Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS61272.roa
File:                     AS61272.roa (raw, json)
Hash identifier:          BmspP6wbT36nGn0AjmFKtUDhwi3hQSunrhR4l66wNAw=
Subject key identifier:   A3:72:4E:8E:8A:16:34:4F:8A:3E:24:10:B5:5E:3A:70:5E:D7:79:96
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       6808C4A8259DAEA1AB6D32798DD5D4FA3DF2DED8
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS61272.roa
Signing time:             Wed 04 Dec 2024 14:09:40 +0000
ROA not before:           Wed 04 Dec 2024 14:04:40 +0000
ROA not after:            Wed 03 Dec 2025 14:09:40 +0000
asID:                     61272
IP address blocks:        45.151.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 20:47:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:08:c4:a8:25:9d:ae:a1:ab:6d:32:79:8d:d5:d4:fa:3d:f2:de:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Dec  4 14:04:40 2024 GMT
            Not After : Dec  3 14:09:40 2025 GMT
        Subject: CN=A3724E8E8A16344F8A3E2410B55E3A705ED77996
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:7e:6c:ea:41:9a:e0:2e:dc:b3:40:6d:5c:e5:
                    53:e7:f7:ac:d3:32:e9:92:90:b6:96:f1:f3:f3:d6:
                    c2:08:91:6c:0e:90:bd:cc:2c:06:36:43:12:86:ef:
                    4c:ba:41:ce:c9:60:66:1a:93:95:d7:48:43:4e:b8:
                    27:27:b2:6b:1f:f4:30:2f:88:c5:21:cc:a1:f9:5b:
                    ef:6f:47:78:92:e7:3f:0a:15:b2:8e:e0:59:0c:21:
                    bf:cf:b7:e2:4f:d4:2a:e2:a9:2b:b6:e0:33:f0:ff:
                    8c:ff:aa:d5:87:cb:42:e5:fb:ac:5a:f3:26:48:4e:
                    67:53:67:05:67:d9:d2:1d:63:ce:e9:2f:61:6f:81:
                    44:12:ad:6d:80:92:bc:e0:71:db:f1:e6:47:0b:41:
                    73:e2:db:b2:b8:ca:df:54:b4:79:dd:70:8d:ff:bb:
                    31:ee:19:e0:e6:c2:46:42:81:b9:ac:ba:64:15:ea:
                    f0:86:59:f1:30:b0:19:b5:c9:19:ff:49:0c:d6:f7:
                    ef:b5:fe:6e:22:c9:6f:6a:06:ca:44:1f:c2:41:02:
                    14:76:29:e1:d6:69:c0:68:14:b5:0d:ca:c0:c5:37:
                    07:2c:f0:6f:ad:98:12:67:31:d7:78:a6:52:83:0a:
                    1b:1d:f1:01:92:21:fd:e4:a7:84:82:16:dd:e9:a7:
                    f1:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:72:4E:8E:8A:16:34:4F:8A:3E:24:10:B5:5E:3A:70:5E:D7:79:96
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS61272.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:06:7b:71:38:ae:91:b6:03:bf:0e:02:65:86:9a:2d:f4:e3:
         18:09:d7:df:01:d1:1c:41:8e:0d:5b:6f:fb:68:92:a8:31:6b:
         1d:54:c5:fd:ec:19:b7:0e:e9:37:0f:33:5e:c7:81:4f:3b:4a:
         4a:24:86:66:57:44:26:f4:dd:d6:46:08:3b:50:60:d6:dd:f7:
         9d:e7:a7:18:68:9d:28:f7:b8:e1:ad:bf:c8:5e:47:6a:91:b1:
         ea:94:69:eb:c2:bd:1a:29:f4:51:44:e7:bb:35:24:e0:5d:d5:
         23:5e:27:26:9b:56:14:5d:36:fe:e6:0b:ff:61:47:f2:58:00:
         7d:83:be:1f:cb:27:2c:d0:5e:ef:90:9e:1c:82:88:3d:87:73:
         cc:be:c2:f3:e1:fd:a5:ea:01:78:9e:5f:a9:f2:06:f6:f8:eb:
         0d:77:a9:db:8d:47:f1:1f:39:27:2a:bf:6e:57:4b:b9:3d:dc:
         99:ca:11:f7:23:07:b1:4e:44:62:63:e6:6d:1c:d0:42:98:fd:
         77:3c:50:e0:66:f2:ee:15:b6:90:92:7d:16:e2:13:69:af:cc:
         d7:b5:77:6a:81:14:8c:26:56:56:77:55:58:1c:d1:19:0c:8f:
         b2:ca:e0:4c:49:cd:c6:48:4b:95:5c:a0:b1:45:9a:09:bb:cc:
         18:0e:16:62
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUaAjEqCWdrqGrbTJ5jdXU+j3y3tgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDEyMDQxNDA0NDBaFw0yNTEyMDMxNDA5NDBaMDMxMTAvBgNV
BAMTKEEzNzI0RThFOEExNjM0NEY4QTNFMjQxMEI1NUUzQTcwNUVENzc5OTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZfmzqQZrgLtyzQG1c5VPn96zT
MumSkLaW8fPz1sIIkWwOkL3MLAY2QxKG70y6Qc7JYGYak5XXSENOuCcnsmsf9DAv
iMUhzKH5W+9vR3iS5z8KFbKO4FkMIb/Pt+JP1CriqSu24DPw/4z/qtWHy0Ll+6xa
8yZITmdTZwVn2dIdY87pL2FvgUQSrW2Akrzgcdvx5kcLQXPi27K4yt9UtHndcI3/
uzHuGeDmwkZCgbmsumQV6vCGWfEwsBm1yRn/SQzW9++1/m4iyW9qBspEH8JBAhR2
KeHWacBoFLUNysDFNwcs8G+tmBJnMdd4plKDChsd8QGSIf3kp4SCFt3pp/GLAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUo3JOjooWNE+KPiQQtV46cF7XeZYwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNjEyNzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtly0w
DQYJKoZIhvcNAQELBQADggEBAD4Ge3E4rpG2A78OAmWGmi304xgJ198B0RxBjg1b
b/tokqgxax1Uxf3sGbcO6TcPM17HgU87SkokhmZXRCb03dZGCDtQYNbd953npxho
nSj3uOGtv8heR2qRseqUaevCvRop9FFE57s1JOBd1SNeJyabVhRdNv7mC/9hR/JY
AH2Dvh/LJyzQXu+QnhyCiD2Hc8y+wvPh/aXqAXieX6nyBvb46w13qduNR/EfOScq
v25XS7k93JnKEfcjB7FORGJj5m0c0EKY/Xc8UOBm8u4VtpCSfRbiE2mvzNe1d2qB
FIwmVlZ3VVgc0RkMj7LK4ExJzcZIS5VcoLFFmgm7zBgOFmI=
-----END CERTIFICATE-----