Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215353.roa
File:                     AS215353.roa (raw, json)
Hash identifier:          cU5/6UFkksIf5snoTuy6l8b21dhkb+/zXOndORZnBbg=
Subject key identifier:   2D:A1:A0:D9:31:52:DB:C5:16:6D:80:84:A4:B8:C0:FE:5D:42:34:06
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5AECAA07A442C38FC45523EFCE889CA86031A1DE
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215353.roa
Signing time:             Tue 23 Jul 2024 17:24:01 +0000
ROA not before:           Tue 23 Jul 2024 17:19:01 +0000
ROA not after:            Tue 22 Jul 2025 17:24:01 +0000
asID:                     215353
IP address blocks:        181.215.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:48:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:ec:aa:07:a4:42:c3:8f:c4:55:23:ef:ce:88:9c:a8:60:31:a1:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul 23 17:19:01 2024 GMT
            Not After : Jul 22 17:24:01 2025 GMT
        Subject: CN=2DA1A0D93152DBC5166D8084A4B8C0FE5D423406
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ab:9a:5f:e7:d9:8f:a4:b0:d8:e9:9c:fa:e7:
                    1c:cd:f6:68:c9:40:5a:da:e2:71:b2:c4:c4:6b:8c:
                    1d:81:9b:14:8f:5a:60:ae:df:7f:f8:03:62:9e:53:
                    f4:1e:19:e1:e2:58:e6:d7:a6:5d:dc:fe:36:8f:16:
                    31:c3:f5:e3:82:7f:44:ef:de:fa:13:66:2e:25:f7:
                    07:85:32:9c:bb:cd:0a:a6:02:20:f4:e9:f5:4e:db:
                    58:3c:9f:ba:1f:05:c5:1e:2b:bc:4d:b8:f7:01:a6:
                    2a:59:09:3a:98:02:22:bc:55:4f:13:2b:d2:f2:c5:
                    f7:d5:94:f4:c7:c5:d1:78:74:9b:8a:28:e3:b2:2a:
                    4d:7d:d7:c6:69:85:0c:4e:86:e1:d2:76:ee:f8:87:
                    8a:fc:ab:1e:e6:ea:2c:ca:d0:11:ea:07:b6:bd:9c:
                    b6:68:9f:8f:d9:72:1b:63:41:c7:98:d6:52:08:76:
                    88:7a:f4:0e:5c:0a:9d:eb:41:25:2c:f9:d7:97:5a:
                    dd:b4:07:5b:98:8a:b9:d3:6a:6b:bc:85:1c:7c:9d:
                    1a:9c:bf:c4:24:0e:1b:a0:57:2a:8a:0d:2e:0f:eb:
                    56:7c:1a:a0:e6:31:a1:1e:bb:30:bc:0c:00:6d:fa:
                    13:b0:08:0e:44:97:98:41:1c:96:c1:01:fa:ea:dc:
                    1a:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:A1:A0:D9:31:52:DB:C5:16:6D:80:84:A4:B8:C0:FE:5D:42:34:06
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215353.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:d1:be:25:d9:87:fd:39:14:f0:b2:71:ad:71:f4:60:15:6d:
         86:82:2e:33:88:0c:20:52:ea:f2:03:af:51:d7:bf:03:76:da:
         76:aa:28:a2:e6:bd:ca:12:79:5f:d9:ca:b0:b1:12:3e:ad:a0:
         a6:bd:a1:f1:75:3b:66:f1:9e:4a:3b:71:d6:29:10:bb:28:83:
         4c:b3:be:7e:bc:10:3c:87:33:b5:db:77:e5:03:9b:08:6e:49:
         3b:79:08:00:bf:8c:ae:92:2c:b2:c7:b1:05:52:97:56:4d:e7:
         89:9e:a5:05:76:c8:71:92:cb:ff:32:92:d4:69:a1:75:b6:82:
         b6:af:c5:da:42:a8:79:28:64:ea:66:67:e0:4e:71:11:81:54:
         b5:0b:7e:f7:dc:10:0f:92:7a:a4:06:11:90:cd:7e:5b:fb:14:
         2c:c5:da:21:5b:fc:05:3f:e8:58:65:d5:38:0f:02:f9:a0:12:
         a8:77:dc:55:23:d1:12:d6:af:6b:d1:3f:0e:99:4c:13:39:40:
         79:b4:44:e2:38:c5:9e:77:e6:14:37:c3:28:d8:57:eb:71:5e:
         2c:6c:30:27:38:0d:e0:7b:f2:86:48:9d:fe:00:4a:9e:ae:9d:
         97:e7:68:b1:dc:3f:aa:65:92:df:fe:9f:8e:fc:ce:ec:bb:b0:
         a0:61:0a:2d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUWuyqB6RCw4/EVSPvzoicqGAxod4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA3MjMxNzE5MDFaFw0yNTA3MjIxNzI0MDFaMDMxMTAvBgNV
BAMTKDJEQTFBMEQ5MzE1MkRCQzUxNjZEODA4NEE0QjhDMEZFNUQ0MjM0MDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5q5pf59mPpLDY6Zz65xzN9mjJ
QFra4nGyxMRrjB2BmxSPWmCu33/4A2KeU/QeGeHiWObXpl3c/jaPFjHD9eOCf0Tv
3voTZi4l9weFMpy7zQqmAiD06fVO21g8n7ofBcUeK7xNuPcBpipZCTqYAiK8VU8T
K9LyxffVlPTHxdF4dJuKKOOyKk1918ZphQxOhuHSdu74h4r8qx7m6izK0BHqB7a9
nLZon4/ZchtjQceY1lIIdoh69A5cCp3rQSUs+deXWt20B1uYirnTamu8hRx8nRqc
v8QkDhugVyqKDS4P61Z8GqDmMaEeuzC8DABt+hOwCA5El5hBHJbBAfrq3BqRAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQULaGg2TFS28UWbYCEpLjA/l1CNAYwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE1MzUzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdc8
MA0GCSqGSIb3DQEBCwUAA4IBAQBf0b4l2Yf9ORTwsnGtcfRgFW2Ggi4ziAwgUury
A69R178Ddtp2qiii5r3KEnlf2cqwsRI+raCmvaHxdTtm8Z5KO3HWKRC7KINMs75+
vBA8hzO123flA5sIbkk7eQgAv4yukiyyx7EFUpdWTeeJnqUFdshxksv/MpLUaaF1
toK2r8XaQqh5KGTqZmfgTnERgVS1C3733BAPknqkBhGQzX5b+xQsxdohW/wFP+hY
ZdU4DwL5oBKod9xVI9ES1q9r0T8OmUwTOUB5tETiOMWed+YUN8Mo2FfrcV4sbDAn
OA3ge/KGSJ3+AEqerp2X52ix3D+qZZLf/p+O/M7su7CgYQot
-----END CERTIFICATE-----