Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS57043.roa
File:                     AS57043.roa (raw, json)
Hash identifier:          IJubOZSkB7NS6d3LJcQVF37CVasomRgpP0q1zCkFtrg=
Subject key identifier:   18:34:A4:A7:41:ED:CC:B4:F2:61:58:55:FD:45:DB:06:6F:5A:C5:C4
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       36F526FF0C7083570B6D6C4F2B07199B6C682D5E
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS57043.roa
Signing time:             Sat 16 Nov 2024 00:01:13 +0000
ROA not before:           Fri 15 Nov 2024 23:56:13 +0000
ROA not after:            Sat 15 Nov 2025 00:01:13 +0000
asID:                     57043
IP address blocks:        45.89.253.0/24 maxlen: 24
                          191.101.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:f5:26:ff:0c:70:83:57:0b:6d:6c:4f:2b:07:19:9b:6c:68:2d:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Nov 15 23:56:13 2024 GMT
            Not After : Nov 15 00:01:13 2025 GMT
        Subject: CN=1834A4A741EDCCB4F2615855FD45DB066F5AC5C4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:5a:6e:32:d2:df:ac:82:28:2d:7c:d8:93:7a:
                    73:5c:78:08:b1:2b:d0:e4:e3:03:65:66:c7:a0:c0:
                    46:ef:ad:b4:c0:bf:f1:65:8f:be:43:b2:b0:8d:6a:
                    34:99:c8:ff:9a:c8:98:95:b9:e1:89:8a:fb:47:02:
                    d0:15:1e:30:2f:01:ac:10:94:79:b2:7e:6e:2b:d6:
                    78:eb:ed:9a:b2:d3:2b:4a:30:03:2a:d8:e2:2c:db:
                    69:9f:09:5f:86:80:51:a0:57:79:b5:30:a9:cf:fb:
                    de:5f:86:68:2d:25:a8:f5:2d:fb:52:68:50:ba:c6:
                    43:15:5f:c4:50:67:d8:4d:3c:40:31:6d:79:6d:42:
                    d9:79:a4:61:f6:56:50:75:95:b0:73:b6:7e:3b:6f:
                    a5:1c:0a:ea:06:a0:e1:8a:9e:a8:61:66:e0:3b:4c:
                    f8:ba:fb:59:5d:9a:69:7d:57:1b:62:21:ab:c5:3d:
                    31:fa:75:c2:b8:47:fd:03:f5:17:c7:42:b6:03:9a:
                    3c:97:7a:8a:4d:ed:4b:95:04:00:7a:ea:6c:a1:ef:
                    4e:3c:4a:d9:bd:c3:69:53:8e:cc:c7:ad:c2:83:bb:
                    f0:39:f5:72:be:11:f1:45:34:c7:5f:9a:58:c8:88:
                    34:9f:db:10:60:01:de:59:12:86:ad:d8:72:89:a5:
                    f9:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:34:A4:A7:41:ED:CC:B4:F2:61:58:55:FD:45:DB:06:6F:5A:C5:C4
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS57043.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.253.0/24
                  191.101.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:23:7a:b2:cd:ee:f3:6f:d1:7d:f2:b0:a4:d5:6f:ae:01:4c:
         a9:d9:f8:c9:8e:bd:37:67:24:a1:71:82:fa:fa:2a:56:15:25:
         0c:1f:ac:68:71:0d:3c:a1:0b:13:5c:dd:c4:72:8e:c3:e9:b9:
         28:6e:5c:3f:ae:8f:5e:90:bc:95:fa:06:07:9f:e0:3c:50:54:
         5b:61:d6:d1:cf:35:53:e6:2d:90:9b:ff:9c:8d:d5:94:76:f9:
         d5:aa:bc:98:b6:34:44:f6:89:83:55:f3:f0:a8:ef:42:49:73:
         94:af:c4:a8:be:cc:42:8e:ae:73:00:24:5f:a0:15:43:61:08:
         f0:3d:15:0c:d5:89:ca:ee:02:59:ac:be:64:26:58:95:95:a3:
         91:8a:27:33:d2:d0:b1:c6:c7:5d:df:2d:e8:d0:41:7b:07:06:
         58:ea:4f:80:0c:6f:70:ae:09:ec:96:07:80:a9:a5:df:17:5a:
         1a:07:87:41:3f:aa:d8:e1:3d:5e:76:a6:9e:7a:58:eb:29:08:
         90:55:f2:1b:2a:49:3f:e8:77:bd:cf:fa:31:54:e0:cf:7c:f9:
         33:52:f1:70:f9:f6:4d:e8:a9:0f:5c:18:86:dc:16:99:b0:c2:
         7f:ae:ca:87:c0:78:28:1c:e5:09:93:1d:28:33:0c:4e:31:18:
         cf:91:87:d7
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUNvUm/wxwg1cLbWxPKwcZm2xoLV4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDExMTUyMzU2MTNaFw0yNTExMTUwMDAxMTNaMDMxMTAvBgNV
BAMTKDE4MzRBNEE3NDFFRENDQjRGMjYxNTg1NUZENDVEQjA2NkY1QUM1QzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlWm4y0t+sgigtfNiTenNceAix
K9Dk4wNlZsegwEbvrbTAv/Flj75DsrCNajSZyP+ayJiVueGJivtHAtAVHjAvAawQ
lHmyfm4r1njr7Zqy0ytKMAMq2OIs22mfCV+GgFGgV3m1MKnP+95fhmgtJaj1LftS
aFC6xkMVX8RQZ9hNPEAxbXltQtl5pGH2VlB1lbBztn47b6UcCuoGoOGKnqhhZuA7
TPi6+1ldmml9VxtiIavFPTH6dcK4R/0D9RfHQrYDmjyXeopN7UuVBAB66myh7048
Stm9w2lTjszHrcKDu/A59XK+EfFFNMdfmljIiDSf2xBgAd5ZEoat2HKJpfnTAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUGDSkp0HtzLTyYVhV/UXbBm9axcQwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTcwNDMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAtWf0D
BAC/ZXEwDQYJKoZIhvcNAQELBQADggEBAAEjerLN7vNv0X3ysKTVb64BTKnZ+MmO
vTdnJKFxgvr6KlYVJQwfrGhxDTyhCxNc3cRyjsPpuShuXD+uj16QvJX6Bgef4DxQ
VFth1tHPNVPmLZCb/5yN1ZR2+dWqvJi2NET2iYNV8/Co70JJc5SvxKi+zEKOrnMA
JF+gFUNhCPA9FQzVicruAlmsvmQmWJWVo5GKJzPS0LHGx13fLejQQXsHBljqT4AM
b3CuCeyWB4Cppd8XWhoHh0E/qtjhPV52pp56WOspCJBV8hsqST/od73P+jFU4M98
+TNS8XD59k3oqQ9cGIbcFpmwwn+uyofAeCgc5QmTHSgzDE4xGM+Rh9c=
-----END CERTIFICATE-----