Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215311.roa
File:                     AS215311.roa (raw, json)
Hash identifier:          XJNSShUq32QQFhZbG8REhe6ssMCecpZRnS6ScWjLvFU=
Subject key identifier:   C5:38:27:7F:A3:5F:68:B9:5B:71:7D:BE:49:AF:81:E3:5B:D2:C8:6A
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1EADF0B0CD3BC7EF62A8A52A0F7410F47650BFE0
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215311.roa
Signing time:             Sun 21 Jul 2024 08:48:01 +0000
ROA not before:           Sun 21 Jul 2024 08:43:01 +0000
ROA not after:            Sun 20 Jul 2025 08:48:01 +0000
asID:                     215311
IP address blocks:        181.215.39.0/24 maxlen: 24
                          193.31.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 07:05:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:ad:f0:b0:cd:3b:c7:ef:62:a8:a5:2a:0f:74:10:f4:76:50:bf:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul 21 08:43:01 2024 GMT
            Not After : Jul 20 08:48:01 2025 GMT
        Subject: CN=C538277FA35F68B95B717DBE49AF81E35BD2C86A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:f0:45:b5:60:21:80:96:91:56:06:03:e9:3f:
                    4b:30:32:94:fd:14:b9:1c:a4:3a:b0:74:94:9c:b2:
                    f4:91:7b:44:ef:02:8d:02:5d:d3:02:1d:34:08:45:
                    81:2e:4d:6e:a6:83:0d:c2:3c:5a:f3:c1:8e:23:a1:
                    da:39:e6:5a:63:32:dc:58:08:5c:9a:71:88:78:08:
                    32:37:e0:88:1a:38:86:e8:1a:68:44:3a:90:85:4e:
                    15:af:13:a2:c2:69:a7:75:e2:3a:72:7c:03:7e:09:
                    20:3f:11:37:47:f7:5d:15:00:aa:1f:fe:e3:4e:49:
                    ed:18:b4:f9:64:df:ab:43:f3:82:3f:06:64:96:e7:
                    1b:45:25:07:33:fc:75:1f:90:ec:ba:0b:dd:06:a7:
                    d5:15:85:20:af:0b:52:24:7d:ae:7e:59:c5:80:e8:
                    fe:88:5e:a3:d7:60:0e:e3:d4:d3:6e:ca:20:e3:5d:
                    cd:2a:22:50:51:1e:f4:da:38:b0:46:1e:4a:b0:d2:
                    14:f9:ad:05:a9:ab:86:3d:97:c5:dc:0d:cd:e5:09:
                    f8:fd:23:24:10:9c:2f:1e:a4:11:8d:d7:df:25:3a:
                    ba:3d:a3:da:da:d8:1d:2f:6d:56:5c:f7:0a:21:bb:
                    1b:49:78:b2:08:ab:61:05:81:23:23:96:a1:fa:49:
                    df:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:38:27:7F:A3:5F:68:B9:5B:71:7D:BE:49:AF:81:E3:5B:D2:C8:6A
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215311.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.39.0/24
                  193.31.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:bf:44:36:90:74:24:df:44:12:dd:91:ec:1f:59:0f:55:66:
         df:e6:7e:2e:dd:4a:3b:72:27:65:e3:56:96:27:ae:31:29:f1:
         b8:8f:a8:0f:c2:dd:c5:9f:7a:83:66:e0:65:dd:e0:da:f9:91:
         ba:4c:9e:12:74:8b:8e:50:61:6b:8c:c3:11:55:4a:ba:f7:d3:
         51:f2:55:b9:b9:31:eb:6a:a6:0c:d6:fe:25:92:07:99:85:de:
         ab:65:47:05:6b:9e:ab:d6:ef:1d:73:9d:31:61:0c:b8:90:37:
         0b:0d:10:bc:0a:21:e2:4c:c8:d2:84:bc:19:51:25:11:69:11:
         3c:26:29:06:93:ba:76:80:bf:e9:07:71:4c:c4:8a:85:97:bc:
         7e:0a:7a:08:e8:14:f2:a4:de:cd:9a:0f:f1:db:94:77:62:48:
         d9:09:59:d3:d0:ab:dc:4e:a5:5e:e3:f8:0a:0d:44:46:1e:c9:
         68:d3:13:13:d0:59:ed:8a:5e:c9:8a:ad:fb:7d:c6:1b:3c:2a:
         f0:aa:52:61:67:d4:72:41:b7:da:35:4d:fd:c3:5a:90:05:9c:
         c7:4b:ce:62:26:2f:58:c0:01:d4:33:c8:65:9a:e8:e7:71:f3:
         f0:42:17:93:0c:1f:41:c0:0d:49:cf:7e:5f:db:af:53:a8:dd:
         71:0a:55:2d
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUHq3wsM07x+9iqKUqD3QQ9HZQv+AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA3MjEwODQzMDFaFw0yNTA3MjAwODQ4MDFaMDMxMTAvBgNV
BAMTKEM1MzgyNzdGQTM1RjY4Qjk1QjcxN0RCRTQ5QUY4MUUzNUJEMkM4NkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC48EW1YCGAlpFWBgPpP0swMpT9
FLkcpDqwdJScsvSRe0TvAo0CXdMCHTQIRYEuTW6mgw3CPFrzwY4jodo55lpjMtxY
CFyacYh4CDI34IgaOIboGmhEOpCFThWvE6LCaad14jpyfAN+CSA/ETdH910VAKof
/uNOSe0YtPlk36tD84I/BmSW5xtFJQcz/HUfkOy6C90Gp9UVhSCvC1Ikfa5+WcWA
6P6IXqPXYA7j1NNuyiDjXc0qIlBRHvTaOLBGHkqw0hT5rQWpq4Y9l8XcDc3lCfj9
IyQQnC8epBGN198lOro9o9ra2B0vbVZc9wohuxtJeLIIq2EFgSMjlqH6Sd8jAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUxTgnf6NfaLlbcX2+Sa+B41vSyGowHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE1MzExLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAtdcn
AwQAwR8pMA0GCSqGSIb3DQEBCwUAA4IBAQCev0Q2kHQk30QS3ZHsH1kPVWbf5n4u
3Uo7cidl41aWJ64xKfG4j6gPwt3Fn3qDZuBl3eDa+ZG6TJ4SdIuOUGFrjMMRVUq6
99NR8lW5uTHraqYM1v4lkgeZhd6rZUcFa56r1u8dc50xYQy4kDcLDRC8CiHiTMjS
hLwZUSURaRE8JikGk7p2gL/pB3FMxIqFl7x+CnoI6BTypN7Nmg/x25R3YkjZCVnT
0KvcTqVe4/gKDURGHslo0xMT0Fntil7Jiq37fcYbPCrwqlJhZ9RyQbfaNU39w1qQ
BZzHS85iJi9YwAHUM8hlmujncfPwQheTDB9BwA1Jz35f269TqN1xClUt
-----END CERTIFICATE-----