Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS22781.roa
File:                     AS22781.roa (raw, json)
Hash identifier:          2A/m+rEI7G4KLnkS0oobRTZyhVHxff0UmooPjN/TfXA=
Subject key identifier:   0F:23:59:85:1F:F4:3A:47:ED:E7:D0:15:51:27:CB:AE:6F:0F:85:92
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6F6D580C912610E5C0374FFD935DAB1B5D25B584
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS22781.roa
Signing time:             Wed 27 Dec 2023 23:37:54 +0000
ROA not before:           Wed 27 Dec 2023 23:32:54 +0000
ROA not after:            Wed 25 Dec 2024 23:37:54 +0000
asID:                     22781
IP address blocks:        179.61.148.0/24 maxlen: 24
                          191.96.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:6d:58:0c:91:26:10:e5:c0:37:4f:fd:93:5d:ab:1b:5d:25:b5:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Dec 27 23:32:54 2023 GMT
            Not After : Dec 25 23:37:54 2024 GMT
        Subject: CN=0F2359851FF43A47EDE7D0155127CBAE6F0F8592
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:5b:6d:92:b1:83:43:bd:d0:26:63:19:48:61:
                    e1:7f:ea:7f:22:bd:0c:6d:92:d6:94:5d:6c:06:bc:
                    f3:b6:a2:d3:2b:77:e1:8f:16:50:16:46:f4:b1:07:
                    28:8d:05:29:c0:83:1d:73:54:a4:1d:02:c3:a5:07:
                    9b:e7:a8:5c:0a:40:8b:05:09:78:7d:b3:ea:e7:8b:
                    f8:53:89:cd:b3:d6:d5:da:87:4a:27:d6:67:22:b5:
                    07:98:6e:3c:3d:29:45:2a:46:42:15:1e:b3:10:b0:
                    79:57:76:1d:88:0c:ec:d2:68:64:62:69:e3:94:26:
                    9e:2f:49:10:e9:6b:88:c7:f4:ad:20:24:17:af:8c:
                    42:1d:7f:c8:79:f1:90:04:45:20:48:6a:c8:e9:7d:
                    94:8a:6f:3b:a2:01:18:b4:e8:98:e3:86:47:b4:05:
                    78:80:f7:7c:ac:ee:07:f0:b0:81:2e:69:12:01:76:
                    38:53:8d:e6:ab:39:61:44:c4:2a:41:0e:48:e8:c9:
                    a1:81:a2:49:2d:70:1f:e0:5b:85:07:5d:e0:1f:eb:
                    61:a5:0f:5b:df:d4:8b:54:24:9f:0c:bd:db:d4:b0:
                    22:7a:f2:09:ab:3f:ec:e4:c5:e8:4f:d8:e4:af:94:
                    77:8c:24:29:ea:64:2c:e7:41:94:33:23:91:7e:bd:
                    70:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:23:59:85:1F:F4:3A:47:ED:E7:D0:15:51:27:CB:AE:6F:0F:85:92
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS22781.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.148.0/24
                  191.96.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:70:06:d1:bb:35:e2:54:69:ce:9c:77:c0:df:95:e4:46:04:
         e8:d3:12:10:11:9a:6e:4d:97:c7:d9:fa:92:e2:2f:61:97:18:
         e8:db:cb:7e:36:9a:59:65:d6:1a:2d:0d:5b:de:dc:b3:27:cc:
         04:c8:2b:ad:a8:6b:35:6a:14:a7:1c:42:bf:ef:ec:06:9f:72:
         86:7f:45:67:2d:f0:c1:06:7b:61:3c:ad:9b:d5:e5:c3:e4:b9:
         a0:9b:56:cd:15:d9:f5:21:1c:b6:89:07:af:79:4e:e3:70:c0:
         1f:e3:6c:59:f4:3d:0e:bd:34:1f:ac:a2:56:bf:e2:f0:b4:f6:
         23:d4:d8:cf:0f:ba:e9:c0:22:38:1f:d5:31:08:9d:b4:ae:6f:
         62:4f:66:63:59:82:f2:a8:70:2c:82:1b:b7:59:f7:d9:a3:63:
         73:8a:d0:5d:6f:7c:06:36:34:68:ae:15:e3:2d:3f:2e:2d:e9:
         4c:27:31:c6:66:36:c3:68:ca:03:9a:26:7c:73:63:83:3f:90:
         77:46:ae:c2:ac:2c:cf:7b:b1:cb:4f:52:58:2d:cb:ae:a7:75:
         1e:91:ce:68:a6:17:1a:4f:19:38:0e:2e:c1:c0:7a:a8:c9:67:
         14:7c:f5:93:0a:95:c2:10:b4:5e:17:14:f2:1b:b4:17:af:b3:
         f1:4e:2d:71
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUb21YDJEmEOXAN0/9k12rG10ltYQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzEyMjcyMzMyNTRaFw0yNDEyMjUyMzM3NTRaMDMxMTAvBgNV
BAMTKDBGMjM1OTg1MUZGNDNBNDdFREU3RDAxNTUxMjdDQkFFNkYwRjg1OTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2W22SsYNDvdAmYxlIYeF/6n8i
vQxtktaUXWwGvPO2otMrd+GPFlAWRvSxByiNBSnAgx1zVKQdAsOlB5vnqFwKQIsF
CXh9s+rni/hTic2z1tXah0on1mcitQeYbjw9KUUqRkIVHrMQsHlXdh2IDOzSaGRi
aeOUJp4vSRDpa4jH9K0gJBevjEIdf8h58ZAERSBIasjpfZSKbzuiARi06Jjjhke0
BXiA93ys7gfwsIEuaRIBdjhTjearOWFExCpBDkjoyaGBokktcB/gW4UHXeAf62Gl
D1vf1ItUJJ8MvdvUsCJ68gmrP+zkxehP2OSvlHeMJCnqZCznQZQzI5F+vXBdAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUDyNZhR/0Okft59AVUSfLrm8PhZIwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjI3ODEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACzPZQD
BAC/YAswDQYJKoZIhvcNAQELBQADggEBACJwBtG7NeJUac6cd8DfleRGBOjTEhAR
mm5Nl8fZ+pLiL2GXGOjby342mlll1hotDVve3LMnzATIK62oazVqFKccQr/v7Aaf
coZ/RWct8MEGe2E8rZvV5cPkuaCbVs0V2fUhHLaJB695TuNwwB/jbFn0PQ69NB+s
ola/4vC09iPU2M8PuunAIjgf1TEInbSub2JPZmNZgvKocCyCG7dZ99mjY3OK0F1v
fAY2NGiuFeMtPy4t6UwnMcZmNsNoygOaJnxzY4M/kHdGrsKsLM97sctPUlgty66n
dR6RzmimFxpPGTgOLsHAeqjJZxR89ZMKlcIQtF4XFPIbtBevs/FOLXE=
-----END CERTIFICATE-----