Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS61112.roa
File:                     AS61112.roa (raw, json)
Hash identifier:          m+fAN4PoQ4XLgb9nJ548/dwIL7u4FXhLHvGs1tUNJdo=
Subject key identifier:   F7:BA:8A:C3:B8:41:9E:03:A6:D2:36:82:F5:D2:22:53:CA:89:3F:AB
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       14F825479892F613D8DA416440FA1F8E74C27DBA
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS61112.roa
Signing time:             Mon 02 Sep 2024 13:07:30 +0000
ROA not before:           Mon 02 Sep 2024 13:02:30 +0000
ROA not after:            Mon 01 Sep 2025 13:07:30 +0000
asID:                     61112
IP address blocks:        181.214.136.0/24 maxlen: 24
                          191.101.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:f8:25:47:98:92:f6:13:d8:da:41:64:40:fa:1f:8e:74:c2:7d:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Sep  2 13:02:30 2024 GMT
            Not After : Sep  1 13:07:30 2025 GMT
        Subject: CN=F7BA8AC3B8419E03A6D23682F5D22253CA893FAB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:9a:83:fc:ee:d2:58:5c:35:30:d0:fd:5d:63:
                    90:ee:57:bb:70:a8:ad:6d:f7:b5:2d:7b:1c:c1:89:
                    7d:93:f6:8a:7d:81:55:05:61:4d:bf:03:81:7d:b9:
                    e0:be:a5:24:c8:dc:48:bd:79:8a:c4:ce:47:89:7b:
                    bd:f2:c1:66:3d:ff:c2:40:e5:bb:b6:fd:81:e2:3a:
                    55:c2:3f:d4:68:cb:59:6c:b4:ec:8b:e6:d8:92:48:
                    ea:e3:3d:cd:ca:35:81:43:7f:63:55:c8:a7:a8:db:
                    98:ab:8a:fe:71:8c:ab:15:6c:c5:95:40:c8:dd:38:
                    47:c5:74:ad:78:aa:9e:c5:da:11:e1:e5:4d:54:53:
                    42:94:28:8d:82:06:db:17:73:7e:ba:22:92:8b:4c:
                    b7:5e:d3:83:ac:c3:8c:1d:cd:96:e2:4a:9a:5f:8d:
                    d2:ff:b9:f7:d0:6e:62:2c:0c:ec:77:1e:02:a1:d8:
                    48:61:b8:72:1e:ae:5d:da:97:dc:40:5c:ce:08:51:
                    61:07:ff:29:74:64:58:dd:53:bc:bc:5b:ee:09:ee:
                    4c:d8:25:63:e1:d6:5c:ff:d9:f4:5a:07:f0:55:ef:
                    f0:b1:92:fe:d6:72:fb:57:ea:82:b9:07:a6:61:dd:
                    84:78:c3:20:e0:09:48:01:3e:81:f3:56:f4:4b:ae:
                    21:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:BA:8A:C3:B8:41:9E:03:A6:D2:36:82:F5:D2:22:53:CA:89:3F:AB
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS61112.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.136.0/24
                  191.101.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:83:20:ff:15:b1:ea:15:b9:1d:c7:a1:59:d7:4b:9d:f0:2f:
         8a:fd:02:d3:1f:ec:da:f4:38:54:6a:5c:16:fb:1a:f6:71:6f:
         3e:58:cc:b5:0b:10:37:d9:d8:6c:17:1b:d9:59:7b:61:c2:f8:
         f9:4e:f4:88:99:da:d8:cc:ac:bd:18:e7:8f:49:6c:6b:17:99:
         cf:26:02:bb:9f:05:11:6c:9a:b9:96:d4:aa:2a:6b:f5:b6:a3:
         42:2f:21:6a:be:c0:f4:7f:6c:9b:87:e3:ce:ba:f6:1f:80:90:
         31:dc:14:95:7f:f5:f9:57:1e:2c:8f:0f:5c:bd:98:35:16:2e:
         a9:a8:d5:70:2b:b5:b3:66:e2:41:2e:53:1c:c8:b3:52:c0:01:
         d5:df:ca:6d:0e:37:6c:20:0e:71:d7:b8:1e:7b:5c:c3:c2:82:
         94:4c:9d:ce:fd:f5:ea:fb:5e:0f:0f:a3:99:e9:98:b4:2e:38:
         50:f0:58:c2:e5:b3:d9:3d:c2:f9:c9:e5:b4:72:7d:6e:60:c1:
         16:56:14:55:8e:48:fd:fb:a6:fd:f8:9c:4a:7b:53:57:77:e2:
         1b:d8:4a:ee:c4:d0:0c:5c:aa:01:62:29:40:7a:05:95:8e:0c:
         7e:a2:37:9d:f9:e8:ef:a3:e5:1b:93:d5:52:d1:4b:93:c5:3a:
         c9:2b:23:72
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUFPglR5iS9hPY2kFkQPofjnTCfbowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA5MDIxMzAyMzBaFw0yNTA5MDExMzA3MzBaMDMxMTAvBgNV
BAMTKEY3QkE4QUMzQjg0MTlFMDNBNkQyMzY4MkY1RDIyMjUzQ0E4OTNGQUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOmoP87tJYXDUw0P1dY5DuV7tw
qK1t97UtexzBiX2T9op9gVUFYU2/A4F9ueC+pSTI3Ei9eYrEzkeJe73ywWY9/8JA
5bu2/YHiOlXCP9Roy1lstOyL5tiSSOrjPc3KNYFDf2NVyKeo25iriv5xjKsVbMWV
QMjdOEfFdK14qp7F2hHh5U1UU0KUKI2CBtsXc366IpKLTLde04Osw4wdzZbiSppf
jdL/uffQbmIsDOx3HgKh2EhhuHIerl3al9xAXM4IUWEH/yl0ZFjdU7y8W+4J7kzY
JWPh1lz/2fRaB/BV7/Cxkv7WcvtX6oK5B6Zh3YR4wyDgCUgBPoHzVvRLriGJAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQU97qKw7hBngOm0jaC9dIiU8qJP6swHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNjExMTIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAC11ogD
BAC/ZYQwDQYJKoZIhvcNAQELBQADggEBACGDIP8VseoVuR3HoVnXS53wL4r9AtMf
7Nr0OFRqXBb7GvZxbz5YzLULEDfZ2GwXG9lZe2HC+PlO9IiZ2tjMrL0Y549JbGsX
mc8mArufBRFsmrmW1Koqa/W2o0IvIWq+wPR/bJuH48669h+AkDHcFJV/9flXHiyP
D1y9mDUWLqmo1XArtbNm4kEuUxzIs1LAAdXfym0ON2wgDnHXuB57XMPCgpRMnc79
9er7Xg8Po5npmLQuOFDwWMLls9k9wvnJ5bRyfW5gwRZWFFWOSP37pv34nEp7U1d3
4hvYSu7E0AxcqgFiKUB6BZWODH6iN5356O+j5RuT1VLRS5PFOskrI3I=
-----END CERTIFICATE-----