Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS59816.roa
File:                     AS59816.roa (raw, json)
Hash identifier:          BHeM5wV0/zI+9ZCZhrf79OsA+etno6Oc85Cvft9CO98=
Subject key identifier:   33:D4:0B:DF:49:B9:77:63:DB:57:A0:8C:A8:2D:04:12:84:F9:18:D0
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       038CBC39133F3475D6A48CE7317D2AD1FFBD8B92
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS59816.roa
Signing time:             Wed 31 Jan 2024 08:05:10 +0000
ROA not before:           Wed 31 Jan 2024 08:00:10 +0000
ROA not after:            Wed 29 Jan 2025 08:05:10 +0000
asID:                     59816
IP address blocks:        5.252.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:8c:bc:39:13:3f:34:75:d6:a4:8c:e7:31:7d:2a:d1:ff:bd:8b:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:10 2024 GMT
            Not After : Jan 29 08:05:10 2025 GMT
        Subject: CN=33D40BDF49B97763DB57A08CA82D041284F918D0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:66:4d:62:0d:c3:e3:53:6e:b4:c8:8a:5f:2d:
                    2d:67:01:ee:20:96:7e:c7:30:5d:30:e1:45:9f:2f:
                    dc:45:aa:0b:d2:a8:26:f0:86:13:24:01:7f:41:25:
                    c0:7d:12:1e:3d:ec:15:5a:b1:b6:09:08:5d:b5:11:
                    24:2c:22:2b:7a:bb:2e:3e:fe:6b:ce:40:2e:fd:ff:
                    f4:4f:94:a9:aa:87:ec:a7:24:77:7b:64:d9:46:28:
                    1d:f2:b5:ac:7b:17:ce:26:9e:10:c0:03:5e:ed:49:
                    13:02:ed:1a:fb:1f:6f:26:a6:e5:40:11:59:2e:a4:
                    04:df:c5:43:29:dc:c4:e1:28:36:dd:7b:69:f2:c8:
                    67:48:9b:49:7e:70:35:ff:f7:40:63:2e:d1:d6:69:
                    2a:ed:63:08:02:31:05:b8:2a:48:ac:aa:25:f7:b5:
                    07:c9:3b:a3:bf:c0:4d:47:f3:de:21:a2:b0:71:aa:
                    9b:46:62:fc:16:c8:f3:a0:af:d3:37:00:2e:90:eb:
                    0c:ab:2a:59:b4:1a:a1:1b:3a:73:c5:1c:96:50:3e:
                    86:46:79:00:43:3f:ce:94:ac:b1:ff:63:86:bb:82:
                    f6:4a:56:0f:19:6c:54:9b:e8:65:70:27:9f:71:bf:
                    02:9f:4a:21:d1:fd:1b:f8:d5:0a:46:27:14:ec:01:
                    15:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:D4:0B:DF:49:B9:77:63:DB:57:A0:8C:A8:2D:04:12:84:F9:18:D0
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS59816.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:a2:d0:16:26:28:99:94:78:f4:a9:2a:ce:99:ba:34:95:77:
         08:ce:bd:d1:f1:3f:d1:b9:fb:6b:d8:b8:ec:7e:99:90:87:54:
         da:79:f8:a8:32:2b:d4:1f:9f:a4:6c:5d:40:19:1b:1b:b1:2b:
         ac:15:70:97:a8:d3:08:21:8b:e2:9e:0d:48:bd:3e:cf:45:b9:
         22:97:19:ef:a1:59:10:0b:a0:bb:d2:74:7d:d3:4d:90:4b:8c:
         00:39:8a:ff:2c:f7:98:4c:6b:9d:db:d2:b3:65:d3:12:3a:26:
         f3:fe:4e:89:c3:08:f7:87:e2:8b:ed:ba:17:d0:33:97:af:7b:
         97:e3:4d:da:24:1f:1b:54:4c:83:77:3b:32:29:46:b2:96:46:
         24:1d:dd:95:1d:f7:0c:69:04:90:09:35:ef:3d:97:9c:bf:af:
         c7:9e:01:62:66:03:77:ea:6c:e2:2b:e9:40:92:f2:d9:f5:09:
         56:39:77:88:aa:de:ab:04:23:a8:46:58:62:d7:42:ad:b8:eb:
         e8:59:30:08:37:54:2c:c3:e0:a4:0f:21:17:0c:a7:63:ed:21:
         cc:7e:5d:cf:73:1d:9d:e1:f3:f6:b1:9a:57:de:63:26:af:94:
         8e:19:87:f3:54:77:27:04:5f:91:8b:7d:33:b8:3c:e5:4d:57:
         cf:e4:fb:51
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUA4y8ORM/NHXWpIznMX0q0f+9i5IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMTBaFw0yNTAxMjkwODA1MTBaMDMxMTAvBgNV
BAMTKDMzRDQwQkRGNDlCOTc3NjNEQjU3QTA4Q0E4MkQwNDEyODRGOTE4RDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2Zk1iDcPjU260yIpfLS1nAe4g
ln7HMF0w4UWfL9xFqgvSqCbwhhMkAX9BJcB9Eh497BVasbYJCF21ESQsIit6uy4+
/mvOQC79//RPlKmqh+ynJHd7ZNlGKB3ytax7F84mnhDAA17tSRMC7Rr7H28mpuVA
EVkupATfxUMp3MThKDbde2nyyGdIm0l+cDX/90BjLtHWaSrtYwgCMQW4KkisqiX3
tQfJO6O/wE1H894horBxqptGYvwWyPOgr9M3AC6Q6wyrKlm0GqEbOnPFHJZQPoZG
eQBDP86UrLH/Y4a7gvZKVg8ZbFSb6GVwJ59xvwKfSiHR/Rv41QpGJxTsARW9AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUM9QL30m5d2PbV6CMqC0EEoT5GNAwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTk4MTYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAF/FMw
DQYJKoZIhvcNAQELBQADggEBAKui0BYmKJmUePSpKs6ZujSVdwjOvdHxP9G5+2vY
uOx+mZCHVNp5+KgyK9Qfn6RsXUAZGxuxK6wVcJeo0wghi+KeDUi9Ps9FuSKXGe+h
WRALoLvSdH3TTZBLjAA5iv8s95hMa53b0rNl0xI6JvP+TonDCPeH4ovtuhfQM5ev
e5fjTdokHxtUTIN3OzIpRrKWRiQd3ZUd9wxpBJAJNe89l5y/r8eeAWJmA3fqbOIr
6UCS8tn1CVY5d4iq3qsEI6hGWGLXQq246+hZMAg3VCzD4KQPIRcMp2PtIcx+Xc9z
HZ3h8/axmlfeYyavlI4Zh/NUdycEX5GLfTO4POVNV8/k+1E=
-----END CERTIFICATE-----