrA05kF9zz73lrVQ+FUgHOdLA9RbWCw75U7z
Ir0eVxQzumIPP4ykIzgsci1x07/31A7EAqBcN7wxk9CAJZEgj/H18fGwrwMRAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUNlfu0CCEPF6sAJ/R9Kr+J467RgQwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTc4MTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtXyQw
DQYJKoZIhvcNAQELBQADggEBALGjFNT7sjZDnh5cgtozzi2wNwyJSZmtqXa9Wour
tZK3MuGLfCeYsezecXP72AssOllmUeKncL+S2NA8OVr98dTt7LGXHBQI+tfVSdwZ
CP4o8BfDPsq/9TaKT51klaFh5etUqQKqGiwFfhEcsZsmQtKnEEPTjrAeHJifWJ1o
t0+A+sTSYH5RLEBuCHuMA3+pZrha0z3wspj6A9cu8sEqrU/kPPMa/DIq1kVU4iM3
r7J6ueE+zeX2W6X7AM4IS1WpF8MLf9D/kMVDycxBVDKpCX0BOvHePAExEX3YCWvu
J5Wo5wXZPi0PGbXK8hXgX08fKsyfuAj19Id0lGpzDBn+pYI=
-----END CERTIFICATE-----