Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS47436.roa
File:                     AS47436.roa (raw, json)
Hash identifier:          X/X80zgYDMG4JKD4PckV4YtskmkeLfPrvjhZrRZJXX8=
Subject key identifier:   B0:B3:2A:1C:27:58:4D:67:94:2E:FC:95:8A:16:ED:DC:6C:84:68:4F
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       2050487EE71C94E4B6B07FA4E21CD4A3DD3917E8
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS47436.roa
Signing time:             Thu 07 Dec 2023 00:02:34 +0000
ROA not before:           Wed 06 Dec 2023 23:57:34 +0000
ROA not after:            Thu 05 Dec 2024 00:02:34 +0000
asID:                     47436
IP address blocks:        5.252.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:50:48:7e:e7:1c:94:e4:b6:b0:7f:a4:e2:1c:d4:a3:dd:39:17:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Dec  6 23:57:34 2023 GMT
            Not After : Dec  5 00:02:34 2024 GMT
        Subject: CN=B0B32A1C27584D67942EFC958A16EDDC6C84684F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:e1:76:3f:ca:9b:99:8f:77:ea:47:ac:ea:e3:
                    1a:2e:5a:04:7f:d0:f0:34:f9:54:e5:14:8e:ae:0d:
                    13:a6:c3:ef:f9:c2:8a:c7:98:24:18:e6:33:0c:43:
                    ba:7d:cd:fb:42:fa:1d:d2:d3:ef:59:89:c4:b8:bd:
                    cd:2f:32:5a:1c:09:bd:a9:a7:d7:50:a3:b1:de:97:
                    43:7c:59:45:a7:d3:87:9e:1a:4f:cf:3b:d8:80:70:
                    7c:d2:9f:5c:73:ee:78:e0:68:f1:ed:91:b7:a5:2a:
                    70:6e:d9:7b:07:9c:fe:0e:8a:68:1f:56:1d:33:46:
                    b3:2c:03:27:02:16:17:15:8b:44:2d:c7:7c:46:b8:
                    cd:77:79:32:9a:6e:6c:55:d4:a9:6e:74:7e:25:66:
                    35:0e:8c:94:7a:e2:61:52:d7:d7:42:92:51:9d:d9:
                    ca:34:8c:ea:4a:98:18:b9:97:44:cd:61:8f:d5:65:
                    8f:c6:55:51:85:99:fc:50:8b:32:ef:ae:ed:76:97:
                    fd:7c:38:8c:41:89:37:50:02:d6:8c:8e:2d:2a:bb:
                    70:ca:65:32:4b:e7:47:70:6f:07:e8:57:af:58:fe:
                    bc:55:f4:96:e2:6f:39:be:14:20:61:ea:b6:ce:32:
                    90:75:e3:90:9c:81:81:dc:c1:39:dd:48:4c:b6:72:
                    3b:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:B3:2A:1C:27:58:4D:67:94:2E:FC:95:8A:16:ED:DC:6C:84:68:4F
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS47436.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:80:21:e7:dd:c3:19:27:3b:ae:6d:75:3b:a9:8d:83:41:60:
         00:02:e7:b0:c3:eb:58:5a:68:b5:35:2e:9a:63:d4:88:83:55:
         94:0b:f2:2f:9d:d7:66:fe:b4:0b:11:e5:1b:6a:32:e9:fc:9c:
         3a:ba:89:d0:93:4e:9f:47:bc:3e:e1:e9:7d:75:01:39:cf:33:
         57:6c:5d:35:83:ce:fe:4d:99:f7:62:be:75:28:ec:82:8a:f8:
         96:2c:99:63:b0:dd:fa:0d:6e:9b:ff:3d:de:53:e4:36:69:98:
         57:42:98:a7:84:88:40:07:56:40:2a:83:b5:f4:1f:7a:b1:1e:
         6e:84:b5:12:42:ae:9f:08:52:c7:78:71:5e:20:04:4e:3e:11:
         b8:5d:73:3a:d7:c6:cb:76:2b:b5:fe:10:88:53:91:3f:fd:40:
         22:03:75:b3:8f:b2:15:9f:cc:14:04:dc:06:d4:c9:d1:ff:f6:
         74:2d:6b:6f:16:d5:6a:18:02:75:b5:73:c9:8d:a1:5d:dd:53:
         7c:48:47:6d:79:01:47:62:b6:37:bb:89:1d:30:d8:ab:65:38:
         cc:64:45:75:b6:6e:5a:59:04:76:75:72:85:58:be:36:7b:07:
         7d:7f:06:c4:31:b2:7a:25:71:9e:35:ad:82:fa:1c:6a:5e:95:
         ca:a4:92:bc
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUIFBIfucclOS2sH+k4hzUo905F+gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzEyMDYyMzU3MzRaFw0yNDEyMDUwMDAyMzRaMDMxMTAvBgNV
BAMTKEIwQjMyQTFDMjc1ODRENjc5NDJFRkM5NThBMTZFRERDNkM4NDY4NEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCA4XY/ypuZj3fqR6zq4xouWgR/
0PA0+VTlFI6uDROmw+/5worHmCQY5jMMQ7p9zftC+h3S0+9ZicS4vc0vMlocCb2p
p9dQo7Hel0N8WUWn04eeGk/PO9iAcHzSn1xz7njgaPHtkbelKnBu2XsHnP4Oimgf
Vh0zRrMsAycCFhcVi0Qtx3xGuM13eTKabmxV1KludH4lZjUOjJR64mFS19dCklGd
2co0jOpKmBi5l0TNYY/VZY/GVVGFmfxQizLvru12l/18OIxBiTdQAtaMji0qu3DK
ZTJL50dwbwfoV69Y/rxV9Jbibzm+FCBh6rbOMpB145CcgYHcwTndSEy2cjupAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUsLMqHCdYTWeULvyVihbt3GyEaE8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDc0MzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAF/Eow
DQYJKoZIhvcNAQELBQADggEBABuAIefdwxknO65tdTupjYNBYAAC57DD61haaLU1
Lppj1IiDVZQL8i+d12b+tAsR5RtqMun8nDq6idCTTp9HvD7h6X11ATnPM1dsXTWD
zv5NmfdivnUo7IKK+JYsmWOw3foNbpv/Pd5T5DZpmFdCmKeEiEAHVkAqg7X0H3qx
Hm6EtRJCrp8IUsd4cV4gBE4+EbhdczrXxst2K7X+EIhTkT/9QCIDdbOPshWfzBQE
3AbUydH/9nQta28W1WoYAnW1c8mNoV3dU3xIR215AUditje7iR0w2KtlOMxkRXW2
blpZBHZ1coVYvjZ7B31/BsQxsnolcZ41rYL6HGpelcqkkrw=
-----END CERTIFICATE-----