Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS57043.roa
File:                     AS57043.roa (raw, json)
Hash identifier:          N60eZGd0UGVUJyUYNFl3q5Cnmik9M5huykvTGAejm2Q=
Subject key identifier:   C6:8A:04:E8:39:A5:56:E3:0E:56:74:97:1D:42:F7:CF:46:34:41:2A
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       15077A66D46411256837C14CA174CE5F90D55E81
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS57043.roa
Signing time:             Wed 06 Mar 2024 18:17:45 +0000
ROA not before:           Wed 06 Mar 2024 18:12:45 +0000
ROA not after:            Wed 05 Mar 2025 18:17:45 +0000
asID:                     57043
IP address blocks:        45.89.253.0/24 maxlen: 24
                          191.101.113.0/24 maxlen: 24
                          194.110.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:07:7a:66:d4:64:11:25:68:37:c1:4c:a1:74:ce:5f:90:d5:5e:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar  6 18:12:45 2024 GMT
            Not After : Mar  5 18:17:45 2025 GMT
        Subject: CN=C68A04E839A556E30E5674971D42F7CF4634412A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:83:c8:4d:78:9d:99:3b:a2:47:b6:3c:df:12:
                    18:48:fe:f6:ab:82:f1:d5:06:09:ea:16:b9:61:33:
                    49:77:7d:26:cf:8b:a9:85:78:fd:dc:93:5d:2a:9e:
                    43:16:84:57:c8:fb:f1:fc:4a:5e:7d:9c:78:e2:c8:
                    6d:d3:24:c4:bd:bc:45:e9:e4:3c:65:b1:c3:ba:5b:
                    0a:39:d0:0e:ec:be:4c:bc:2f:f1:d8:98:3a:b8:51:
                    a0:ee:9a:af:b7:80:e6:df:2d:74:48:26:a4:1c:8e:
                    24:13:66:4e:e6:76:b8:66:53:85:d4:2d:cb:ba:0d:
                    10:10:b1:ae:a7:24:1e:cb:f5:1f:b0:6b:aa:eb:b6:
                    7b:71:50:85:a6:af:82:25:51:6a:e3:08:6c:73:22:
                    8c:93:25:8e:30:4c:6b:02:10:67:0d:85:c6:78:eb:
                    08:2b:6d:65:16:a4:33:eb:dd:80:70:75:b8:ab:8c:
                    3a:08:47:e5:fe:0a:f2:2b:a5:4a:c8:c0:ff:f4:f8:
                    6c:38:35:cc:dd:19:d5:ba:fb:32:ea:b5:cb:62:0f:
                    ee:65:bc:81:c4:af:be:1a:1b:5d:5f:f8:3d:42:2b:
                    58:22:5d:e5:c9:3d:e6:79:4e:cd:b5:d7:2f:e5:23:
                    51:76:4e:95:be:23:e0:e5:67:82:1a:42:3f:21:d6:
                    fc:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:8A:04:E8:39:A5:56:E3:0E:56:74:97:1D:42:F7:CF:46:34:41:2A
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS57043.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.253.0/24
                  191.101.113.0/24
                  194.110.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:66:ca:a8:72:eb:f9:a6:6e:5c:72:16:4b:e7:f0:9c:23:77:
         65:f0:f8:5d:cf:c2:44:09:36:da:f9:47:be:27:b8:a3:6d:f7:
         c8:a7:85:33:9f:32:1f:fb:d6:c0:04:0e:ab:65:54:41:63:f5:
         ff:02:0f:33:04:dc:a7:4e:37:5c:a0:92:22:3c:37:5f:c8:e7:
         1d:3b:9c:38:4b:28:46:a2:5e:56:58:9c:41:ac:37:68:e9:38:
         7c:5e:7a:66:9c:dc:a6:99:da:49:16:9e:28:88:cc:2d:91:41:
         b8:a5:75:22:04:69:1b:a9:98:28:11:4a:e4:b2:d4:36:82:4e:
         f1:4d:5f:f2:cb:2d:86:09:c3:bf:e1:e4:14:8d:c8:54:05:e9:
         b1:49:ee:80:04:f0:ac:d5:d8:36:1f:7c:6b:c5:83:34:1c:1a:
         a6:14:8a:49:96:fd:53:2f:b1:98:37:43:2c:07:8f:bd:43:05:
         d6:93:84:4a:ed:bc:3c:72:b2:12:c1:12:af:21:56:d1:f1:4d:
         92:e2:63:90:2d:0b:15:1d:49:3d:17:09:9b:c5:fc:00:3e:91:
         11:92:98:ef:a4:f3:e3:b5:9a:25:95:2b:89:e0:e8:87:2a:97:
         b1:72:e3:a5:6b:23:a8:cc:29:0f:e7:73:dc:0c:7f:2f:a6:6e:
         0e:63:09:62
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUFQd6ZtRkESVoN8FMoXTOX5DVXoEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAzMDYxODEyNDVaFw0yNTAzMDUxODE3NDVaMDMxMTAvBgNV
BAMTKEM2OEEwNEU4MzlBNTU2RTMwRTU2NzQ5NzFENDJGN0NGNDYzNDQxMkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0g8hNeJ2ZO6JHtjzfEhhI/var
gvHVBgnqFrlhM0l3fSbPi6mFeP3ck10qnkMWhFfI+/H8Sl59nHjiyG3TJMS9vEXp
5DxlscO6Wwo50A7svky8L/HYmDq4UaDumq+3gObfLXRIJqQcjiQTZk7mdrhmU4XU
Lcu6DRAQsa6nJB7L9R+wa6rrtntxUIWmr4IlUWrjCGxzIoyTJY4wTGsCEGcNhcZ4
6wgrbWUWpDPr3YBwdbirjDoIR+X+CvIrpUrIwP/0+Gw4NczdGdW6+zLqtctiD+5l
vIHEr74aG11f+D1CK1giXeXJPeZ5Ts211y/lI1F2TpW+I+DlZ4IaQj8h1vybAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUxooE6DmlVuMOVnSXHUL3z0Y0QSowHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTcwNDMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAAtWf0D
BAC/ZXEDBADCbg4wDQYJKoZIhvcNAQELBQADggEBAHlmyqhy6/mmblxyFkvn8Jwj
d2Xw+F3PwkQJNtr5R74nuKNt98inhTOfMh/71sAEDqtlVEFj9f8CDzME3KdON1yg
kiI8N1/I5x07nDhLKEaiXlZYnEGsN2jpOHxeemac3KaZ2kkWniiIzC2RQbildSIE
aRupmCgRSuSy1DaCTvFNX/LLLYYJw7/h5BSNyFQF6bFJ7oAE8KzV2DYffGvFgzQc
GqYUikmW/VMvsZg3QywHj71DBdaThErtvDxyshLBEq8hVtHxTZLiY5AtCxUdST0X
CZvF/AA+kRGSmO+k8+O1miWVK4ng6Icql7Fy46VrI6jMKQ/nc9wMfy+mbg5jCWI=
-----END CERTIFICATE-----