Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214970.roa
File:                     AS214970.roa (raw, json)
Hash identifier:          CWcV6hUMtmQiA2h3AlrkfS1jtmH3LVVlZaUcdctt/wA=
Subject key identifier:   6B:09:77:92:0C:FF:A5:23:41:76:76:18:4B:82:6C:04:18:8A:D3:B9
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       29D41789E7730343275280F78058D8B17CCFF1E8
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214970.roa
Signing time:             Mon 06 May 2024 12:04:22 +0000
ROA not before:           Mon 06 May 2024 11:59:22 +0000
ROA not after:            Mon 05 May 2025 12:04:22 +0000
asID:                     214970
IP address blocks:        45.95.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:d4:17:89:e7:73:03:43:27:52:80:f7:80:58:d8:b1:7c:cf:f1:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May  6 11:59:22 2024 GMT
            Not After : May  5 12:04:22 2025 GMT
        Subject: CN=6B0977920CFFA523417676184B826C04188AD3B9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:a7:3e:3f:f7:94:a6:0d:d1:a0:6e:d1:ae:3a:
                    01:86:ad:fd:fe:49:a5:36:71:59:3b:ad:69:fe:84:
                    62:ef:ab:ed:4c:28:f1:ac:00:89:06:c7:53:e6:19:
                    29:11:39:e4:52:6a:42:b9:f0:af:ff:9b:ee:43:ff:
                    7a:bc:a3:c0:9e:65:23:44:32:36:b9:b3:25:c1:d4:
                    05:98:f2:04:49:10:db:45:b4:03:30:ce:0d:c1:07:
                    ca:e8:a0:44:8c:02:2c:0a:34:a0:4f:6a:82:5f:c5:
                    3f:a4:a0:37:d9:5e:87:07:d6:b7:3b:a4:75:4d:03:
                    18:6b:a4:52:f8:68:c8:2c:b2:47:49:74:02:52:d5:
                    64:e5:36:7e:d7:4b:8e:76:90:83:a5:7b:16:6b:dd:
                    94:09:38:93:a2:3a:ee:d0:3b:f1:cc:cf:b1:6e:ac:
                    b9:cb:5c:88:c3:5b:0b:d7:f4:dc:3d:97:ac:80:d0:
                    c7:5c:27:96:a5:ee:a8:91:27:55:dc:c9:0b:5d:c3:
                    12:f0:83:3d:6f:28:a2:95:e0:62:e7:53:ac:98:fa:
                    9a:ca:1c:3f:45:82:44:b1:6c:ec:50:63:ab:0e:d3:
                    f5:8b:33:9f:34:c6:1e:57:2c:9e:60:73:f0:4a:f8:
                    85:60:8d:86:42:24:cc:13:79:e1:bc:a4:1b:3b:e0:
                    b4:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:09:77:92:0C:FF:A5:23:41:76:76:18:4B:82:6C:04:18:8A:D3:B9
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214970.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:09:37:de:0e:c4:73:0e:a3:0e:ab:9d:8b:1f:bb:47:29:c1:
         cd:56:5e:d5:86:5d:41:1c:20:c3:69:54:9f:50:54:1a:c6:e7:
         ec:6e:f5:da:9e:4b:0e:ad:7a:e8:09:ee:64:05:02:fb:b6:a0:
         e9:fd:53:62:32:e6:7b:a7:cb:d3:3e:6b:3b:c3:78:34:dc:57:
         ed:e5:63:f5:7c:82:09:30:62:0c:d6:56:d1:d2:67:f8:b8:8a:
         c2:97:ab:12:cb:7d:b1:a0:50:f5:da:bb:b7:05:4c:4e:b8:d8:
         b3:8f:a6:33:04:1c:cb:4c:ed:d4:26:80:4a:23:ce:d4:ce:93:
         98:8e:a4:51:6a:99:7c:70:e1:68:9c:99:9b:16:1a:0f:9e:49:
         1c:66:89:cd:05:3a:d8:fa:8a:7c:a1:2e:45:de:0c:ca:d4:d8:
         93:0b:22:8d:98:c8:db:39:92:c1:31:05:8a:b7:dc:52:02:4d:
         91:8e:c3:99:d2:db:60:fb:2b:57:c7:d1:9e:db:7c:c7:18:67:
         2f:fb:d3:6a:9e:03:d0:72:26:cc:f3:5d:f9:4e:11:04:29:f7:
         0e:01:1a:eb:2a:7f:be:bb:41:52:27:a8:15:18:dd:78:96:c6:
         13:03:47:c7:76:1d:cf:f1:0c:62:91:51:78:6f:b8:b1:dc:2d:
         65:9e:20:c1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUKdQXiedzA0MnUoD3gFjYsXzP8egwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA1MDYxMTU5MjJaFw0yNTA1MDUxMjA0MjJaMDMxMTAvBgNV
BAMTKDZCMDk3NzkyMENGRkE1MjM0MTc2NzYxODRCODI2QzA0MTg4QUQzQjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBpz4/95SmDdGgbtGuOgGGrf3+
SaU2cVk7rWn+hGLvq+1MKPGsAIkGx1PmGSkROeRSakK58K//m+5D/3q8o8CeZSNE
Mja5syXB1AWY8gRJENtFtAMwzg3BB8rooESMAiwKNKBPaoJfxT+koDfZXocH1rc7
pHVNAxhrpFL4aMgsskdJdAJS1WTlNn7XS452kIOlexZr3ZQJOJOiOu7QO/HMz7Fu
rLnLXIjDWwvX9Nw9l6yA0MdcJ5al7qiRJ1XcyQtdwxLwgz1vKKKV4GLnU6yY+prK
HD9FgkSxbOxQY6sO0/WLM580xh5XLJ5gc/BK+IVgjYZCJMwTeeG8pBs74LTfAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUawl3kgz/pSNBdnYYS4JsBBiK07kwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE0OTcwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV8m
MA0GCSqGSIb3DQEBCwUAA4IBAQAeCTfeDsRzDqMOq52LH7tHKcHNVl7Vhl1BHCDD
aVSfUFQaxufsbvXanksOrXroCe5kBQL7tqDp/VNiMuZ7p8vTPms7w3g03Fft5WP1
fIIJMGIM1lbR0mf4uIrCl6sSy32xoFD12ru3BUxOuNizj6YzBBzLTO3UJoBKI87U
zpOYjqRRapl8cOFonJmbFhoPnkkcZonNBTrY+op8oS5F3gzK1NiTCyKNmMjbOZLB
MQWKt9xSAk2RjsOZ0ttg+ytXx9Ge23zHGGcv+9NqngPQcibM8135ThEEKfcOARrr
Kn++u0FSJ6gVGN14lsYTA0fHdh3P8QxikVF4b7ix3C1lniDB
-----END CERTIFICATE-----