Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS62390.roa
File:                     AS62390.roa (raw, json)
Hash identifier:          PEQVNlEIFbj0aZJYrvSlaCNdZq5kLWiGe8mX3UnR5Jc=
Subject key identifier:   2D:24:AE:3B:B4:6C:EE:F8:1C:6A:66:5B:3D:8D:E2:01:22:F3:1A:F1
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       28931BBD8ECECE9981641EC27225BF43C23C9001
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS62390.roa
Signing time:             Fri 01 Mar 2024 19:21:59 +0000
ROA not before:           Fri 01 Mar 2024 19:16:59 +0000
ROA not after:            Fri 28 Feb 2025 19:21:59 +0000
asID:                     62390
IP address blocks:        179.61.217.0/24 maxlen: 24
                          191.101.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:93:1b:bd:8e:ce:ce:99:81:64:1e:c2:72:25:bf:43:c2:3c:90:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar  1 19:16:59 2024 GMT
            Not After : Feb 28 19:21:59 2025 GMT
        Subject: CN=2D24AE3BB46CEEF81C6A665B3D8DE20122F31AF1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:6d:c3:44:47:9f:02:d7:8f:28:6f:0b:85:42:
                    7e:bc:3f:2f:b2:64:a1:7d:d8:4c:84:b6:63:d3:01:
                    70:76:f8:8f:0d:d6:f2:07:d4:43:09:4b:51:ba:62:
                    c3:e6:84:f9:27:9a:5e:20:3f:4a:d8:c3:66:7d:08:
                    aa:d7:11:fb:b9:48:ab:9a:47:bf:80:2b:d3:b0:a6:
                    13:08:e5:ce:61:5e:ab:51:01:3d:e6:7a:97:eb:b8:
                    c1:2e:82:09:c8:f0:2c:24:d4:76:32:1a:25:bf:d0:
                    28:ee:da:12:85:46:d6:2d:a3:18:60:45:39:b0:21:
                    80:39:98:6c:7e:cd:63:94:2d:ae:69:dd:5c:c9:7e:
                    2a:93:bd:a3:87:c1:72:83:15:96:77:9e:46:7a:77:
                    77:86:bb:fa:7c:5a:4d:70:8d:5c:24:fb:8e:1a:0f:
                    23:bd:fc:31:75:8f:fb:b1:23:3d:c2:fe:12:31:8d:
                    ed:f1:65:54:0a:f3:57:5a:ad:47:0c:af:98:7a:24:
                    64:9e:21:06:23:83:ff:25:88:d0:90:74:91:2c:c5:
                    9e:e6:d6:5d:2d:06:5f:f9:3a:78:0d:bc:b9:56:70:
                    ae:c4:14:09:67:78:2f:1f:e9:45:eb:12:07:09:e9:
                    f3:0b:5a:1b:5b:2c:65:57:a0:b8:97:dc:7d:ca:e9:
                    cf:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:24:AE:3B:B4:6C:EE:F8:1C:6A:66:5B:3D:8D:E2:01:22:F3:1A:F1
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS62390.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.217.0/24
                  191.101.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:40:0c:dd:8d:d1:5a:4c:71:49:71:bc:f5:ea:f8:59:8d:8c:
         9e:4e:14:8b:91:24:44:5a:be:57:c0:b0:e8:d6:45:21:08:69:
         9f:37:66:64:3f:a3:fd:09:99:5b:0e:7e:77:53:fa:6d:e6:4e:
         11:f4:51:d4:c6:88:fc:53:86:72:e2:a5:b4:2d:80:ea:21:79:
         12:03:4f:a3:96:57:48:ad:65:4d:cb:f1:e7:90:45:85:0a:fe:
         38:21:53:4f:69:db:a1:bd:d9:98:cb:86:de:04:ac:65:00:dc:
         d3:09:29:2b:b9:97:91:dc:53:30:f3:ef:61:39:45:80:49:ce:
         36:67:a4:f7:ef:df:8c:cd:4c:0e:a5:2d:e5:02:cb:6b:c3:55:
         7c:b1:5a:f3:fb:7f:52:46:4f:b5:c9:7a:df:ed:30:17:a5:d9:
         01:3a:83:b5:e9:27:a8:ff:d9:99:0e:99:43:8e:29:f2:09:07:
         cc:d9:d9:ca:13:9a:e9:82:08:c8:52:5f:36:24:e6:83:8c:e3:
         42:78:8f:5f:21:ab:4a:9a:46:a0:f2:65:79:ca:dd:2b:4e:0e:
         20:ce:32:59:7a:54:a2:90:7b:97:3a:af:be:a5:3f:54:e3:af:
         c9:6f:c2:15:5e:36:58:15:f6:fa:44:99:34:2f:1d:92:71:3a:
         40:e6:1d:ba
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUKJMbvY7OzpmBZB7CciW/Q8I8kAEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAzMDExOTE2NTlaFw0yNTAyMjgxOTIxNTlaMDMxMTAvBgNV
BAMTKDJEMjRBRTNCQjQ2Q0VFRjgxQzZBNjY1QjNEOERFMjAxMjJGMzFBRjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+bcNER58C148obwuFQn68Py+y
ZKF92EyEtmPTAXB2+I8N1vIH1EMJS1G6YsPmhPknml4gP0rYw2Z9CKrXEfu5SKua
R7+AK9OwphMI5c5hXqtRAT3mepfruMEuggnI8Cwk1HYyGiW/0Cju2hKFRtYtoxhg
RTmwIYA5mGx+zWOULa5p3VzJfiqTvaOHwXKDFZZ3nkZ6d3eGu/p8Wk1wjVwk+44a
DyO9/DF1j/uxIz3C/hIxje3xZVQK81darUcMr5h6JGSeIQYjg/8liNCQdJEsxZ7m
1l0tBl/5OngNvLlWcK7EFAlneC8f6UXrEgcJ6fMLWhtbLGVXoLiX3H3K6c8ZAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQULSSuO7Rs7vgcamZbPY3iASLzGvEwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNjIzOTAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACzPdkD
BAC/ZQgwDQYJKoZIhvcNAQELBQADggEBAGZADN2N0VpMcUlxvPXq+FmNjJ5OFIuR
JERavlfAsOjWRSEIaZ83ZmQ/o/0JmVsOfndT+m3mThH0UdTGiPxThnLipbQtgOoh
eRIDT6OWV0itZU3L8eeQRYUK/jghU09p26G92ZjLht4ErGUA3NMJKSu5l5HcUzDz
72E5RYBJzjZnpPfv34zNTA6lLeUCy2vDVXyxWvP7f1JGT7XJet/tMBel2QE6g7Xp
J6j/2ZkOmUOOKfIJB8zZ2coTmumCCMhSXzYk5oOM40J4j18hq0qaRqDyZXnK3StO
DiDOMll6VKKQe5c6r76lP1Tjr8lvwhVeNlgV9vpEmTQvHZJxOkDmHbo=
-----END CERTIFICATE-----