Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS18796.roa
File:                     AS18796.roa (raw, json)
Hash identifier:          FeUZz0/eaEuJ0FB1xNxIZ++kWNZiYp9azgYfl2OnaJo=
Subject key identifier:   A0:40:29:29:12:B2:2B:5B:DB:B4:6F:03:4A:66:F9:92:B1:E3:E2:56
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1E21B73625B9E681ECB42953B1EA0C6B4C1AB942
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS18796.roa
Signing time:             Thu 11 Jan 2024 23:42:43 +0000
ROA not before:           Thu 11 Jan 2024 23:37:43 +0000
ROA not after:            Thu 09 Jan 2025 23:42:43 +0000
asID:                     18796
IP address blocks:        179.61.181.0/24 maxlen: 24
                          193.31.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:21:b7:36:25:b9:e6:81:ec:b4:29:53:b1:ea:0c:6b:4c:1a:b9:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 11 23:37:43 2024 GMT
            Not After : Jan  9 23:42:43 2025 GMT
        Subject: CN=A040292912B22B5BDBB46F034A66F992B1E3E256
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:97:05:aa:ac:24:f6:07:99:6f:04:79:28:19:
                    18:92:1e:bc:0c:f2:bf:84:fb:df:bf:5e:df:29:43:
                    fc:07:31:70:1e:e9:4f:de:23:cb:46:69:e2:6d:a0:
                    25:f8:63:c4:76:13:95:2c:9c:a9:8d:38:ea:38:b9:
                    b6:51:57:bf:a4:3d:7b:9e:0a:a3:a4:13:a0:78:0b:
                    bc:d8:f1:f3:c6:3d:ee:e9:c1:e4:71:e3:7b:44:79:
                    15:0e:30:5d:a5:51:fb:94:fc:f9:a1:09:91:6c:54:
                    97:1f:d8:68:9a:83:39:b2:c3:d3:2e:8b:3b:74:5f:
                    39:16:f9:15:21:33:4c:dd:e2:b6:83:ff:ef:e0:ab:
                    2e:dd:bf:69:32:1c:99:11:ff:5a:81:99:0e:44:c8:
                    a7:f6:e8:29:a7:10:7b:c2:c4:f4:45:c2:2c:db:1d:
                    2d:e0:35:86:c6:d5:25:a7:dc:e5:b8:ba:03:4f:74:
                    00:df:75:64:d4:ac:c6:e8:c7:16:73:59:a8:7d:81:
                    ab:e8:68:5d:df:59:b3:cf:f2:29:72:e7:da:5b:83:
                    ba:a3:04:b6:2a:e6:37:f5:f6:bf:07:97:0c:e8:71:
                    d8:65:5b:1e:f3:5b:e8:72:95:b4:8e:b5:1f:4a:f1:
                    95:1f:0b:ed:1f:52:62:5b:fc:2b:01:24:0d:d2:3f:
                    64:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:40:29:29:12:B2:2B:5B:DB:B4:6F:03:4A:66:F9:92:B1:E3:E2:56
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS18796.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.181.0/24
                  193.31.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:69:49:40:da:de:cf:a4:80:4c:20:d4:cc:75:9a:93:9b:5c:
         6f:b2:11:ef:1d:e4:73:b9:4d:7a:80:c3:61:5b:0b:60:99:e2:
         e4:d3:6d:b7:e0:74:1d:cd:84:92:44:ea:05:c8:fb:88:06:e1:
         3a:66:ee:be:cc:c0:cf:56:dd:21:67:9a:87:cf:8c:85:b8:df:
         cd:9e:98:68:9b:1b:a8:3a:3a:ae:e7:ae:dd:95:4e:0f:8c:a9:
         f7:90:81:b8:61:6a:6e:34:91:d7:70:51:c8:8e:e9:60:0d:ed:
         0d:ab:58:a9:d0:1d:f4:1c:59:09:f3:26:ff:1b:d8:8d:9b:a5:
         27:95:59:34:60:1d:ec:a4:35:f3:fd:24:fe:48:58:11:31:7a:
         e7:62:b7:62:ba:a1:be:7d:cc:5b:2a:0f:4d:a5:77:84:1c:0d:
         37:a9:ae:3a:a7:73:c5:80:f7:89:52:4b:ef:77:e7:99:d6:c0:
         45:aa:dd:5b:da:c7:86:fa:ec:d3:73:34:29:71:81:91:00:a1:
         7c:b5:00:b6:1c:86:08:ef:48:d3:03:c4:51:38:1d:7b:4a:ae:
         f1:b5:01:8b:00:2b:c1:31:5a:c8:12:5e:0e:4f:d8:c5:60:57:
         44:e6:28:26:64:da:04:e9:25:f0:ec:98:32:e7:90:4b:7e:44:
         f0:c9:e4:5b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUHiG3NiW55oHstClTseoMa0wauUIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMTEyMzM3NDNaFw0yNTAxMDkyMzQyNDNaMDMxMTAvBgNV
BAMTKEEwNDAyOTI5MTJCMjJCNUJEQkI0NkYwMzRBNjZGOTkyQjFFM0UyNTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJlwWqrCT2B5lvBHkoGRiSHrwM
8r+E+9+/Xt8pQ/wHMXAe6U/eI8tGaeJtoCX4Y8R2E5UsnKmNOOo4ubZRV7+kPXue
CqOkE6B4C7zY8fPGPe7pweRx43tEeRUOMF2lUfuU/PmhCZFsVJcf2Giagzmyw9Mu
izt0XzkW+RUhM0zd4raD/+/gqy7dv2kyHJkR/1qBmQ5EyKf26CmnEHvCxPRFwizb
HS3gNYbG1SWn3OW4ugNPdADfdWTUrMboxxZzWah9gavoaF3fWbPP8ily59pbg7qj
BLYq5jf19r8HlwzocdhlWx7zW+hylbSOtR9K8ZUfC+0fUmJb/CsBJA3SP2TlAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUoEApKRKyK1vbtG8DSmb5krHj4lYwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTg3OTYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACzPbUD
BADBHyswDQYJKoZIhvcNAQELBQADggEBAGppSUDa3s+kgEwg1Mx1mpObXG+yEe8d
5HO5TXqAw2FbC2CZ4uTTbbfgdB3NhJJE6gXI+4gG4Tpm7r7MwM9W3SFnmofPjIW4
382emGibG6g6Oq7nrt2VTg+MqfeQgbhham40kddwUciO6WAN7Q2rWKnQHfQcWQnz
Jv8b2I2bpSeVWTRgHeykNfP9JP5IWBExeudit2K6ob59zFsqD02ld4QcDTeprjqn
c8WA94lSS+9355nWwEWq3Vvax4b67NNzNClxgZEAoXy1ALYchgjvSNMDxFE4HXtK
rvG1AYsAK8ExWsgSXg5P2MVgV0TmKCZk2gTpJfDsmDLnkEt+RPDJ5Fs=
-----END CERTIFICATE-----