Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS17819.roa
File:                     AS17819.roa (raw, json)
Hash identifier:          i7TrI3BkwX4uzpFnLRd4wxmxpU3T2wg9sCkGvvB0+1M=
Subject key identifier:   94:8E:5E:33:FD:48:AE:17:7C:6E:DD:D9:95:A2:49:4F:5C:25:DD:B8
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       56F6847A4C02FB13558E53FD21F8DEEB35C2EB24
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS17819.roa
Signing time:             Wed 01 Jan 2025 08:53:50 +0000
ROA not before:           Wed 01 Jan 2025 08:48:50 +0000
ROA not after:            Wed 31 Dec 2025 08:53:50 +0000
asID:                     17819
IP address blocks:        45.95.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:f6:84:7a:4c:02:fb:13:55:8e:53:fd:21:f8:de:eb:35:c2:eb:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan  1 08:48:50 2025 GMT
            Not After : Dec 31 08:53:50 2025 GMT
        Subject: CN=948E5E33FD48AE177C6EDDD995A2494F5C25DDB8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:1f:24:00:32:dd:90:4c:cd:1a:e5:8c:1d:dd:
                    db:2c:c1:ea:43:06:b7:23:72:17:a7:71:2e:ce:80:
                    f2:0e:d4:51:30:f9:df:65:a3:8a:4e:c0:7d:03:c5:
                    f5:ed:8c:a8:a4:e4:61:13:cf:6e:d2:70:57:41:cd:
                    39:ca:ca:6a:d0:be:ab:a8:8b:c3:40:d5:bf:3b:15:
                    ac:0d:00:11:c5:a4:52:d3:63:40:59:61:e4:11:9e:
                    10:94:32:3e:46:be:55:0d:e7:d7:f7:a5:e8:c1:1a:
                    c2:ee:81:26:05:83:2c:f6:96:87:6f:1e:37:1e:06:
                    ac:3f:34:4e:1f:2d:e9:3f:b8:7a:d2:28:06:a6:b3:
                    ce:0d:24:ca:85:c8:8b:e1:25:a5:33:24:9b:9f:90:
                    13:ee:31:a8:64:d1:4b:be:84:da:fa:7a:a6:29:66:
                    88:f8:3e:36:9f:a0:26:73:59:f6:5e:7c:39:93:72:
                    c7:1b:79:ab:c8:ef:d1:82:96:6e:9e:f6:c3:6c:32:
                    de:58:38:ba:e6:80:46:86:5d:9b:3a:d7:aa:53:3c:
                    3f:46:71:67:65:4d:31:53:35:4f:e1:38:ef:3f:35:
                    e2:0a:73:4c:6e:aa:10:68:15:b1:47:5d:d9:ab:83:
                    11:0a:f5:62:05:6f:24:3e:c9:9c:66:e3:2c:42:d2:
                    f3:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:8E:5E:33:FD:48:AE:17:7C:6E:DD:D9:95:A2:49:4F:5C:25:DD:B8
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS17819.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:8b:7f:c8:0d:bf:fa:7a:ef:28:8e:9f:e1:e6:bb:5f:7a:b6:
         61:88:24:ba:4a:50:2c:ed:0b:2e:81:20:4e:fd:19:35:31:e2:
         be:2d:22:b3:6b:02:6b:8e:da:3e:f5:33:37:54:c5:1c:30:c4:
         43:db:2b:dc:64:04:09:aa:ab:a9:35:d3:ea:85:ee:b8:ef:7e:
         82:d1:5e:ff:6e:6f:2b:73:34:92:83:2a:98:5c:86:64:df:7d:
         31:f9:e6:28:54:a7:9f:34:03:0f:8e:d2:0e:76:a7:bd:68:21:
         5d:c3:9e:da:0e:9c:7d:19:1a:59:4b:8c:3e:df:0e:dc:87:90:
         93:64:82:a4:93:9d:71:11:31:92:29:ef:2d:ee:cd:0f:56:ee:
         c1:25:6a:b5:dc:2c:eb:25:c7:bc:3d:f3:e6:6a:88:6c:fb:b0:
         72:81:8f:04:ee:7f:2a:1c:9c:32:a7:ec:b5:69:60:3c:0b:3b:
         9d:5a:79:5f:af:32:b4:90:5e:97:e9:00:aa:cc:e6:29:6f:29:
         ad:a4:f5:16:79:03:7b:3d:50:ee:59:49:e6:ac:7a:54:58:ef:
         08:b6:03:61:98:fe:7e:79:cf:ff:7c:9b:61:e6:1d:aa:ff:5f:
         88:1b:af:fa:24:ad:6c:b6:9b:fb:84:f7:69:f3:5e:52:a1:16:
         bc:8f:58:7c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUVvaEekwC+xNVjlP9Ifje6zXC6yQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAxMDEwODQ4NTBaFw0yNTEyMzEwODUzNTBaMDMxMTAvBgNV
BAMTKDk0OEU1RTMzRkQ0OEFFMTc3QzZFREREOTk1QTI0OTRGNUMyNUREQjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7HyQAMt2QTM0a5Ywd3dsswepD
BrcjchencS7OgPIO1FEw+d9lo4pOwH0DxfXtjKik5GETz27ScFdBzTnKymrQvquo
i8NA1b87FawNABHFpFLTY0BZYeQRnhCUMj5GvlUN59f3pejBGsLugSYFgyz2lodv
HjceBqw/NE4fLek/uHrSKAams84NJMqFyIvhJaUzJJufkBPuMahk0Uu+hNr6eqYp
Zoj4PjafoCZzWfZefDmTcscbeavI79GClm6e9sNsMt5YOLrmgEaGXZs616pTPD9G
cWdlTTFTNU/hOO8/NeIKc0xuqhBoFbFHXdmrgxEK9WIFbyQ+yZxm4yxC0vOpAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUlI5eM/1Irhd8bt3ZlaJJT1wl3bgwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTc4MTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtXyQw
DQYJKoZIhvcNAQELBQADggEBALeLf8gNv/p67yiOn+Hmu196tmGIJLpKUCztCy6B
IE79GTUx4r4tIrNrAmuO2j71MzdUxRwwxEPbK9xkBAmqq6k10+qF7rjvfoLRXv9u
bytzNJKDKphchmTffTH55ihUp580Aw+O0g52p71oIV3DntoOnH0ZGllLjD7fDtyH
kJNkgqSTnXERMZIp7y3uzQ9W7sElarXcLOslx7w98+ZqiGz7sHKBjwTufyocnDKn
7LVpYDwLO51aeV+vMrSQXpfpAKrM5ilvKa2k9RZ5A3s9UO5ZSeaselRY7wi2A2GY
/n55z/98m2HmHar/X4gbr/okrWy2m/uE92nzXlKhFryPWHw=
-----END CERTIFICATE-----