Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS61317.roa
File:                     AS61317.roa (raw, json)
Hash identifier:          m//bWlOR6sCcUFQKhDpzzamOLvzoq4qZh0E3N81k2DQ=
Subject key identifier:   AB:56:39:2F:5E:C6:49:0B:B3:2B:E6:4C:A3:18:77:89:59:9A:5A:3E
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       2C8048D1218C67541610724ACF50A54A2DC9BCC6
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS61317.roa
Signing time:             Thu 24 Apr 2025 21:16:28 +0000
ROA not before:           Thu 24 Apr 2025 21:11:28 +0000
ROA not after:            Thu 23 Apr 2026 21:16:28 +0000
asID:                     61317
IP address blocks:        147.79.29.0/24 maxlen: 24
                          148.135.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 08:18:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:80:48:d1:21:8c:67:54:16:10:72:4a:cf:50:a5:4a:2d:c9:bc:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 24 21:11:28 2025 GMT
            Not After : Apr 23 21:16:28 2026 GMT
        Subject: CN=AB56392F5EC6490BB32BE64CA3187789599A5A3E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:3d:25:18:45:51:b9:73:09:66:9f:59:df:78:
                    93:44:24:01:1d:a5:4d:cc:ff:af:e3:85:70:87:62:
                    94:7f:b3:6f:c3:f0:8f:9a:02:46:72:7d:9f:94:87:
                    0e:a6:6c:25:40:e0:65:49:52:7f:dc:ec:5f:55:74:
                    64:39:53:4e:3a:bf:20:c7:b2:2b:03:7e:b7:f6:ab:
                    f0:dd:d6:7d:d8:44:e8:77:eb:a9:14:9e:1c:d1:70:
                    38:08:a8:4e:65:18:72:c3:ae:a5:60:3b:ff:b4:3e:
                    1e:6e:69:e2:17:1b:85:d2:25:81:aa:e2:38:d8:80:
                    4b:d3:07:0c:b3:d5:19:9f:6a:5c:cc:ed:69:37:99:
                    a3:07:3c:63:30:cf:2d:76:5b:8d:9c:49:15:fb:ef:
                    be:6b:c1:3e:51:5b:71:38:7c:d8:bb:fa:f7:07:37:
                    c4:f7:bd:27:1d:55:b2:b5:70:68:5d:90:ad:26:22:
                    d2:0e:73:10:1e:31:18:c7:6a:3b:6a:0e:00:74:ee:
                    c4:49:13:5e:bb:58:f0:47:35:3c:7d:94:eb:15:80:
                    93:96:54:f7:e8:e0:52:14:84:c7:ba:93:cc:f9:5a:
                    d2:84:e6:c4:65:0d:45:3f:28:52:a5:ac:69:ca:bc:
                    84:24:be:b6:49:8b:c7:d2:9e:2f:46:1e:94:2b:40:
                    29:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:56:39:2F:5E:C6:49:0B:B3:2B:E6:4C:A3:18:77:89:59:9A:5A:3E
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS61317.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.79.29.0/24
                  148.135.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:4d:48:ec:3c:aa:0e:89:d7:89:9d:69:72:1d:1f:91:41:d9:
         33:0e:3d:76:16:10:6a:6d:1a:ea:63:98:08:cf:f3:5e:9e:fc:
         98:e4:04:ab:96:9c:3f:bf:fa:d3:47:79:59:4c:54:3a:39:ca:
         57:c0:0e:dd:e8:97:29:00:96:f7:17:17:15:a8:24:6b:60:a3:
         a2:5f:6a:9b:f6:47:c4:01:b8:c1:45:4c:80:a0:c7:36:94:9f:
         5a:0c:98:0c:16:78:28:61:2a:4e:80:e1:ed:0e:6f:df:7d:0c:
         2b:08:9c:3e:2e:c2:0f:e2:9f:3e:75:9f:23:10:9b:ba:d6:c8:
         ab:30:da:5b:4d:b1:ed:f4:32:a5:5f:4c:d5:72:99:d7:6c:6c:
         08:90:21:15:24:b9:fa:d9:15:59:81:bb:d9:16:89:d0:9e:ad:
         a9:c9:92:e0:5f:95:94:a3:a0:24:95:16:5a:6c:2d:72:26:0e:
         6b:fa:eb:d6:c1:ab:30:2b:f5:ac:80:5c:df:98:3d:35:4d:c1:
         74:03:ec:9b:55:eb:3f:27:d8:10:d5:6a:fa:fb:97:fa:ee:72:
         68:05:d5:51:1d:42:2d:63:e8:2c:60:55:eb:4a:f8:4a:8e:a4:
         27:0b:c6:4c:ee:2f:52:e1:e7:ab:d5:18:0b:f3:4a:e7:d1:bb:
         85:fc:5b:18
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIULIBI0SGMZ1QWEHJKz1ClSi3JvMYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA0MjQyMTExMjhaFw0yNjA0MjMyMTE2MjhaMDMxMTAvBgNV
BAMTKEFCNTYzOTJGNUVDNjQ5MEJCMzJCRTY0Q0EzMTg3Nzg5NTk5QTVBM0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsPSUYRVG5cwlmn1nfeJNEJAEd
pU3M/6/jhXCHYpR/s2/D8I+aAkZyfZ+Uhw6mbCVA4GVJUn/c7F9VdGQ5U046vyDH
sisDfrf2q/Dd1n3YROh366kUnhzRcDgIqE5lGHLDrqVgO/+0Ph5uaeIXG4XSJYGq
4jjYgEvTBwyz1RmfalzM7Wk3maMHPGMwzy12W42cSRX7775rwT5RW3E4fNi7+vcH
N8T3vScdVbK1cGhdkK0mItIOcxAeMRjHajtqDgB07sRJE167WPBHNTx9lOsVgJOW
VPfo4FIUhMe6k8z5WtKE5sRlDUU/KFKlrGnKvIQkvrZJi8fSni9GHpQrQCmJAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUq1Y5L17GSQuzK+ZMoxh3iVmaWj4wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNjEzMTcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACTTx0D
BACUh6IwDQYJKoZIhvcNAQELBQADggEBAKNNSOw8qg6J14mdaXIdH5FB2TMOPXYW
EGptGupjmAjP816e/JjkBKuWnD+/+tNHeVlMVDo5ylfADt3olykAlvcXFxWoJGtg
o6Jfapv2R8QBuMFFTICgxzaUn1oMmAwWeChhKk6A4e0Ob999DCsInD4uwg/inz51
nyMQm7rWyKsw2ltNse30MqVfTNVymddsbAiQIRUkufrZFVmBu9kWidCeranJkuBf
lZSjoCSVFlpsLXImDmv669bBqzAr9ayAXN+YPTVNwXQD7JtV6z8n2BDVavr7l/ru
cmgF1VEdQi1j6CxgVetK+EqOpCcLxkzuL1Lh56vVGAvzSufRu4X8Wxg=
-----END CERTIFICATE-----