Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS50673.roa
File:                     AS50673.roa (raw, json)
Hash identifier:          FBo/cFhKvo6xQ95qu8121E3PLXOMjQFUAw3ljhi2rx4=
Subject key identifier:   13:5A:25:8E:16:D7:8C:F2:18:A9:06:8F:9D:E1:80:EF:78:7F:F3:C9
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       068EA73CFE9E9DE86A5BC9A547D569C086CEDF6B
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS50673.roa
Signing time:             Wed 01 Jan 2025 08:53:50 +0000
ROA not before:           Wed 01 Jan 2025 08:48:50 +0000
ROA not after:            Wed 31 Dec 2025 08:53:50 +0000
asID:                     50673
IP address blocks:        185.172.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:8e:a7:3c:fe:9e:9d:e8:6a:5b:c9:a5:47:d5:69:c0:86:ce:df:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan  1 08:48:50 2025 GMT
            Not After : Dec 31 08:53:50 2025 GMT
        Subject: CN=135A258E16D78CF218A9068F9DE180EF787FF3C9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:7e:f5:3f:e3:53:14:f5:f9:90:3b:2a:80:d2:
                    0f:19:01:90:47:8b:56:4e:e4:4b:12:33:a4:f5:af:
                    09:c7:04:df:84:66:fe:2d:7d:28:a1:5e:13:9c:0a:
                    46:38:66:58:b2:44:f6:95:13:37:43:aa:ba:83:89:
                    25:ae:bb:7b:3e:54:24:75:5a:20:13:74:69:d8:fb:
                    ec:ee:ba:09:a3:1a:e1:f2:e3:b7:ac:a3:31:da:d1:
                    b9:2e:0d:5d:8c:ea:ca:b0:76:4e:6f:a0:e2:ee:04:
                    bd:e6:58:04:a2:2a:d7:15:9f:82:f9:3d:02:fe:89:
                    66:f2:ee:46:46:58:66:90:15:f0:ea:7e:d1:83:18:
                    2f:2c:e5:89:d6:de:42:70:2c:5f:e6:3f:b1:1f:50:
                    f5:3b:09:68:4e:a1:cf:38:44:5f:c2:1c:85:4a:48:
                    94:48:92:1f:29:52:e0:69:2e:1d:37:09:c7:54:3f:
                    a0:d1:fd:0d:a3:b2:05:69:dc:c6:bc:9e:47:a0:a7:
                    ad:62:7b:81:88:4d:ff:50:14:16:19:7d:0c:75:c8:
                    11:32:11:c7:8e:77:07:89:24:d7:fa:1f:80:21:84:
                    05:fa:fb:d8:c7:78:e9:b2:bc:c8:f6:9f:75:ff:e3:
                    2a:17:47:13:a8:4c:50:2b:92:05:a0:38:f3:52:16:
                    e6:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:5A:25:8E:16:D7:8C:F2:18:A9:06:8F:9D:E1:80:EF:78:7F:F3:C9
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS50673.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:5f:7a:b7:42:79:6d:ee:d1:5e:b1:c2:1d:20:0b:a0:e6:3d:
         bc:65:0c:ae:35:d8:3c:60:d9:ad:d9:b4:4b:fd:4a:47:d0:97:
         17:76:09:d0:bf:be:ef:91:c4:2c:4d:3d:f4:66:da:21:85:3d:
         97:86:c9:dc:07:b5:71:48:1e:fd:bd:34:c7:97:28:81:0d:3e:
         17:44:6a:1e:a9:47:34:07:e0:22:21:f3:f9:06:90:30:c7:31:
         c2:ea:1e:a5:46:36:40:04:34:54:b3:85:54:7c:4a:7e:8a:3f:
         57:35:4c:98:9a:f5:7d:7b:67:7e:20:e5:d1:ee:5a:7e:d5:c2:
         11:e3:f2:81:08:3a:25:78:5b:ec:6c:f3:a2:5c:96:22:80:cf:
         ab:a8:4d:e3:12:f0:b4:34:32:be:d3:42:d6:07:72:19:c7:46:
         1d:9d:ba:d5:03:cb:3e:d1:19:1f:2a:6b:d4:1d:9f:ff:01:5f:
         01:d9:72:13:c6:29:d0:da:fb:3c:72:f1:05:e1:6c:99:0c:9a:
         0a:c1:58:ce:e1:2c:c1:d3:48:22:df:01:c0:38:2e:58:f5:06:
         9b:9c:1f:d8:fb:b5:14:8e:ae:ac:29:dd:48:ad:d7:23:60:a6:
         09:49:60:79:5e:58:e1:52:26:35:0c:2b:5f:5d:a6:cd:09:ac:
         fe:15:ef:63
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUBo6nPP6enehqW8mlR9VpwIbO32swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAxMDEwODQ4NTBaFw0yNTEyMzEwODUzNTBaMDMxMTAvBgNV
BAMTKDEzNUEyNThFMTZENzhDRjIxOEE5MDY4RjlERTE4MEVGNzg3RkYzQzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTfvU/41MU9fmQOyqA0g8ZAZBH
i1ZO5EsSM6T1rwnHBN+EZv4tfSihXhOcCkY4ZliyRPaVEzdDqrqDiSWuu3s+VCR1
WiATdGnY++zuugmjGuHy47esozHa0bkuDV2M6sqwdk5voOLuBL3mWASiKtcVn4L5
PQL+iWby7kZGWGaQFfDqftGDGC8s5YnW3kJwLF/mP7EfUPU7CWhOoc84RF/CHIVK
SJRIkh8pUuBpLh03CcdUP6DR/Q2jsgVp3Ma8nkegp61ie4GITf9QFBYZfQx1yBEy
EceOdweJJNf6H4AhhAX6+9jHeOmyvMj2n3X/4yoXRxOoTFArkgWgOPNSFuYFAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUE1oljhbXjPIYqQaPneGA73h/88kwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTA2NzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5rDgw
DQYJKoZIhvcNAQELBQADggEBAFxferdCeW3u0V6xwh0gC6DmPbxlDK412Dxg2a3Z
tEv9SkfQlxd2CdC/vu+RxCxNPfRm2iGFPZeGydwHtXFIHv29NMeXKIENPhdEah6p
RzQH4CIh8/kGkDDHMcLqHqVGNkAENFSzhVR8Sn6KP1c1TJia9X17Z34g5dHuWn7V
whHj8oEIOiV4W+xs86JcliKAz6uoTeMS8LQ0Mr7TQtYHchnHRh2dutUDyz7RGR8q
a9Qdn/8BXwHZchPGKdDa+zxy8QXhbJkMmgrBWM7hLMHTSCLfAcA4Llj1BpucH9j7
tRSOrqwp3Uit1yNgpglJYHleWOFSJjUMK19dps0JrP4V72M=
-----END CERTIFICATE-----