Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS206092.roa
File:                     AS206092.roa (raw, json)
Hash identifier:          8LrzeM333K3CifreUbzkRL5zhUkHtx+dyCgk7ZeuHUc=
Subject key identifier:   01:09:D1:F6:FD:8E:7F:52:A4:A3:F8:91:A5:F9:55:42:BC:FA:E8:6C
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5A6F9756E8D62CC8DD6032EB259A1C5141BCDB5C
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS206092.roa
Signing time:             Thu 01 Aug 2024 00:00:35 +0000
ROA not before:           Wed 31 Jul 2024 23:55:35 +0000
ROA not after:            Thu 31 Jul 2025 00:00:35 +0000
asID:                     206092
IP address blocks:        45.133.176.0/24 maxlen: 24
                          45.137.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:6f:97:56:e8:d6:2c:c8:dd:60:32:eb:25:9a:1c:51:41:bc:db:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul 31 23:55:35 2024 GMT
            Not After : Jul 31 00:00:35 2025 GMT
        Subject: CN=0109D1F6FD8E7F52A4A3F891A5F95542BCFAE86C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:37:88:a6:d9:2d:b6:c6:6c:e1:6b:82:79:57:
                    b0:a2:6b:f4:4f:81:22:d1:4b:8c:06:f1:48:6b:7c:
                    b4:7d:5b:45:14:b1:47:49:96:66:e2:d2:f6:21:6e:
                    15:c2:2e:98:60:ff:e9:18:b3:1c:41:29:dc:13:26:
                    c3:46:64:cc:7c:be:54:ef:9c:c6:37:a6:1c:b2:84:
                    90:37:6f:e3:e4:d3:f5:75:43:67:28:d2:f8:84:a4:
                    ae:45:52:0d:d1:66:d6:1c:36:eb:36:00:be:3d:4f:
                    c9:aa:bb:6b:a9:e9:17:ba:06:6f:b6:12:c2:19:36:
                    a3:63:ea:82:68:3e:80:d1:76:5f:53:0c:12:07:8e:
                    2a:1b:ca:26:12:ab:05:9a:67:9f:65:2e:d9:09:f0:
                    61:d7:46:36:01:79:e8:ad:12:91:57:85:5c:cf:bc:
                    e3:8e:5e:31:09:93:8d:5c:52:2b:f4:de:fb:59:2f:
                    2f:73:0a:c5:d0:de:c2:de:78:6b:8b:da:66:ce:bd:
                    8c:ad:cc:b2:60:ed:af:95:f9:79:2c:18:8b:b9:d9:
                    57:83:b6:84:91:ba:89:1a:fd:4a:bc:0c:02:d2:e0:
                    db:2d:21:38:50:00:15:5c:02:04:06:d0:14:56:7e:
                    de:f1:71:a7:81:cf:25:e2:ff:48:fa:3c:f2:46:58:
                    2e:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:09:D1:F6:FD:8E:7F:52:A4:A3:F8:91:A5:F9:55:42:BC:FA:E8:6C
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS206092.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.176.0/24
                  45.137.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:3f:84:ed:49:83:3c:0c:de:19:aa:7b:da:7c:db:73:fa:6d:
         29:c3:a1:48:03:85:14:4c:0c:9e:0e:54:c1:20:2c:d0:b6:ad:
         83:bd:f6:ab:95:83:05:c7:f9:4a:fe:44:ce:d1:ff:75:a5:e4:
         68:aa:d4:50:31:0f:cf:68:5c:fb:a3:a2:f0:13:e6:2b:b9:0d:
         68:3e:06:20:f9:58:bb:7e:8d:fc:7e:17:2f:b9:c9:29:d7:b0:
         a4:cd:45:5f:c8:92:87:60:3b:ba:5c:1c:86:21:e0:de:04:24:
         ca:2f:d5:ed:6e:61:ea:7a:e8:eb:5d:75:b0:12:93:7e:e4:fe:
         97:fa:c7:fd:0a:58:dd:0c:82:66:ef:2b:3d:70:ad:e9:3d:6b:
         1c:b7:6b:2d:23:e8:8e:1f:c6:a0:d4:a6:d7:16:a1:3c:81:0c:
         6d:60:ad:d8:a4:59:91:9a:79:09:0c:70:7d:b5:b7:ed:49:82:
         8d:bd:27:76:36:e6:2d:9f:83:0f:e9:91:63:7a:02:2a:bc:82:
         e3:3e:7b:91:6d:61:93:1c:78:70:fc:0f:ab:d1:63:f0:ef:d0:
         31:6b:09:6b:79:5e:03:bd:41:aa:dc:c1:fd:ba:e5:8f:9c:b0:
         3f:2c:74:6e:d6:cd:26:f0:6b:3d:58:2c:7f:bf:3c:c2:4d:2c:
         5f:10:45:c9
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUWm+XVujWLMjdYDLrJZocUUG821wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA3MzEyMzU1MzVaFw0yNTA3MzEwMDAwMzVaMDMxMTAvBgNV
BAMTKDAxMDlEMUY2RkQ4RTdGNTJBNEEzRjg5MUE1Rjk1NTQyQkNGQUU4NkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8N4im2S22xmzha4J5V7Cia/RP
gSLRS4wG8UhrfLR9W0UUsUdJlmbi0vYhbhXCLphg/+kYsxxBKdwTJsNGZMx8vlTv
nMY3phyyhJA3b+Pk0/V1Q2co0viEpK5FUg3RZtYcNus2AL49T8mqu2up6Re6Bm+2
EsIZNqNj6oJoPoDRdl9TDBIHjiobyiYSqwWaZ59lLtkJ8GHXRjYBeeitEpFXhVzP
vOOOXjEJk41cUiv03vtZLy9zCsXQ3sLeeGuL2mbOvYytzLJg7a+V+XksGIu52VeD
toSRuoka/Uq8DALS4NstIThQABVcAgQG0BRWft7xcaeBzyXi/0j6PPJGWC5BAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUAQnR9v2Of1Kko/iRpflVQrz66GwwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA2MDkyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYWw
AwQALYl8MA0GCSqGSIb3DQEBCwUAA4IBAQBHP4TtSYM8DN4ZqnvafNtz+m0pw6FI
A4UUTAyeDlTBICzQtq2DvfarlYMFx/lK/kTO0f91peRoqtRQMQ/PaFz7o6LwE+Yr
uQ1oPgYg+Vi7fo38fhcvuckp17CkzUVfyJKHYDu6XByGIeDeBCTKL9XtbmHqeujr
XXWwEpN+5P6X+sf9CljdDIJm7ys9cK3pPWsct2stI+iOH8ag1KbXFqE8gQxtYK3Y
pFmRmnkJDHB9tbftSYKNvSd2NuYtn4MP6ZFjegIqvILjPnuRbWGTHHhw/A+r0WPw
79AxawlreV4DvUGq3MH9uuWPnLA/LHRu1s0m8Gs9WCx/vzzCTSxfEEXJ
-----END CERTIFICATE-----