Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS63018.roa
File:                     AS63018.roa (raw, json)
Hash identifier:          2jWmGCFB9dqQlKCg68Su21RKzqD+coj7fPe+F9DyCx0=
Subject key identifier:   0B:46:E0:F3:4D:14:92:6C:06:FA:03:DE:C3:21:4B:5C:AD:77:85:A9
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       EE9E5170E7BD47C6E3BEF55E43E233B38AE3AF
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS63018.roa
Signing time:             Thu 28 Mar 2024 19:22:08 +0000
ROA not before:           Thu 28 Mar 2024 19:17:08 +0000
ROA not after:            Thu 27 Mar 2025 19:22:08 +0000
asID:                     63018
IP address blocks:        179.61.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            ee:9e:51:70:e7:bd:47:c6:e3:be:f5:5e:43:e2:33:b3:8a:e3:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 28 19:17:08 2024 GMT
            Not After : Mar 27 19:22:08 2025 GMT
        Subject: CN=0B46E0F34D14926C06FA03DEC3214B5CAD7785A9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:d9:7f:56:38:d2:99:96:da:63:80:01:2b:1e:
                    7a:5c:c0:02:41:b1:88:4b:81:d2:05:60:a3:99:33:
                    18:d3:89:92:2b:fa:b9:6b:9d:4d:e8:d9:6b:48:86:
                    14:6f:c5:7c:84:55:9c:dc:c0:6c:e5:fc:7a:21:2f:
                    a8:28:d4:82:23:1e:50:6c:72:08:72:39:7f:84:f8:
                    22:cc:c7:58:74:26:c8:b7:7b:3e:f1:f0:42:da:69:
                    3b:05:f5:9d:76:f1:d6:81:01:1e:cf:43:cc:ad:04:
                    e9:c8:d9:cd:71:ae:3f:35:c0:17:8e:0c:f7:45:79:
                    ff:a1:ca:06:1d:97:d5:a6:72:61:b1:77:da:ae:0a:
                    c3:b5:f5:73:74:13:62:12:54:d4:9f:ca:fb:e8:53:
                    dd:de:69:d9:48:5c:52:0e:5a:45:c0:57:53:75:4a:
                    e6:47:5e:95:d6:0e:ba:50:fa:a7:f8:79:68:13:e3:
                    03:8b:cd:e9:80:17:60:66:05:54:e3:c5:16:4d:e7:
                    9d:b3:a5:a4:6d:f4:9d:b4:4f:69:0e:e0:19:d4:ca:
                    b9:b9:11:1e:14:8f:2b:57:1e:86:f2:6c:c0:c5:80:
                    ae:5d:02:61:b9:8e:d5:e6:25:07:ac:9e:43:78:ee:
                    5c:71:bd:fd:72:a2:b8:00:30:2e:12:4d:b6:74:e6:
                    19:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:46:E0:F3:4D:14:92:6C:06:FA:03:DE:C3:21:4B:5C:AD:77:85:A9
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS63018.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:db:6e:7d:dd:98:02:aa:18:99:ce:6f:2d:6e:cf:2a:b1:23:
         58:fd:7f:1f:08:d7:82:35:14:de:ec:d8:45:18:92:12:6e:46:
         95:c1:36:b8:10:12:ce:54:fb:4e:c7:69:4b:6d:78:46:7c:e3:
         5a:c7:db:16:0d:80:b2:99:0c:94:cd:01:71:35:d9:00:ab:24:
         8a:b7:d7:66:04:ed:ec:53:74:2b:cb:85:39:35:23:b3:62:3e:
         60:04:c9:d8:28:24:90:77:4a:1a:3c:1f:8c:6f:13:3f:e5:3b:
         76:af:e1:91:07:38:99:0d:f9:2f:50:a7:cb:77:cc:91:8a:ef:
         2b:46:72:00:f7:73:5e:29:76:6f:52:d5:29:c3:36:b4:50:97:
         43:d1:46:ea:62:69:86:48:e0:e1:96:0c:5e:9d:e4:ba:d8:06:
         7b:42:6b:40:d4:29:b3:8c:8e:96:d7:f4:4e:13:5c:0a:29:61:
         27:b4:4f:87:d4:58:41:25:43:7a:c5:36:12:7f:ff:ce:86:bd:
         ca:43:a9:67:8e:bf:6b:45:78:f6:dd:3b:fa:de:cf:c4:f7:d7:
         1d:7c:62:35:63:fd:b7:94:0f:9b:fb:d5:c2:7f:35:fa:30:f2:
         4c:08:f3:a9:6d:e5:b3:53:3b:56:d8:a8:a4:86:16:f3:b4:11:
         4d:0b:80:32
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUAO6eUXDnvUfG4771XkPiM7OK468wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAzMjgxOTE3MDhaFw0yNTAzMjcxOTIyMDhaMDMxMTAvBgNV
BAMTKDBCNDZFMEYzNEQxNDkyNkMwNkZBMDNERUMzMjE0QjVDQUQ3Nzg1QTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCr2X9WONKZltpjgAErHnpcwAJB
sYhLgdIFYKOZMxjTiZIr+rlrnU3o2WtIhhRvxXyEVZzcwGzl/HohL6go1IIjHlBs
cghyOX+E+CLMx1h0Jsi3ez7x8ELaaTsF9Z128daBAR7PQ8ytBOnI2c1xrj81wBeO
DPdFef+hygYdl9WmcmGxd9quCsO19XN0E2ISVNSfyvvoU93eadlIXFIOWkXAV1N1
SuZHXpXWDrpQ+qf4eWgT4wOLzemAF2BmBVTjxRZN552zpaRt9J20T2kO4BnUyrm5
ER4UjytXHobybMDFgK5dAmG5jtXmJQesnkN47lxxvf1yorgAMC4STbZ05hnlAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUC0bg800UkmwG+gPewyFLXK13hakwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNjMwMTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACzPd0w
DQYJKoZIhvcNAQELBQADggEBAITbbn3dmAKqGJnOby1uzyqxI1j9fx8I14I1FN7s
2EUYkhJuRpXBNrgQEs5U+07HaUtteEZ841rH2xYNgLKZDJTNAXE12QCrJIq312YE
7exTdCvLhTk1I7NiPmAEydgoJJB3Sho8H4xvEz/lO3av4ZEHOJkN+S9Qp8t3zJGK
7ytGcgD3c14pdm9S1SnDNrRQl0PRRupiaYZI4OGWDF6d5LrYBntCa0DUKbOMjpbX
9E4TXAopYSe0T4fUWEElQ3rFNhJ//86GvcpDqWeOv2tFePbdO/rez8T31x18YjVj
/beUD5v71cJ/Nfow8kwI86lt5bNTO1bYqKSGFvO0EU0LgDI=
-----END CERTIFICATE-----