Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215101.roa
File:                     AS215101.roa (raw, json)
Hash identifier:          RlmhQ966N2rnZ9YvVPgZOunwj7cAwF6BWyhc2Bj+UpM=
Subject key identifier:   B6:38:09:AD:01:75:EC:46:97:EA:4B:4D:8D:B4:63:76:28:4D:04:92
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6FFE904553EDC2D847D10D684BFA520536F717AB
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215101.roa
Signing time:             Thu 08 Aug 2024 19:07:33 +0000
ROA not before:           Thu 08 Aug 2024 19:02:33 +0000
ROA not after:            Thu 07 Aug 2025 19:07:33 +0000
asID:                     215101
IP address blocks:        181.214.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:fe:90:45:53:ed:c2:d8:47:d1:0d:68:4b:fa:52:05:36:f7:17:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug  8 19:02:33 2024 GMT
            Not After : Aug  7 19:07:33 2025 GMT
        Subject: CN=B63809AD0175EC4697EA4B4D8DB46376284D0492
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:c6:9e:a3:eb:96:66:c3:db:07:d7:dc:71:38:
                    21:49:1c:b8:6a:f8:88:7b:be:8e:9b:50:f5:54:6c:
                    2e:4f:d7:73:0a:69:b9:88:e8:23:f7:14:ab:5c:42:
                    e6:df:04:e5:fa:8e:d1:66:32:5e:b8:37:7d:dd:2b:
                    66:36:89:ee:ff:79:07:63:1e:93:03:b7:d2:a8:32:
                    77:e7:da:a9:fa:4e:eb:4d:e5:eb:6d:b6:0c:44:4a:
                    b0:86:a6:ff:49:19:95:f9:5e:d3:41:ce:3e:7c:fb:
                    65:1a:be:eb:70:f9:49:34:76:0f:0c:77:e0:0c:83:
                    10:93:f7:ed:92:f6:54:fc:d0:68:2f:eb:7e:45:8a:
                    cf:e8:5e:37:a3:8a:92:59:91:35:73:1b:99:3a:da:
                    50:67:62:c3:81:03:81:76:38:d6:d3:42:8e:cc:d6:
                    b3:c1:e5:83:11:39:ba:c0:65:da:6e:70:68:59:eb:
                    6d:6a:44:33:ba:e2:8a:ea:d7:ab:02:75:b6:a1:68:
                    51:d5:63:45:25:97:44:2c:74:ce:e8:04:7e:24:85:
                    a0:c0:47:18:23:2a:36:3b:9b:97:f7:15:58:d5:e7:
                    ed:a4:2a:dc:54:8a:52:cf:93:0b:c4:62:c8:e4:d2:
                    6f:de:43:fa:a0:e3:58:c4:2b:cb:a9:c2:a2:01:36:
                    24:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:38:09:AD:01:75:EC:46:97:EA:4B:4D:8D:B4:63:76:28:4D:04:92
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215101.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:b0:c0:6c:8a:01:96:5f:81:49:da:f4:86:1f:dc:9e:76:13:
         5c:e1:f7:4a:81:47:9f:6e:31:2b:92:81:6d:cf:8e:05:fd:66:
         ba:66:9f:b3:a0:e2:5f:59:ca:fc:77:cc:a9:f4:1e:9c:f7:fd:
         a5:a2:b7:41:49:1f:31:d7:e7:75:ba:07:53:6a:96:04:4f:65:
         16:b1:87:cb:60:2d:a8:f8:64:9b:5f:67:0b:27:c9:ef:f0:f0:
         29:71:80:e1:6c:41:06:7d:87:6d:87:f4:ef:c9:46:24:71:04:
         c5:17:ba:a3:ce:76:2c:8c:17:2d:3b:48:d5:81:1b:5e:0e:96:
         3c:6a:da:0b:11:0f:7a:ea:b7:5e:84:fb:c2:4b:3a:bc:41:1a:
         7c:ca:12:2c:b7:90:40:88:ba:63:f9:b2:a4:46:b6:4a:7b:20:
         ca:50:61:18:e3:73:50:e0:8f:b8:65:ce:ff:d1:55:95:ad:03:
         19:48:f1:5a:15:5c:b2:a2:50:db:6b:d3:92:5b:98:85:c5:3d:
         e9:ab:ac:28:8c:fe:ef:c2:b3:a0:f8:fb:12:f3:ef:72:f1:01:
         57:1a:7b:af:b3:87:d0:b1:e6:a9:10:d0:33:8a:21:90:2c:1d:
         7e:1d:93:96:32:94:b2:26:24:2f:61:ba:46:43:fc:c6:3e:d8:
         51:03:93:07
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUb/6QRVPtwthH0Q1oS/pSBTb3F6swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA4MDgxOTAyMzNaFw0yNTA4MDcxOTA3MzNaMDMxMTAvBgNV
BAMTKEI2MzgwOUFEMDE3NUVDNDY5N0VBNEI0RDhEQjQ2Mzc2Mjg0RDA0OTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCPxp6j65Zmw9sH19xxOCFJHLhq
+Ih7vo6bUPVUbC5P13MKabmI6CP3FKtcQubfBOX6jtFmMl64N33dK2Y2ie7/eQdj
HpMDt9KoMnfn2qn6TutN5etttgxESrCGpv9JGZX5XtNBzj58+2Uavutw+Uk0dg8M
d+AMgxCT9+2S9lT80Ggv635Fis/oXjejipJZkTVzG5k62lBnYsOBA4F2ONbTQo7M
1rPB5YMRObrAZdpucGhZ621qRDO64orq16sCdbahaFHVY0Ull0QsdM7oBH4khaDA
RxgjKjY7m5f3FVjV5+2kKtxUilLPkwvEYsjk0m/eQ/qg41jEK8upwqIBNiT/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUtjgJrQF17EaX6ktNjbRjdihNBJIwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE1MTAxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdbW
MA0GCSqGSIb3DQEBCwUAA4IBAQB1sMBsigGWX4FJ2vSGH9yedhNc4fdKgUefbjEr
koFtz44F/Wa6Zp+zoOJfWcr8d8yp9B6c9/2lordBSR8x1+d1ugdTapYET2UWsYfL
YC2o+GSbX2cLJ8nv8PApcYDhbEEGfYdth/TvyUYkcQTFF7qjznYsjBctO0jVgRte
DpY8atoLEQ966rdehPvCSzq8QRp8yhIst5BAiLpj+bKkRrZKeyDKUGEY43NQ4I+4
Zc7/0VWVrQMZSPFaFVyyolDba9OSW5iFxT3pq6wojP7vwrOg+PsS8+9y8QFXGnuv
s4fQseapENAziiGQLB1+HZOWMpSyJiQvYbpGQ/zGPthRA5MH
-----END CERTIFICATE-----