Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS62240.roa
File:                     AS62240.roa (raw, json)
Hash identifier:          iu/zSQ0d8yN1vNzeS/yLjITAW8obBq7ptJ/rqyuNfP4=
Subject key identifier:   58:11:72:23:09:2D:F9:8D:86:1D:C0:F4:7B:FD:5E:0A:69:CB:AE:0A
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6F0A33447387877AAFA97F8206C4C2479BE05D91
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS62240.roa
Signing time:             Sat 09 Dec 2023 00:00:08 +0000
ROA not before:           Fri 08 Dec 2023 23:55:08 +0000
ROA not after:            Sat 07 Dec 2024 00:00:08 +0000
asID:                     62240
IP address blocks:        45.89.242.0/24 maxlen: 24
                          45.137.126.0/24 maxlen: 24
                          191.101.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:0a:33:44:73:87:87:7a:af:a9:7f:82:06:c4:c2:47:9b:e0:5d:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Dec  8 23:55:08 2023 GMT
            Not After : Dec  7 00:00:08 2024 GMT
        Subject: CN=58117223092DF98D861DC0F47BFD5E0A69CBAE0A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:c8:d9:1b:1a:be:e9:74:14:75:22:cc:59:5e:
                    3c:b4:09:f3:59:0f:cb:4a:2f:97:5e:36:20:46:b2:
                    ac:54:ff:1f:c2:9e:e6:3e:0f:86:aa:be:5c:cb:16:
                    a3:b5:9f:e4:54:c0:9f:f6:bb:2c:90:6a:b7:c7:5d:
                    f6:d1:7f:94:35:cd:36:df:8e:6d:41:b0:3e:7c:f9:
                    aa:b5:b1:95:2e:d7:f7:65:0d:13:6b:84:41:bb:c9:
                    5e:38:f9:b4:2e:3e:79:96:0b:82:ec:08:e0:83:42:
                    2d:e9:81:5a:0a:f0:aa:c9:18:ec:94:04:c3:f9:dd:
                    5d:7f:d0:ba:0c:84:77:c2:ee:f9:00:1a:9d:88:61:
                    51:ea:1c:df:26:1a:0f:02:0b:db:46:ee:21:58:3f:
                    e3:39:4e:5a:9e:1d:fe:7f:62:5b:de:c4:66:bf:32:
                    09:bb:7f:2c:87:19:ec:ae:7a:9d:ca:bf:8f:81:03:
                    8a:0e:e6:d0:dd:e0:80:47:05:4d:7d:50:7c:2e:7a:
                    db:61:de:db:01:77:08:86:94:1f:fa:99:a3:ee:81:
                    21:45:20:bc:a6:34:97:23:40:0f:09:d0:ad:11:1b:
                    f6:ae:88:b7:91:c3:92:31:7a:f3:65:48:e3:1b:6a:
                    9e:00:62:f3:9f:16:03:55:8e:ca:d4:12:4b:a8:5c:
                    35:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:11:72:23:09:2D:F9:8D:86:1D:C0:F4:7B:FD:5E:0A:69:CB:AE:0A
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS62240.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.242.0/24
                  45.137.126.0/24
                  191.101.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:ab:b2:b4:85:13:be:c4:15:59:99:0c:a8:39:9c:96:3e:5d:
         30:13:79:71:49:2a:d7:de:71:eb:76:89:8c:42:9c:5e:72:86:
         ab:6b:13:60:4c:cd:a4:23:8a:6f:a7:e2:9d:46:0f:99:70:d1:
         a5:d8:7d:bf:3c:71:e8:6e:27:49:47:c3:80:74:ab:a1:21:5e:
         d0:85:2c:fe:9b:7e:80:a0:04:95:51:cc:0f:12:32:8b:b6:4e:
         28:da:1c:d3:9e:c5:e2:1f:21:e7:9e:21:09:52:94:f5:81:43:
         47:79:29:56:6b:18:f1:e4:0a:6f:2f:08:8d:49:d3:a0:a9:6c:
         08:dc:53:d0:73:af:87:4d:9c:d5:74:26:2e:58:32:1d:7c:d1:
         d2:88:a9:27:73:fe:50:77:8c:9c:e9:62:d2:bc:fa:f1:f7:05:
         f2:39:39:ff:68:15:3f:57:01:a2:2e:e1:f2:08:43:f0:a9:38:
         cc:c0:7f:d1:4c:3d:51:0d:6c:7c:7d:a8:f6:0f:95:d1:98:26:
         02:47:ad:19:92:e1:f7:b0:34:37:05:87:51:5f:c7:83:8f:2c:
         5f:d5:e7:d0:a7:c5:bf:d0:4a:58:dc:bf:bc:72:72:22:ef:82:
         3f:52:5f:18:e2:67:41:3a:c1:34:6f:55:d3:4a:67:74:b5:c6:
         7a:bc:10:64
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUbwozRHOHh3qvqX+CBsTCR5vgXZEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzEyMDgyMzU1MDhaFw0yNDEyMDcwMDAwMDhaMDMxMTAvBgNV
BAMTKDU4MTE3MjIzMDkyREY5OEQ4NjFEQzBGNDdCRkQ1RTBBNjlDQkFFMEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCayNkbGr7pdBR1IsxZXjy0CfNZ
D8tKL5deNiBGsqxU/x/CnuY+D4aqvlzLFqO1n+RUwJ/2uyyQarfHXfbRf5Q1zTbf
jm1BsD58+aq1sZUu1/dlDRNrhEG7yV44+bQuPnmWC4LsCOCDQi3pgVoK8KrJGOyU
BMP53V1/0LoMhHfC7vkAGp2IYVHqHN8mGg8CC9tG7iFYP+M5TlqeHf5/YlvexGa/
Mgm7fyyHGeyuep3Kv4+BA4oO5tDd4IBHBU19UHwuetth3tsBdwiGlB/6maPugSFF
ILymNJcjQA8J0K0RG/auiLeRw5IxevNlSOMbap4AYvOfFgNVjsrUEkuoXDXTAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUWBFyIwkt+Y2GHcD0e/1eCmnLrgowHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNjIyNDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAAtWfID
BAAtiX4DBAC/ZfcwDQYJKoZIhvcNAQELBQADggEBAJ+rsrSFE77EFVmZDKg5nJY+
XTATeXFJKtfecet2iYxCnF5yhqtrE2BMzaQjim+n4p1GD5lw0aXYfb88cehuJ0lH
w4B0q6EhXtCFLP6bfoCgBJVRzA8SMou2TijaHNOexeIfIeeeIQlSlPWBQ0d5KVZr
GPHkCm8vCI1J06CpbAjcU9Bzr4dNnNV0Ji5YMh180dKIqSdz/lB3jJzpYtK8+vH3
BfI5Of9oFT9XAaIu4fIIQ/CpOMzAf9FMPVENbHx9qPYPldGYJgJHrRmS4fewNDcF
h1Ffx4OPLF/V59Cnxb/QSljcv7xyciLvgj9SXxjiZ0E6wTRvVdNKZ3S1xnq8EGQ=
-----END CERTIFICATE-----