Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS50167.roa
File:                     AS50167.roa (raw, json)
Hash identifier:          0eagJ+P+pOKNBPJZQVrP5v94w3BD4gTU5fOwU2welK4=
Subject key identifier:   9E:EC:BE:97:FB:03:98:E6:B0:EE:53:44:84:F0:68:E5:67:09:E9:24
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       25F62316FCBF952BEDCA8C9C132BEE53C724A53A
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS50167.roa
Signing time:             Thu 13 Jul 2023 18:49:20 +0000
ROA not before:           Thu 13 Jul 2023 18:44:20 +0000
ROA not after:            Thu 11 Jul 2024 18:49:20 +0000
asID:                     50167
IP address blocks:        179.61.129.0/24 maxlen: 24
                          191.96.157.0/24 maxlen: 24
                          191.96.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:f6:23:16:fc:bf:95:2b:ed:ca:8c:9c:13:2b:ee:53:c7:24:a5:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul 13 18:44:20 2023 GMT
            Not After : Jul 11 18:49:20 2024 GMT
        Subject: CN=9EECBE97FB0398E6B0EE534484F068E56709E924
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:02:7e:52:e8:e1:4e:90:c9:c2:d8:3c:7c:1c:
                    f0:98:9e:35:bc:86:3e:91:a9:8f:f3:cd:1c:d2:79:
                    ca:87:49:0c:f8:d3:c1:2c:30:28:28:21:14:6a:fd:
                    11:f3:37:8e:50:8c:de:ea:20:91:24:9b:1a:ff:3f:
                    0a:b1:aa:2a:0f:45:14:a5:4f:82:f8:ce:f1:f2:09:
                    ff:85:44:9a:77:69:ac:f6:94:b8:b9:9a:44:41:34:
                    ec:bc:d6:19:82:97:92:aa:0f:a1:6c:78:18:aa:7f:
                    e5:71:81:9d:19:29:5f:92:6b:a5:4f:7c:4a:dc:54:
                    0e:e7:91:a7:8d:44:3e:3f:9a:d8:9b:85:7c:9b:e3:
                    2c:33:e5:e2:22:cb:90:15:d7:10:ea:a3:f4:5d:e0:
                    d8:07:80:07:37:21:45:24:6b:e6:e7:e5:83:31:27:
                    ff:aa:48:2a:54:38:93:3a:5a:3d:57:97:b4:fd:13:
                    7b:6c:a7:1c:b2:d6:37:b6:02:a6:bc:30:14:f9:7b:
                    2e:42:7e:d0:02:ea:ee:cd:03:27:26:d2:15:3d:ed:
                    4b:7b:ae:7d:c7:09:52:82:65:ed:68:0a:b7:be:29:
                    d6:a9:97:4c:a6:4b:b7:03:e6:b4:e0:9d:1b:07:c3:
                    ea:ec:49:29:c1:e1:28:79:5f:30:ea:94:d7:38:75:
                    f2:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:EC:BE:97:FB:03:98:E6:B0:EE:53:44:84:F0:68:E5:67:09:E9:24
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS50167.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.129.0/24
                  191.96.157.0/24
                  191.96.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:57:ea:5a:8b:2c:44:8c:bf:e6:be:35:96:35:ba:86:32:ca:
         e4:ff:52:ca:63:39:b5:84:dc:bf:d4:6b:0b:ef:d9:93:9a:f7:
         97:f4:43:b0:d6:12:42:f7:fd:26:87:46:61:75:ee:1d:14:84:
         18:93:aa:29:a4:56:60:98:e7:e3:4d:8a:dd:46:22:f3:f4:70:
         a9:04:47:f0:eb:22:e4:12:4a:46:8e:68:52:af:aa:23:07:70:
         3b:3d:a0:ef:ea:94:28:89:f7:f5:8e:1e:66:09:a9:19:96:a4:
         9a:6a:44:a4:c1:4c:67:de:c2:0d:65:e8:d8:e7:ec:4f:30:51:
         8b:4d:ee:d2:d7:18:b1:ca:08:a3:60:b5:5c:75:f5:db:fc:4a:
         8f:a2:29:65:85:14:67:dd:27:84:fa:6e:7d:64:0f:58:7e:bd:
         4d:6b:87:74:be:b0:93:84:34:82:a8:c2:3f:7c:6c:1e:54:bc:
         67:b4:4d:7a:80:6a:f6:e1:56:5e:9d:46:fc:8b:a5:f9:e4:27:
         f7:bb:65:83:4d:6e:99:32:cc:61:af:f7:75:62:86:44:62:ef:
         d2:d4:68:5b:ce:e9:0d:3d:e8:41:a3:73:5c:03:6a:33:87:8c:
         cd:27:fd:8a:d6:f1:1e:c1:26:32:de:a0:4c:bb:3e:e1:bc:60:
         41:48:a6:d9
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUJfYjFvy/lSvtyoycEyvuU8ckpTowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzA3MTMxODQ0MjBaFw0yNDA3MTExODQ5MjBaMDMxMTAvBgNV
BAMTKDlFRUNCRTk3RkIwMzk4RTZCMEVFNTM0NDg0RjA2OEU1NjcwOUU5MjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCRAn5S6OFOkMnC2Dx8HPCYnjW8
hj6RqY/zzRzSecqHSQz408EsMCgoIRRq/RHzN45QjN7qIJEkmxr/PwqxqioPRRSl
T4L4zvHyCf+FRJp3aaz2lLi5mkRBNOy81hmCl5KqD6FseBiqf+VxgZ0ZKV+Sa6VP
fErcVA7nkaeNRD4/mtibhXyb4ywz5eIiy5AV1xDqo/Rd4NgHgAc3IUUka+bn5YMx
J/+qSCpUOJM6Wj1Xl7T9E3tspxyy1je2Aqa8MBT5ey5CftAC6u7NAycm0hU97Ut7
rn3HCVKCZe1oCre+Kdapl0ymS7cD5rTgnRsHw+rsSSnB4Sh5XzDqlNc4dfJ7AgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUnuy+l/sDmOaw7lNEhPBo5WcJ6SQwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTAxNjcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBACzPYED
BAC/YJ0DBAC/YPUwDQYJKoZIhvcNAQELBQADggEBAJ1X6lqLLESMv+a+NZY1uoYy
yuT/UspjObWE3L/Uawvv2ZOa95f0Q7DWEkL3/SaHRmF17h0UhBiTqimkVmCY5+NN
it1GIvP0cKkER/DrIuQSSkaOaFKvqiMHcDs9oO/qlCiJ9/WOHmYJqRmWpJpqRKTB
TGfewg1l6Njn7E8wUYtN7tLXGLHKCKNgtVx19dv8So+iKWWFFGfdJ4T6bn1kD1h+
vU1rh3S+sJOENIKowj98bB5UvGe0TXqAavbhVl6dRvyLpfnkJ/e7ZYNNbpkyzGGv
93VihkRi79LUaFvO6Q096EGjc1wDajOHjM0n/YrW8R7BJjLeoEy7PuG8YEFIptk=
-----END CERTIFICATE-----