Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS50917.roa
File:                     AS50917.roa (raw, json)
Hash identifier:          My60L0DU8XReGOrkOLqTECLee+Vl2f6H8KJlk7nGIQI=
Subject key identifier:   36:35:AE:0B:86:B9:3D:3B:4D:02:83:0A:B9:91:0C:6C:FF:E8:72:96
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       084D0D775A1B8375C515605F0D3DF090F3AD0443
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS50917.roa
Signing time:             Sun 19 May 2024 02:52:56 +0000
ROA not before:           Sun 19 May 2024 02:47:56 +0000
ROA not after:            Sun 18 May 2025 02:52:56 +0000
asID:                     50917
IP address blocks:        45.93.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:4d:0d:77:5a:1b:83:75:c5:15:60:5f:0d:3d:f0:90:f3:ad:04:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 19 02:47:56 2024 GMT
            Not After : May 18 02:52:56 2025 GMT
        Subject: CN=3635AE0B86B93D3B4D02830AB9910C6CFFE87296
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:87:e7:74:32:5c:33:d5:5e:e9:0b:25:e2:d9:
                    fc:93:85:00:27:80:d3:b4:53:23:e8:5a:db:76:93:
                    1e:2f:21:5c:a5:35:8a:a3:a6:5c:3b:11:29:54:d0:
                    95:6c:a1:19:3c:f3:9e:f9:a9:e6:7c:b8:d6:b7:01:
                    91:f3:67:f0:77:28:3f:a3:7d:ad:3e:74:fa:0d:14:
                    a3:0f:ac:74:da:ae:5e:1c:a7:ff:0a:3c:18:00:2f:
                    9c:5f:d5:3b:9e:0d:f1:33:95:bc:b7:0e:f7:68:84:
                    eb:82:dd:d4:bc:7f:06:34:ee:d5:c7:08:ef:3b:09:
                    e4:62:50:63:aa:8a:b6:37:c4:e1:03:91:2f:50:47:
                    cc:54:2e:7f:7c:ca:86:e3:3e:8a:6c:74:9e:1d:c6:
                    c9:43:81:7e:de:b2:ab:3a:f2:df:f5:71:30:48:58:
                    5b:fb:25:58:96:07:e4:54:a8:eb:c7:c1:4a:e7:fd:
                    7b:5c:4a:86:a7:8e:7f:c4:19:02:20:b8:ba:e1:4d:
                    9b:57:f3:5b:62:d5:94:04:d1:10:b1:3d:18:de:c4:
                    57:8c:92:6d:e9:65:cf:88:d2:9b:ad:ed:43:28:41:
                    b2:a8:23:59:c7:c7:65:50:7d:10:05:98:62:28:36:
                    4c:72:44:2f:89:e2:b5:92:d4:0f:2f:9e:ae:9b:7e:
                    65:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:35:AE:0B:86:B9:3D:3B:4D:02:83:0A:B9:91:0C:6C:FF:E8:72:96
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS50917.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.93.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:3c:b7:56:fb:98:51:4a:02:68:52:a3:e0:e1:0c:fe:c8:82:
         0a:dc:49:df:bb:a6:dc:a3:be:34:b1:8a:c9:81:69:b6:b5:ee:
         0a:2f:90:9b:48:47:27:9b:d4:0a:17:ef:0c:99:f4:94:3a:c9:
         6b:ac:a1:8e:c6:20:c0:f6:f8:51:19:be:c8:8d:d2:ca:b7:cd:
         02:7a:a5:22:6c:5c:0e:af:a8:6f:63:fe:a3:6d:ed:6a:8b:3f:
         1a:5a:5b:88:52:da:97:32:6b:a0:50:17:e1:45:a3:2d:7e:f0:
         f8:55:d0:64:a5:7d:d1:56:fc:98:d6:2e:82:d4:c0:8a:fc:3f:
         8a:a3:e4:53:72:93:52:b9:a6:76:8b:31:e6:0b:29:ae:b7:ee:
         db:5f:c9:ed:2d:2d:2c:d9:35:30:44:53:96:d1:5d:a2:97:14:
         5c:f8:3d:20:88:21:9f:14:42:58:29:85:de:cb:03:47:5d:77:
         8f:ed:5a:3d:ca:59:5c:12:5a:9f:7c:e9:7a:2a:31:b1:cc:0c:
         3c:9a:dd:d4:1e:da:ad:df:b8:62:30:d3:89:1e:4d:d4:44:31:
         62:7d:46:c8:c3:8e:c1:d8:e1:5c:8e:4c:c5:9a:35:fd:54:3d:
         9b:39:dc:48:fe:b9:ea:26:37:d3:ab:53:0f:87:17:de:54:97:
         d4:01:3c:55
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUCE0Nd1obg3XFFWBfDT3wkPOtBEMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA1MTkwMjQ3NTZaFw0yNTA1MTgwMjUyNTZaMDMxMTAvBgNV
BAMTKDM2MzVBRTBCODZCOTNEM0I0RDAyODMwQUI5OTEwQzZDRkZFODcyOTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3h+d0Mlwz1V7pCyXi2fyThQAn
gNO0UyPoWtt2kx4vIVylNYqjplw7ESlU0JVsoRk88575qeZ8uNa3AZHzZ/B3KD+j
fa0+dPoNFKMPrHTarl4cp/8KPBgAL5xf1TueDfEzlby3DvdohOuC3dS8fwY07tXH
CO87CeRiUGOqirY3xOEDkS9QR8xULn98yobjPopsdJ4dxslDgX7esqs68t/1cTBI
WFv7JViWB+RUqOvHwUrn/XtcSoanjn/EGQIguLrhTZtX81ti1ZQE0RCxPRjexFeM
km3pZc+I0put7UMoQbKoI1nHx2VQfRAFmGIoNkxyRC+J4rWS1A8vnq6bfmUrAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUNjWuC4a5PTtNAoMKuZEMbP/ocpYwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTA5MTcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtXSww
DQYJKoZIhvcNAQELBQADggEBAGc8t1b7mFFKAmhSo+DhDP7IggrcSd+7ptyjvjSx
ismBaba17govkJtIRyeb1AoX7wyZ9JQ6yWusoY7GIMD2+FEZvsiN0sq3zQJ6pSJs
XA6vqG9j/qNt7WqLPxpaW4hS2pcya6BQF+FFoy1+8PhV0GSlfdFW/JjWLoLUwIr8
P4qj5FNyk1K5pnaLMeYLKa637ttfye0tLSzZNTBEU5bRXaKXFFz4PSCIIZ8UQlgp
hd7LA0ddd4/tWj3KWVwSWp986XoqMbHMDDya3dQe2q3fuGIw04keTdREMWJ9RsjD
jsHY4VyOTMWaNf1UPZs53Ej+ueomN9OrUw+HF95Ul9QBPFU=
-----END CERTIFICATE-----