Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS61112.roa
File:                     AS61112.roa (raw, json)
Hash identifier:          KaDnso2lydfreQe+Y5ctciDU30nlEpNa83ytINWzFC4=
Subject key identifier:   F0:43:CE:7E:6B:2B:C5:6A:AC:BA:DA:B3:4D:C0:CB:53:4A:3A:21:51
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       77682F0E45C124E075578455F645191EE27432C3
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS61112.roa
Signing time:             Thu 21 Dec 2023 04:31:55 +0000
ROA not before:           Thu 21 Dec 2023 04:26:55 +0000
ROA not after:            Thu 19 Dec 2024 04:31:55 +0000
asID:                     61112
IP address blocks:        45.149.186.0/24 maxlen: 24
                          192.166.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:68:2f:0e:45:c1:24:e0:75:57:84:55:f6:45:19:1e:e2:74:32:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Dec 21 04:26:55 2023 GMT
            Not After : Dec 19 04:31:55 2024 GMT
        Subject: CN=F043CE7E6B2BC56AACBADAB34DC0CB534A3A2151
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:9d:69:11:2e:31:c8:51:86:08:4d:b6:4e:0b:
                    8f:1d:80:fd:17:df:53:32:85:76:1a:3f:c1:f0:f4:
                    1d:9b:8a:c2:1e:f2:c2:da:3c:f9:39:f8:70:77:ad:
                    48:1c:9c:45:7c:e6:67:08:ca:ba:ee:ea:bd:ba:cc:
                    7b:54:b4:91:f2:4b:d4:b6:d2:f0:79:47:ab:65:71:
                    33:81:4a:a6:f7:48:8b:1a:f4:58:ff:e9:3f:9d:f9:
                    95:66:c0:e4:a8:af:df:a9:01:89:27:7a:94:c2:f1:
                    39:8f:de:e7:b1:26:77:3e:5a:54:63:c4:02:8c:49:
                    2d:fd:9b:f3:8a:8f:67:46:47:18:9c:f6:74:a4:d3:
                    98:d7:05:7c:19:85:50:3c:c9:80:97:60:2e:b2:7a:
                    cf:64:39:67:0e:9c:6b:3f:de:63:9c:b7:b4:56:1f:
                    29:b8:ac:9a:1a:de:17:05:19:5d:55:11:c3:cb:2c:
                    1d:b4:9c:69:5e:61:10:2d:a9:a3:0a:70:e7:e4:40:
                    7a:20:ef:47:1d:1e:b9:6e:d5:86:b0:f2:20:fe:23:
                    56:b4:eb:98:9f:b9:db:2b:f1:cd:dc:f2:00:03:c6:
                    83:77:73:73:df:d1:3e:52:d3:54:ac:ef:ca:4d:ab:
                    b7:61:00:13:cd:a6:5b:c6:7e:23:6e:6f:e6:81:f1:
                    1f:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:43:CE:7E:6B:2B:C5:6A:AC:BA:DA:B3:4D:C0:CB:53:4A:3A:21:51
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS61112.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.186.0/24
                  192.166.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:bd:98:f4:08:92:e7:b5:fd:bc:e5:f4:30:9e:40:f4:a4:6e:
         4d:39:cb:25:e9:59:b0:22:0a:d2:96:4e:d4:c7:78:a7:24:bd:
         64:c7:87:54:21:85:f6:fd:6c:83:b1:8e:40:7b:69:f7:45:4d:
         a2:e3:44:77:7a:83:bf:d3:2d:e1:55:61:21:e9:02:73:b2:ea:
         91:26:31:b1:97:4b:b1:59:17:5b:08:33:e1:3f:69:14:c9:e1:
         1c:cf:a4:b9:26:08:6c:a1:09:7c:29:26:19:1b:9f:6f:f1:9f:
         e3:37:f5:9a:12:3d:0c:71:58:09:cd:87:30:92:a0:61:fd:1f:
         74:3e:30:20:69:e0:54:6b:49:fa:3c:e4:8f:74:27:ac:e5:af:
         8f:45:3f:ae:01:de:f2:84:6b:45:2c:67:71:49:c9:89:2a:b1:
         a9:d4:24:c9:a5:7a:b1:ac:dd:81:99:f9:95:a6:cc:b3:44:61:
         9f:cd:9a:4f:d7:c7:07:9e:4c:77:13:75:fb:40:14:42:5a:b5:
         a9:38:8f:bf:a1:ab:e8:e8:d5:84:20:e7:1b:16:be:a6:31:d8:
         e2:ea:c1:ea:01:93:ea:7a:f6:ac:3a:9a:3f:6b:47:6d:68:23:
         3e:02:a6:01:ad:93:12:77:21:66:b0:e4:1e:15:77:73:50:d3:
         6b:ff:d4:2e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUd2gvDkXBJOB1V4RV9kUZHuJ0MsMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yMzEyMjEwNDI2NTVaFw0yNDEyMTkwNDMxNTVaMDMxMTAvBgNV
BAMTKEYwNDNDRTdFNkIyQkM1NkFBQ0JBREFCMzREQzBDQjUzNEEzQTIxNTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZnWkRLjHIUYYITbZOC48dgP0X
31MyhXYaP8Hw9B2bisIe8sLaPPk5+HB3rUgcnEV85mcIyrru6r26zHtUtJHyS9S2
0vB5R6tlcTOBSqb3SIsa9Fj/6T+d+ZVmwOSor9+pAYknepTC8TmP3uexJnc+WlRj
xAKMSS39m/OKj2dGRxic9nSk05jXBXwZhVA8yYCXYC6yes9kOWcOnGs/3mOct7RW
Hym4rJoa3hcFGV1VEcPLLB20nGleYRAtqaMKcOfkQHog70cdHrlu1Yaw8iD+I1a0
65ifudsr8c3c8gADxoN3c3Pf0T5S01Ss78pNq7dhABPNplvGfiNub+aB8R9rAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQU8EPOfmsrxWqsutqzTcDLU0o6IVEwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNjExMTIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAtlboD
BADAplIwDQYJKoZIhvcNAQELBQADggEBACi9mPQIkue1/bzl9DCeQPSkbk05yyXp
WbAiCtKWTtTHeKckvWTHh1Qhhfb9bIOxjkB7afdFTaLjRHd6g7/TLeFVYSHpAnOy
6pEmMbGXS7FZF1sIM+E/aRTJ4RzPpLkmCGyhCXwpJhkbn2/xn+M39ZoSPQxxWAnN
hzCSoGH9H3Q+MCBp4FRrSfo85I90J6zlr49FP64B3vKEa0UsZ3FJyYkqsanUJMml
erGs3YGZ+ZWmzLNEYZ/Nmk/XxweeTHcTdftAFEJatak4j7+hq+jo1YQg5xsWvqYx
2OLqweoBk+p69qw6mj9rR21oIz4CpgGtkxJ3IWaw5B4Vd3NQ02v/1C4=
-----END CERTIFICATE-----