Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS3170.roa
File:                     AS3170.roa (raw, json)
Hash identifier:          NQ4FS+oOZNBHej+7bp6tBaNS3NFejmhEbyQZFDkkKyM=
Subject key identifier:   3B:05:18:09:FF:EE:DD:C6:2E:1E:92:01:0F:FE:5C:3B:6B:CA:01:F1
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4C358043F0108500B28D5A82106A868277E0F3DB
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS3170.roa
Signing time:             Thu 20 Feb 2025 19:53:55 +0000
ROA not before:           Thu 20 Feb 2025 19:48:55 +0000
ROA not after:            Thu 19 Feb 2026 19:53:55 +0000
asID:                     3170
IP address blocks:        2.58.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 May 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:35:80:43:f0:10:85:00:b2:8d:5a:82:10:6a:86:82:77:e0:f3:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb 20 19:48:55 2025 GMT
            Not After : Feb 19 19:53:55 2026 GMT
        Subject: CN=3B051809FFEEDDC62E1E92010FFE5C3B6BCA01F1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:31:9c:6a:f6:8e:e7:24:42:72:85:49:3e:f0:
                    d4:24:d4:24:eb:d6:0e:be:51:a6:77:58:45:18:c7:
                    41:84:97:3a:a2:69:fd:30:dd:fd:9d:98:fa:86:4e:
                    b1:2d:31:d4:a2:ac:75:04:b3:f8:35:f0:8f:f7:0c:
                    33:19:70:f8:57:6f:0d:98:68:0b:73:d1:8f:07:f7:
                    08:b8:a5:c7:17:3d:f8:af:19:77:67:bf:dc:2b:a5:
                    65:5d:fd:64:15:1b:44:e7:4d:fb:37:b8:4c:7c:0c:
                    09:21:42:28:a7:d0:98:e2:83:07:bf:e1:db:7b:fb:
                    3a:bb:57:d7:58:21:aa:78:f8:d7:9a:5b:7c:57:56:
                    cd:cd:95:b8:bd:af:e3:92:ae:6a:4c:c1:fc:86:79:
                    40:fd:76:69:66:49:6d:cc:84:61:f4:4c:27:35:cc:
                    21:cc:33:bb:8e:ea:15:d7:e0:d4:25:33:a7:d9:23:
                    8e:98:8b:18:18:ca:15:92:1f:b2:34:1a:5b:56:eb:
                    18:ca:45:1c:84:3d:83:85:52:4a:f7:57:e7:e0:90:
                    ed:bd:33:f3:3e:f5:e4:24:a2:73:73:a1:fb:44:f9:
                    22:88:e1:cd:84:6d:82:17:64:7c:9a:4d:19:70:ae:
                    89:12:01:1f:d4:47:95:bb:1a:05:a6:dc:7a:3a:cd:
                    f7:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:05:18:09:FF:EE:DD:C6:2E:1E:92:01:0F:FE:5C:3B:6B:CA:01:F1
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS3170.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:ec:f8:b3:20:10:89:ac:af:73:f1:52:99:7f:23:6e:e6:00:
         52:75:5f:43:43:43:98:9a:5a:bc:57:b1:49:b5:15:d3:c5:f7:
         cf:f1:e1:e3:d0:2f:9b:4b:be:c4:e2:f1:bd:5e:bf:cd:db:8c:
         b1:5d:93:94:95:ee:7e:ee:42:a6:5a:99:c2:81:b9:7c:ae:c6:
         88:8f:45:0b:08:82:70:ad:52:da:ab:91:6e:0c:26:d8:19:c2:
         83:25:40:5a:a3:03:eb:75:c3:48:60:98:3f:db:fc:ee:e3:4f:
         1e:b1:33:bb:34:2b:34:9a:06:27:f9:27:bc:2e:2c:9f:70:df:
         ee:fb:33:92:f5:3f:f9:12:d4:db:89:c4:2f:62:0a:5f:dc:85:
         c7:9a:51:76:48:36:3e:ca:1d:a8:77:22:a3:20:e0:47:00:7f:
         db:03:03:26:33:ac:2b:24:60:8e:1d:bb:6d:47:5a:b2:07:9f:
         c3:51:91:b6:24:78:e1:c9:02:b0:e0:48:5f:a2:5e:8a:92:6c:
         4e:d8:d3:e7:53:87:ca:56:23:2e:ae:36:e8:41:a1:2c:70:d5:
         c7:27:0a:6e:9d:5e:1e:98:d6:55:5b:ce:3e:b0:22:b3:42:12:
         28:12:91:31:ed:71:c1:b9:58:ed:f2:17:ac:7d:3e:c1:a4:26:
         f7:d4:0b:c2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUTDWAQ/AQhQCyjVqCEGqGgnfg89swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAyMjAxOTQ4NTVaFw0yNjAyMTkxOTUzNTVaMDMxMTAvBgNV
BAMTKDNCMDUxODA5RkZFRUREQzYyRTFFOTIwMTBGRkU1QzNCNkJDQTAxRjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5MZxq9o7nJEJyhUk+8NQk1CTr
1g6+UaZ3WEUYx0GElzqiaf0w3f2dmPqGTrEtMdSirHUEs/g18I/3DDMZcPhXbw2Y
aAtz0Y8H9wi4pccXPfivGXdnv9wrpWVd/WQVG0TnTfs3uEx8DAkhQiin0Jjigwe/
4dt7+zq7V9dYIap4+NeaW3xXVs3Nlbi9r+OSrmpMwfyGeUD9dmlmSW3MhGH0TCc1
zCHMM7uO6hXX4NQlM6fZI46YixgYyhWSH7I0GltW6xjKRRyEPYOFUkr3V+fgkO29
M/M+9eQkonNzoftE+SKI4c2EbYIXZHyaTRlwrokSAR/UR5W7GgWm3Ho6zfcxAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUOwUYCf/u3cYuHpIBD/5cO2vKAfEwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzE3MC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAI6rzAN
BgkqhkiG9w0BAQsFAAOCAQEAGuz4syAQiayvc/FSmX8jbuYAUnVfQ0NDmJpavFex
SbUV08X3z/Hh49Avm0u+xOLxvV6/zduMsV2TlJXufu5CplqZwoG5fK7GiI9FCwiC
cK1S2quRbgwm2BnCgyVAWqMD63XDSGCYP9v87uNPHrEzuzQrNJoGJ/knvC4sn3Df
7vszkvU/+RLU24nEL2IKX9yFx5pRdkg2PsodqHcioyDgRwB/2wMDJjOsKyRgjh27
bUdasgefw1GRtiR44ckCsOBIX6JeipJsTtjT51OHylYjLq426EGhLHDVxycKbp1e
HpjWVVvOPrAis0ISKBKRMe1xwblY7fIXrH0+waQm99QLwg==
-----END CERTIFICATE-----