Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS61112.roa
File:                     AS61112.roa (raw, json)
Hash identifier:          VSfUriqDHlNgxPjgxtGFhEJxWbIpEp7ewpRhQzJ2gio=
Subject key identifier:   4C:B9:A7:A4:42:68:53:DE:96:DE:02:B2:06:D5:3D:9C:19:C5:FE:89
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       0F62739B399EC34D7A2EB2A2B54DC6FF03B73ABB
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS61112.roa
Signing time:             Thu 21 Nov 2024 04:43:28 +0000
ROA not before:           Thu 21 Nov 2024 04:38:28 +0000
ROA not after:            Thu 20 Nov 2025 04:43:28 +0000
asID:                     61112
IP address blocks:        45.149.186.0/24 maxlen: 24
                          192.166.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:62:73:9b:39:9e:c3:4d:7a:2e:b2:a2:b5:4d:c6:ff:03:b7:3a:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Nov 21 04:38:28 2024 GMT
            Not After : Nov 20 04:43:28 2025 GMT
        Subject: CN=4CB9A7A4426853DE96DE02B206D53D9C19C5FE89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:01:33:0e:89:52:f9:08:bb:ab:96:cf:e0:e8:
                    e6:48:a0:00:fc:ff:82:cf:96:52:a2:20:97:90:27:
                    62:47:b7:9e:7d:a1:7e:9c:f3:a9:53:0c:fa:e3:43:
                    4d:3f:8e:f3:b9:4d:fc:52:62:67:76:ff:a0:47:9f:
                    fa:d3:da:6e:aa:a6:31:37:b2:f4:a0:33:0b:af:21:
                    48:93:52:7c:65:56:c1:ed:7e:05:7d:2c:03:e5:0d:
                    47:6a:d7:35:4f:bc:3b:8a:8f:09:3c:ab:5b:37:6c:
                    bc:ef:f3:c7:5e:9a:ba:59:e1:47:cb:7c:72:f9:e6:
                    75:9b:65:5e:32:e0:32:b4:73:dd:5f:c1:ff:a1:45:
                    0e:a6:42:60:dc:6e:a4:39:e2:78:f5:ad:b3:13:a2:
                    07:e3:7a:63:8d:bc:30:08:44:e8:d3:fe:18:12:bd:
                    bb:ee:49:d3:86:4a:89:04:c5:1d:dc:bd:4b:54:b2:
                    6f:88:3e:64:c0:7f:cc:d2:3e:93:f6:33:4c:fd:dd:
                    15:92:74:57:39:a0:8d:bf:01:89:5b:d6:47:1c:21:
                    18:ef:f6:18:e9:46:d1:0a:b2:6e:49:3b:a0:ea:e2:
                    7d:a5:43:8b:32:ae:9a:3b:7f:8c:16:86:d1:86:2a:
                    45:49:e9:b2:9f:f7:d5:bf:d5:2d:b3:6c:51:3d:f2:
                    31:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:B9:A7:A4:42:68:53:DE:96:DE:02:B2:06:D5:3D:9C:19:C5:FE:89
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS61112.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.186.0/24
                  192.166.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:9b:a1:85:44:0d:5d:04:28:58:cf:eb:a8:b1:01:99:5c:80:
         22:df:9c:df:ea:d9:88:e8:54:79:39:59:1b:a7:1f:2d:5e:ea:
         a0:b3:1b:1b:6a:0c:83:0d:01:61:9c:aa:99:1d:68:6f:8b:31:
         4d:6e:dc:a2:e1:53:4e:52:b3:ed:35:a1:58:c2:17:40:77:a9:
         37:f6:5b:b9:6c:d2:71:2b:db:68:8d:db:bc:d1:5b:1a:f6:a7:
         87:7e:85:c2:9f:51:9f:be:51:78:d0:26:3a:df:f6:24:b3:0a:
         22:18:d1:3e:5d:b8:5b:a6:1a:8f:9f:b8:15:8b:a3:d6:00:3c:
         0b:47:f5:49:c3:7f:cf:69:09:3e:05:4a:12:07:c0:73:a0:db:
         42:f1:04:26:c2:81:fe:55:25:d5:1a:1b:ed:79:80:d0:fb:64:
         55:05:c2:07:2b:c7:c2:6b:c8:63:b1:6d:00:6d:de:12:a4:9d:
         cc:91:f6:e5:b5:b4:50:e0:eb:df:a6:64:fd:2c:78:56:da:cf:
         2d:41:55:01:e3:96:f0:59:bb:b6:d3:96:09:85:3b:bb:7a:84:
         55:1a:bc:1a:60:27:85:aa:b7:6a:c3:1a:fe:73:3d:5f:9c:01:
         82:36:7d:79:d9:17:0e:7f:d6:23:29:94:93:ac:07:ee:5d:40:
         f7:dd:9f:bc
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUD2Jzmzmew016LrKitU3G/wO3OrswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDExMjEwNDM4MjhaFw0yNTExMjAwNDQzMjhaMDMxMTAvBgNV
BAMTKDRDQjlBN0E0NDI2ODUzREU5NkRFMDJCMjA2RDUzRDlDMTlDNUZFODkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2ATMOiVL5CLurls/g6OZIoAD8
/4LPllKiIJeQJ2JHt559oX6c86lTDPrjQ00/jvO5TfxSYmd2/6BHn/rT2m6qpjE3
svSgMwuvIUiTUnxlVsHtfgV9LAPlDUdq1zVPvDuKjwk8q1s3bLzv88demrpZ4UfL
fHL55nWbZV4y4DK0c91fwf+hRQ6mQmDcbqQ54nj1rbMTogfjemONvDAIROjT/hgS
vbvuSdOGSokExR3cvUtUsm+IPmTAf8zSPpP2M0z93RWSdFc5oI2/AYlb1kccIRjv
9hjpRtEKsm5JO6Dq4n2lQ4syrpo7f4wWhtGGKkVJ6bKf99W/1S2zbFE98jHtAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUTLmnpEJoU96W3gKyBtU9nBnF/okwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNjExMTIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAtlboD
BADAplIwDQYJKoZIhvcNAQELBQADggEBAJWboYVEDV0EKFjP66ixAZlcgCLfnN/q
2YjoVHk5WRunHy1e6qCzGxtqDIMNAWGcqpkdaG+LMU1u3KLhU05Ss+01oVjCF0B3
qTf2W7ls0nEr22iN27zRWxr2p4d+hcKfUZ++UXjQJjrf9iSzCiIY0T5duFumGo+f
uBWLo9YAPAtH9UnDf89pCT4FShIHwHOg20LxBCbCgf5VJdUaG+15gND7ZFUFwgcr
x8JryGOxbQBt3hKkncyR9uW1tFDg69+mZP0seFbazy1BVQHjlvBZu7bTlgmFO7t6
hFUavBpgJ4Wqt2rDGv5zPV+cAYI2fXnZFw5/1iMplJOsB+5dQPfdn7w=
-----END CERTIFICATE-----