Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS24768.roa
File:                     AS24768.roa (raw, json)
Hash identifier:          piFkIeBFie0ubM93TD9Z9OiA0C79INXdMN7xMvb0nzo=
Subject key identifier:   FB:6A:05:C8:4A:7C:76:72:94:09:FD:7E:32:E4:4C:85:24:37:EE:41
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       11253C2FED75D8FEA6DF03B9F1A8B81BC8EC10E2
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS24768.roa
Signing time:             Fri 26 Apr 2024 00:00:43 +0000
ROA not before:           Thu 25 Apr 2024 23:55:43 +0000
ROA not after:            Fri 25 Apr 2025 00:00:43 +0000
asID:                     24768
IP address blocks:        45.87.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:25:3c:2f:ed:75:d8:fe:a6:df:03:b9:f1:a8:b8:1b:c8:ec:10:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr 25 23:55:43 2024 GMT
            Not After : Apr 25 00:00:43 2025 GMT
        Subject: CN=FB6A05C84A7C76729409FD7E32E44C852437EE41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:41:3e:86:8e:ee:cb:7b:92:9c:a1:4c:bb:93:
                    b3:64:08:cc:b5:10:12:ab:20:9f:8b:47:02:45:fb:
                    75:2f:8b:17:db:38:84:8f:00:22:39:64:97:dc:f9:
                    4a:fd:30:ef:8d:b1:d9:37:3f:40:79:eb:70:d7:9a:
                    33:a8:ed:79:7a:b3:9d:06:72:58:b0:64:f4:1c:c7:
                    c6:ec:c2:92:bb:34:b4:b9:71:81:23:a3:17:0d:0f:
                    1f:bd:96:38:70:e5:a7:7f:24:71:1e:2a:5a:39:a0:
                    0b:24:0a:73:27:5d:78:93:43:3a:6b:31:80:95:26:
                    9b:03:73:89:09:1b:b2:28:e8:4d:8a:d7:af:e3:93:
                    b6:5b:32:cb:16:d6:08:50:fa:99:18:25:c8:35:91:
                    05:1a:27:1b:c5:68:d3:c6:3c:48:f5:cc:69:d8:e3:
                    e4:a6:a2:44:1a:e3:a0:3e:74:e0:c1:c1:9d:97:08:
                    09:08:d4:fc:3c:e2:f0:62:7e:c5:95:51:a9:d4:98:
                    af:13:3b:18:4c:a2:4f:7c:57:b6:75:d2:bf:b9:eb:
                    5b:66:28:7f:31:17:94:51:6b:b6:41:06:6d:8f:f6:
                    aa:dc:06:40:88:6a:b5:1f:e6:90:3e:28:d5:a7:64:
                    18:28:80:33:78:76:af:b8:c5:c4:a3:93:5b:44:b1:
                    82:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:6A:05:C8:4A:7C:76:72:94:09:FD:7E:32:E4:4C:85:24:37:EE:41
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS24768.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:af:05:4c:36:1b:57:0c:84:6a:04:01:2d:78:88:ee:ca:4a:
         8e:65:26:e9:5c:f1:17:c1:1e:12:b2:09:4b:1d:dd:de:5b:44:
         79:b2:46:d1:5b:ad:45:7a:f6:b1:e2:82:b4:cb:98:7e:2c:91:
         86:9c:4c:9a:0e:c6:29:f8:ba:b3:47:54:b6:46:84:88:fc:46:
         e4:62:5a:ca:e4:c3:01:9d:1b:84:db:e9:09:54:da:06:c7:62:
         2a:72:4c:92:e3:48:7f:f5:86:be:25:f1:cf:19:d8:51:40:e3:
         0e:0f:3d:d1:c9:54:12:92:56:60:ee:93:60:07:a2:10:fe:dc:
         99:20:c3:ff:5e:50:d5:e3:38:d2:bc:d3:53:2f:d5:4a:d3:4b:
         ca:66:68:94:c4:a8:07:3c:1f:02:04:81:fb:a2:cb:88:5c:4b:
         dc:59:70:16:a2:87:ab:70:a2:d9:f9:7d:89:55:66:27:04:9e:
         33:26:4f:4d:59:d9:0d:19:e5:22:64:6b:54:37:da:21:e5:a6:
         a0:9a:2a:98:43:fd:a7:4f:a3:a1:68:e3:73:89:ef:fa:84:fb:
         8d:49:09:c0:ea:40:7e:ad:a5:f2:3b:f0:eb:ea:12:b1:08:dc:
         db:14:f0:2c:7a:0f:6d:72:a1:62:30:a0:b3:2c:6d:5f:be:9b:
         9c:a7:3c:79
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUESU8L+112P6m3wO58ai4G8jsEOIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA0MjUyMzU1NDNaFw0yNTA0MjUwMDAwNDNaMDMxMTAvBgNV
BAMTKEZCNkEwNUM4NEE3Qzc2NzI5NDA5RkQ3RTMyRTQ0Qzg1MjQzN0VFNDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrQT6Gju7Le5KcoUy7k7NkCMy1
EBKrIJ+LRwJF+3UvixfbOISPACI5ZJfc+Ur9MO+Nsdk3P0B563DXmjOo7Xl6s50G
cliwZPQcx8bswpK7NLS5cYEjoxcNDx+9ljhw5ad/JHEeKlo5oAskCnMnXXiTQzpr
MYCVJpsDc4kJG7Io6E2K16/jk7ZbMssW1ghQ+pkYJcg1kQUaJxvFaNPGPEj1zGnY
4+SmokQa46A+dODBwZ2XCAkI1Pw84vBifsWVUanUmK8TOxhMok98V7Z10r+561tm
KH8xF5RRa7ZBBm2P9qrcBkCIarUf5pA+KNWnZBgogDN4dq+4xcSjk1tEsYKxAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU+2oFyEp8dnKUCf1+MuRMhSQ37kEwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjQ3Njgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtV7sw
DQYJKoZIhvcNAQELBQADggEBAEKvBUw2G1cMhGoEAS14iO7KSo5lJulc8RfBHhKy
CUsd3d5bRHmyRtFbrUV69rHigrTLmH4skYacTJoOxin4urNHVLZGhIj8RuRiWsrk
wwGdG4Tb6QlU2gbHYipyTJLjSH/1hr4l8c8Z2FFA4w4PPdHJVBKSVmDuk2AHohD+
3Jkgw/9eUNXjONK801Mv1UrTS8pmaJTEqAc8HwIEgfuiy4hcS9xZcBaih6twotn5
fYlVZicEnjMmT01Z2Q0Z5SJka1Q32iHlpqCaKphD/adPo6Fo43OJ7/qE+41JCcDq
QH6tpfI78OvqErEI3NsU8Cx6D21yoWIwoLMsbV++m5ynPHk=
-----END CERTIFICATE-----