Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS5065.roa
File:                     AS5065.roa (raw, json)
Hash identifier:          nYw+YPTWX0LhoTnrxHiVtoQOvMoZ+finRPwoJOIO2U8=
Subject key identifier:   CB:89:84:E3:43:3D:FF:09:44:78:0C:AB:BA:E1:45:D5:97:52:13:46
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1BD05257B8C5B127D0A3043CAAAE71B751610788
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS5065.roa
Signing time:             Wed 17 Apr 2024 13:48:28 +0000
ROA not before:           Wed 17 Apr 2024 13:43:28 +0000
ROA not after:            Wed 16 Apr 2025 13:48:28 +0000
asID:                     5065
IP address blocks:        179.61.147.0/24 maxlen: 24
                          179.61.203.0/24 maxlen: 24
                          181.214.236.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:d0:52:57:b8:c5:b1:27:d0:a3:04:3c:aa:ae:71:b7:51:61:07:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr 17 13:43:28 2024 GMT
            Not After : Apr 16 13:48:28 2025 GMT
        Subject: CN=CB8984E3433DFF0944780CABBAE145D597521346
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:21:c3:55:05:89:38:6b:a0:6e:91:e2:c9:d5:
                    f8:a6:7b:84:a4:ad:c1:8d:9e:6e:3b:ee:26:f0:e1:
                    9b:51:09:9d:db:1f:18:bf:21:4c:d6:f2:2c:dd:a9:
                    a3:a3:d4:fe:42:55:60:e8:14:50:8d:ad:a0:7d:e8:
                    61:04:6e:a5:67:97:1d:b3:87:6a:e1:36:c5:96:c6:
                    ba:13:30:c3:d8:fd:eb:91:53:fe:59:bf:69:91:cd:
                    ba:88:25:c5:13:71:a0:4c:d8:5c:a9:f7:e8:3d:54:
                    93:65:4b:f5:38:78:55:10:ed:e8:3f:4c:15:17:a6:
                    75:59:60:d2:ed:e1:87:75:12:13:0a:67:cf:96:b9:
                    b7:0f:f4:13:ac:2b:a5:22:64:e4:45:83:eb:0d:99:
                    58:b9:f0:14:af:b5:4f:28:aa:f6:e2:4e:ef:3d:0c:
                    44:5c:22:e4:91:8a:98:bc:75:0f:2e:fa:fa:31:fe:
                    72:06:e9:fc:ea:d3:36:d9:a8:6f:68:87:5b:fe:e7:
                    28:41:b0:05:8d:7e:e5:52:b9:f8:df:99:3e:26:a5:
                    b3:ca:0b:22:9e:87:94:63:cf:90:04:22:3a:15:8f:
                    06:70:b9:b3:b2:45:88:eb:72:e3:25:6c:f2:6e:13:
                    a9:57:a1:a0:ec:9e:c4:0c:b2:cf:3f:d9:c9:44:66:
                    15:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:89:84:E3:43:3D:FF:09:44:78:0C:AB:BA:E1:45:D5:97:52:13:46
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS5065.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.147.0/24
                  179.61.203.0/24
                  181.214.236.0/23

    Signature Algorithm: sha256WithRSAEncryption
         78:92:b1:d7:1e:0f:3f:01:98:46:8c:64:1a:3a:f0:d8:82:92:
         14:f6:b3:1e:73:4b:97:69:bc:7d:9c:81:2f:2f:f2:30:40:0d:
         5f:5e:96:2f:76:4d:8b:2b:23:a9:ad:9f:8b:5e:cc:f8:d0:6f:
         f6:c6:e5:33:b2:4f:29:82:7b:81:02:5a:06:be:d7:91:c8:14:
         68:a9:8a:c6:e8:9c:0e:a8:c3:dc:aa:6a:d9:69:25:a2:01:cc:
         a8:ac:6a:ef:94:ca:f3:32:0b:70:a6:e3:ef:4c:06:37:0e:dd:
         57:6b:56:30:f4:40:2c:90:ca:d0:2c:cd:aa:5c:ea:1b:0b:e8:
         ee:09:29:8e:32:50:d2:c5:99:0a:0f:ee:55:07:60:f8:2f:98:
         cb:52:46:48:f9:a4:4c:47:a0:4f:e8:d5:b1:d8:8e:33:65:96:
         0f:6a:72:11:f9:d9:34:a5:74:14:3a:36:be:2c:d4:91:de:1b:
         da:a1:0a:d0:a1:9d:a1:bb:dd:ba:d6:f0:a7:1c:f5:58:57:f5:
         80:e6:d3:60:f5:cc:00:9c:52:e8:e0:c3:0c:63:fd:2d:71:0b:
         d8:02:cc:3f:3c:ec:00:b3:dd:bd:fb:f1:ed:b8:10:1c:af:fe:
         06:4b:a5:17:c2:c0:29:8d:9e:8c:72:b0:ae:f3:d5:1b:31:05:
         8b:0a:84:0f
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIUG9BSV7jFsSfQowQ8qq5xt1FhB4gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA0MTcxMzQzMjhaFw0yNTA0MTYxMzQ4MjhaMDMxMTAvBgNV
BAMTKENCODk4NEUzNDMzREZGMDk0NDc4MENBQkJBRTE0NUQ1OTc1MjEzNDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiIcNVBYk4a6BukeLJ1fime4Sk
rcGNnm477ibw4ZtRCZ3bHxi/IUzW8izdqaOj1P5CVWDoFFCNraB96GEEbqVnlx2z
h2rhNsWWxroTMMPY/euRU/5Zv2mRzbqIJcUTcaBM2Fyp9+g9VJNlS/U4eFUQ7eg/
TBUXpnVZYNLt4Yd1EhMKZ8+WubcP9BOsK6UiZORFg+sNmVi58BSvtU8oqvbiTu89
DERcIuSRipi8dQ8u+vox/nIG6fzq0zbZqG9oh1v+5yhBsAWNfuVSufjfmT4mpbPK
CyKeh5Rjz5AEIjoVjwZwubOyRYjrcuMlbPJuE6lXoaDsnsQMss8/2clEZhVVAgMB
AAGjggIUMIICEDAdBgNVHQ4EFgQUy4mE40M9/wlEeAyruuFF1ZdSE0YwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTA2NS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEALM9kwME
ALM9ywMEAbXW7DANBgkqhkiG9w0BAQsFAAOCAQEAeJKx1x4PPwGYRoxkGjrw2IKS
FPazHnNLl2m8fZyBLy/yMEANX16WL3ZNiysjqa2fi17M+NBv9sblM7JPKYJ7gQJa
Br7XkcgUaKmKxuicDqjD3Kpq2WklogHMqKxq75TK8zILcKbj70wGNw7dV2tWMPRA
LJDK0CzNqlzqGwvo7gkpjjJQ0sWZCg/uVQdg+C+Yy1JGSPmkTEegT+jVsdiOM2WW
D2pyEfnZNKV0FDo2vizUkd4b2qEK0KGdobvdutbwpxz1WFf1gObTYPXMAJxS6ODD
DGP9LXEL2ALMPzzsALPdvfvx7bgQHK/+BkulF8LAKY2ejHKwrvPVGzEFiwqEDw==
-----END CERTIFICATE-----