Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS61112.roa
File:                     AS61112.roa (raw, json)
Hash identifier:          WzpoiLofrxia41itUF+9LcfzZMEOja/sWCkOCoJ4MmY=
Subject key identifier:   AA:77:39:B0:FA:E5:45:97:97:9B:40:49:42:29:36:D6:FD:78:93:DB
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       60116B126D9456703C3522DFB3F38CCABECDF7CD
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS61112.roa
Signing time:             Wed 14 Jun 2023 08:41:38 +0000
ROA not before:           Wed 14 Jun 2023 08:36:38 +0000
ROA not after:            Wed 12 Jun 2024 08:41:38 +0000
asID:                     61112
IP address blocks:        181.214.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:11:6b:12:6d:94:56:70:3c:35:22:df:b3:f3:8c:ca:be:cd:f7:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 14 08:36:38 2023 GMT
            Not After : Jun 12 08:41:38 2024 GMT
        Subject: CN=AA7739B0FAE54597979B4049422936D6FD7893DB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:22:10:1a:1c:37:8c:35:03:76:b1:5b:68:2a:
                    67:78:b4:2d:b7:32:2c:58:f6:d5:4c:d6:ce:29:2b:
                    91:ec:e0:d4:8e:5a:a0:5c:77:04:46:91:c4:af:b4:
                    7b:a7:31:80:6b:98:73:7c:82:e4:72:32:8c:d6:a9:
                    aa:e5:ff:50:22:51:bd:32:b8:fe:6a:f0:85:92:34:
                    e6:d9:8d:f2:31:d9:5f:03:95:71:b9:bc:26:1b:48:
                    89:bc:1c:d0:15:26:27:b0:7d:88:72:4a:f9:00:48:
                    04:f3:57:ec:41:50:c2:56:43:14:8b:21:bb:98:19:
                    cf:a6:d2:de:ea:6e:c4:0f:be:d8:7d:e2:85:c3:29:
                    d3:1c:bf:7e:92:a6:cb:e3:40:49:c1:e0:55:7f:ed:
                    92:c1:40:d3:5e:91:7e:11:48:40:0f:84:11:3e:7f:
                    88:c7:eb:36:e0:83:84:b3:d1:6b:dc:37:c2:72:01:
                    9a:04:5d:65:54:09:98:cd:71:95:78:25:53:6e:c7:
                    8b:4e:fa:78:72:8d:ae:70:c6:38:e5:b9:94:b9:39:
                    86:ad:2a:55:03:97:8a:03:c0:16:f2:c6:c9:28:cc:
                    e2:e2:5f:ef:a4:02:59:f5:8f:df:23:17:ad:69:ec:
                    1d:84:3a:ba:e4:e4:41:97:10:27:a0:b7:86:93:3b:
                    d3:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:77:39:B0:FA:E5:45:97:97:9B:40:49:42:29:36:D6:FD:78:93:DB
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS61112.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:d9:3c:d9:46:de:8d:9f:4c:40:50:3a:03:30:a2:56:d0:05:
         cd:a6:c7:20:ed:07:43:79:49:6b:25:70:c2:52:5c:b4:1f:5a:
         f7:64:ac:2a:bf:b1:24:93:25:17:d9:89:ef:bc:9c:54:d8:5a:
         7d:54:86:ef:0c:8e:d6:c5:ab:75:d7:83:c3:dd:45:1d:1e:21:
         6a:20:cf:6b:eb:26:b0:00:69:31:cc:2c:d1:b5:ec:ff:d7:20:
         9a:37:c2:9b:c3:8b:ab:3a:d2:f8:d3:82:4d:79:25:6e:7a:28:
         ca:43:43:1c:08:3a:1e:ae:78:3a:d9:30:27:9e:87:53:ac:6e:
         07:a6:0b:8b:19:5d:f0:b4:b6:af:cb:8c:87:2c:36:1e:8b:c4:
         32:e0:f7:b9:ee:1b:13:0a:0f:f2:78:35:93:0a:67:e2:25:93:
         b7:be:fb:d6:cc:4a:95:e4:69:84:6a:43:a7:c9:53:52:9d:fa:
         f5:72:10:b9:b4:a8:d1:df:64:c6:eb:bc:da:4b:a3:32:ae:0c:
         59:2a:f8:bc:ea:ed:e3:12:d1:13:f0:84:35:c0:16:d0:b7:1b:
         f1:83:40:29:c2:7c:52:2c:06:11:d2:6b:e5:2d:d7:a3:45:5d:
         c2:ea:61:9f:10:9c:59:98:b5:fc:55:8a:ad:a5:af:b1:57:ca:
         dc:ea:cc:a7
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUYBFrEm2UVnA8NSLfs/OMyr7N980wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzA2MTQwODM2MzhaFw0yNDA2MTIwODQxMzhaMDMxMTAvBgNV
BAMTKEFBNzczOUIwRkFFNTQ1OTc5NzlCNDA0OTQyMjkzNkQ2RkQ3ODkzREIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNIhAaHDeMNQN2sVtoKmd4tC23
MixY9tVM1s4pK5Hs4NSOWqBcdwRGkcSvtHunMYBrmHN8guRyMozWqarl/1AiUb0y
uP5q8IWSNObZjfIx2V8DlXG5vCYbSIm8HNAVJiewfYhySvkASATzV+xBUMJWQxSL
IbuYGc+m0t7qbsQPvth94oXDKdMcv36SpsvjQEnB4FV/7ZLBQNNekX4RSEAPhBE+
f4jH6zbgg4Sz0WvcN8JyAZoEXWVUCZjNcZV4JVNux4tO+nhyja5wxjjluZS5OYat
KlUDl4oDwBbyxskozOLiX++kAln1j98jF61p7B2EOrrk5EGXECegt4aTO9OZAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUqnc5sPrlRZeXm0BJQik21v14k9swHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNjExMTIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC11ogw
DQYJKoZIhvcNAQELBQADggEBAAnZPNlG3o2fTEBQOgMwolbQBc2mxyDtB0N5SWsl
cMJSXLQfWvdkrCq/sSSTJRfZie+8nFTYWn1Uhu8MjtbFq3XXg8PdRR0eIWogz2vr
JrAAaTHMLNG17P/XIJo3wpvDi6s60vjTgk15JW56KMpDQxwIOh6ueDrZMCeeh1Os
bgemC4sZXfC0tq/LjIcsNh6LxDLg97nuGxMKD/J4NZMKZ+Ilk7e++9bMSpXkaYRq
Q6fJU1Kd+vVyELm0qNHfZMbrvNpLozKuDFkq+Lzq7eMS0RPwhDXAFtC3G/GDQCnC
fFIsBhHSa+Ut16NFXcLqYZ8QnFmYtfxViq2lr7FXytzqzKc=
-----END CERTIFICATE-----