Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS24875.roa
File:                     AS24875.roa (raw, json)
Hash identifier:          TbTagCE7iPDuTYAsCl0vbPXWz3tlJL7oJkkZ+YMTbjg=
Subject key identifier:   CE:DE:19:CE:8C:B9:09:16:57:95:32:BF:F3:41:6A:7B:2A:CD:F2:28
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3D3D8B1489F0411AC23B3DBD8A3B600AB29FAF34
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS24875.roa
Signing time:             Tue 30 Jan 2024 12:20:35 +0000
ROA not before:           Tue 30 Jan 2024 12:15:35 +0000
ROA not after:            Tue 28 Jan 2025 12:20:35 +0000
asID:                     24875
IP address blocks:        92.119.34.0/24 maxlen: 24
                          181.215.178.0/24 maxlen: 24
                          191.96.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:3d:8b:14:89:f0:41:1a:c2:3b:3d:bd:8a:3b:60:0a:b2:9f:af:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 30 12:15:35 2024 GMT
            Not After : Jan 28 12:20:35 2025 GMT
        Subject: CN=CEDE19CE8CB90916579532BFF3416A7B2ACDF228
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:6b:a2:48:31:96:fa:69:36:df:c1:1c:52:c1:
                    ff:e9:8f:21:6a:2a:f8:ed:4f:f1:07:53:68:e0:67:
                    88:b8:67:2a:71:7a:9c:d8:44:d0:11:c3:b7:f9:f1:
                    33:66:2a:88:df:41:ad:67:66:24:fa:be:14:df:2e:
                    7c:07:2a:a9:01:e9:c7:6a:20:84:8c:6f:7b:79:dd:
                    32:6e:a5:3e:99:cf:80:c2:f0:32:3c:55:7a:50:9e:
                    5c:5f:d5:1a:85:ae:61:5f:b2:3f:07:6d:8f:34:c3:
                    9e:35:08:93:50:83:35:de:63:d9:00:7e:ad:60:64:
                    a4:1e:6e:da:d5:25:63:82:fb:60:0a:18:90:ae:07:
                    f8:c9:3e:37:f9:d9:67:72:34:bb:20:94:c9:e4:90:
                    22:7c:ef:c4:d3:1c:f5:5d:88:16:e0:6e:81:ef:e1:
                    1c:4f:21:db:ad:eb:13:5a:77:b4:21:c5:b2:c2:ca:
                    71:3e:5a:73:fc:93:77:3e:d1:a1:cf:da:97:46:62:
                    db:1e:1f:3e:92:00:b5:ae:1d:45:10:52:59:9e:20:
                    01:b4:57:f5:65:0a:c2:c0:5f:cc:e5:af:6e:f4:42:
                    79:e6:51:81:52:90:e8:b7:c0:bd:c5:3f:d9:27:a3:
                    a9:75:a5:1b:e6:3c:f6:9e:c2:84:d9:23:d3:f6:d5:
                    33:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:DE:19:CE:8C:B9:09:16:57:95:32:BF:F3:41:6A:7B:2A:CD:F2:28
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS24875.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.119.34.0/24
                  181.215.178.0/24
                  191.96.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:52:39:06:12:22:7c:cc:d0:56:35:9c:95:d5:8a:ac:2a:14:
         90:e1:0c:18:f1:74:cf:0d:d1:d8:b4:2b:c7:ac:b5:81:85:45:
         9f:72:db:e7:45:f9:56:a6:6b:74:ad:f3:90:43:cd:53:19:27:
         f8:32:36:04:10:15:97:da:38:4b:fb:d3:c0:08:e5:af:24:3b:
         fe:1c:63:5c:fd:f0:4d:b6:ad:6e:9b:81:04:69:57:81:f3:ef:
         f3:65:c6:2b:ef:14:69:cf:0a:4f:38:de:65:bf:73:c0:da:de:
         0e:3f:bb:58:30:de:2c:76:6c:99:32:95:f3:89:73:c6:34:e6:
         0b:b5:7e:3a:f6:3d:af:59:14:58:d4:74:18:7d:ba:8f:0f:e1:
         5e:06:41:22:ae:b0:95:1c:01:64:bc:94:f9:5d:9b:e2:78:6a:
         65:60:0a:ab:96:aa:52:ad:c8:a1:3c:9b:67:32:3b:68:08:89:
         e5:fa:b0:00:e4:f2:b3:c7:2c:40:14:b8:f8:59:53:f2:9f:87:
         30:86:43:57:65:ac:b2:44:e9:e1:6b:9c:63:08:25:79:9b:47:
         b4:a8:0a:cc:7e:89:fa:ad:c8:66:7b:14:db:0d:df:5e:96:f7:
         00:30:35:d7:bf:2d:c1:97:15:af:ac:1e:0b:6f:31:de:71:a7:
         67:a5:29:3b
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUPT2LFInwQRrCOz29ijtgCrKfrzQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzAxMjE1MzVaFw0yNTAxMjgxMjIwMzVaMDMxMTAvBgNV
BAMTKENFREUxOUNFOENCOTA5MTY1Nzk1MzJCRkYzNDE2QTdCMkFDREYyMjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCma6JIMZb6aTbfwRxSwf/pjyFq
KvjtT/EHU2jgZ4i4ZypxepzYRNARw7f58TNmKojfQa1nZiT6vhTfLnwHKqkB6cdq
IISMb3t53TJupT6Zz4DC8DI8VXpQnlxf1RqFrmFfsj8HbY80w541CJNQgzXeY9kA
fq1gZKQebtrVJWOC+2AKGJCuB/jJPjf52WdyNLsglMnkkCJ878TTHPVdiBbgboHv
4RxPIdut6xNad7QhxbLCynE+WnP8k3c+0aHP2pdGYtseHz6SALWuHUUQUlmeIAG0
V/VlCsLAX8zlr270QnnmUYFSkOi3wL3FP9kno6l1pRvmPPaewoTZI9P21TONAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUzt4Zzoy5CRZXlTK/80FqeyrN8igwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjQ4NzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBABcdyID
BAC117IDBAC/YGQwDQYJKoZIhvcNAQELBQADggEBAFFSOQYSInzM0FY1nJXViqwq
FJDhDBjxdM8N0di0K8estYGFRZ9y2+dF+Vama3St85BDzVMZJ/gyNgQQFZfaOEv7
08AI5a8kO/4cY1z98E22rW6bgQRpV4Hz7/NlxivvFGnPCk843mW/c8Da3g4/u1gw
3ix2bJkylfOJc8Y05gu1fjr2Pa9ZFFjUdBh9uo8P4V4GQSKusJUcAWS8lPldm+J4
amVgCquWqlKtyKE8m2cyO2gIieX6sADk8rPHLEAUuPhZU/KfhzCGQ1dlrLJE6eFr
nGMIJXmbR7SoCsx+ifqtyGZ7FNsN316W9wAwNde/LcGXFa+sHgtvMd5xp2elKTs=
-----END CERTIFICATE-----