Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS47741.roa
File:                     AS47741.roa (raw, json)
Hash identifier:          lv+oynROwnxNxoquxvBYmJBmeboi41QE4TecKSxlvZU=
Subject key identifier:   11:0D:14:0B:11:A2:20:69:E9:77:99:19:8D:29:C1:7C:E7:9B:22:BF
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1ACBF44F5163740B9529790835518A4CCFB77C98
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS47741.roa
Signing time:             Mon 09 Dec 2024 08:12:50 +0000
ROA not before:           Mon 09 Dec 2024 08:07:50 +0000
ROA not after:            Mon 08 Dec 2025 08:12:50 +0000
asID:                     47741
IP address blocks:        181.41.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 19:35:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:cb:f4:4f:51:63:74:0b:95:29:79:08:35:51:8a:4c:cf:b7:7c:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Dec  9 08:07:50 2024 GMT
            Not After : Dec  8 08:12:50 2025 GMT
        Subject: CN=110D140B11A22069E97799198D29C17CE79B22BF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:33:ce:fe:60:14:77:5e:9b:e4:01:89:5f:b1:
                    0d:02:f0:64:64:04:f9:2a:14:e0:5e:8e:87:bb:f4:
                    1c:d3:c3:32:3f:f4:4f:dc:65:97:84:6b:79:1a:1c:
                    88:3d:8e:b1:fe:8c:0e:5c:01:93:85:ad:b4:70:52:
                    5b:84:6f:5c:1f:a1:b1:8b:6a:aa:67:11:31:15:f4:
                    0d:cd:a5:29:37:8f:0e:e9:3f:bb:08:e8:a7:c9:89:
                    b2:67:1b:87:8e:60:a6:e5:83:8b:c3:ed:de:52:4a:
                    6c:a2:91:51:91:e8:3e:67:31:35:bc:83:62:09:33:
                    81:87:8e:50:85:d4:28:93:3b:50:22:bd:8c:ae:42:
                    0f:fb:38:00:50:fa:1c:ab:18:4b:d4:00:7d:b1:59:
                    da:d8:23:4a:2f:6b:e9:89:70:6e:42:4c:c6:8c:cc:
                    76:57:8d:5e:e6:68:91:50:00:2e:82:60:da:58:66:
                    93:3a:74:d3:93:78:8a:55:5c:82:7e:92:7c:01:50:
                    26:39:d9:a5:1b:9a:02:da:6e:d0:22:5f:c1:cc:18:
                    a9:c8:17:6d:9b:a1:db:30:c7:e8:8f:d1:b8:ac:ec:
                    39:e7:fc:8e:5e:0e:f8:8e:97:eb:b9:84:7a:fe:65:
                    6c:9f:66:17:cf:9a:02:b8:86:23:d8:d0:8d:5d:5f:
                    3b:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:0D:14:0B:11:A2:20:69:E9:77:99:19:8D:29:C1:7C:E7:9B:22:BF
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS47741.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.41.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:cc:e4:c0:c7:a9:e1:42:68:27:26:06:5a:53:21:33:4a:9b:
         9e:4b:5f:0f:ac:39:63:25:55:d1:bd:5a:ae:d8:50:51:ba:51:
         1a:80:d6:b7:72:f0:35:0d:d8:8e:19:15:c5:aa:1b:3d:f1:3f:
         6c:c4:ed:6e:ba:b0:a7:bf:29:9c:27:f0:16:c5:03:9c:78:68:
         62:af:c6:46:96:4a:3f:d7:03:82:d9:e0:29:60:e6:55:ae:08:
         10:16:d0:1d:af:00:11:b8:65:a0:01:e1:f1:0c:0a:4b:7e:1a:
         2b:c4:cd:0c:2b:e6:f5:11:d3:d2:68:29:f8:36:81:cf:8d:6d:
         ea:d3:49:6e:08:4a:e6:56:e0:74:ac:9d:fd:f7:09:05:95:5d:
         a3:08:69:f0:84:9a:88:0f:38:0e:23:e6:67:9c:8f:80:8f:e4:
         a3:4c:cc:37:42:df:af:a2:15:07:1d:f5:7f:db:98:a1:a6:a7:
         93:0b:3f:72:50:fa:ff:a5:22:dd:2a:e9:96:7f:9a:50:67:aa:
         6c:1f:7c:2f:fc:67:dc:1b:cf:50:d1:02:91:23:2f:30:c7:71:
         1a:62:d0:1c:9d:30:92:dc:b3:f8:62:13:62:1d:ed:5e:0f:04:
         2b:d6:31:fb:b7:2c:95:a3:3b:83:7c:cc:89:6d:87:f1:71:43:
         4a:5f:ae:14
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUGsv0T1FjdAuVKXkINVGKTM+3fJgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDEyMDkwODA3NTBaFw0yNTEyMDgwODEyNTBaMDMxMTAvBgNV
BAMTKDExMEQxNDBCMTFBMjIwNjlFOTc3OTkxOThEMjlDMTdDRTc5QjIyQkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrM87+YBR3XpvkAYlfsQ0C8GRk
BPkqFOBejoe79BzTwzI/9E/cZZeEa3kaHIg9jrH+jA5cAZOFrbRwUluEb1wfobGL
aqpnETEV9A3NpSk3jw7pP7sI6KfJibJnG4eOYKblg4vD7d5SSmyikVGR6D5nMTW8
g2IJM4GHjlCF1CiTO1AivYyuQg/7OABQ+hyrGEvUAH2xWdrYI0ova+mJcG5CTMaM
zHZXjV7maJFQAC6CYNpYZpM6dNOTeIpVXIJ+knwBUCY52aUbmgLabtAiX8HMGKnI
F22bodswx+iP0bis7Dnn/I5eDviOl+u5hHr+ZWyfZhfPmgK4hiPY0I1dXzuJAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUEQ0UCxGiIGnpd5kZjSnBfOebIr8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDc3NDEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC1KcQw
DQYJKoZIhvcNAQELBQADggEBAKPM5MDHqeFCaCcmBlpTITNKm55LXw+sOWMlVdG9
Wq7YUFG6URqA1rdy8DUN2I4ZFcWqGz3xP2zE7W66sKe/KZwn8BbFA5x4aGKvxkaW
Sj/XA4LZ4Clg5lWuCBAW0B2vABG4ZaAB4fEMCkt+GivEzQwr5vUR09JoKfg2gc+N
berTSW4ISuZW4HSsnf33CQWVXaMIafCEmogPOA4j5mecj4CP5KNMzDdC36+iFQcd
9X/bmKGmp5MLP3JQ+v+lIt0q6ZZ/mlBnqmwffC/8Z9wbz1DRApEjLzDHcRpi0Byd
MJLcs/hiE2Id7V4PBCvWMfu3LJWjO4N8zIlth/FxQ0pfrhQ=
-----END CERTIFICATE-----