Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215528.roa
File:                     AS215528.roa (raw, json)
Hash identifier:          EvSDlH2Iy5av5FLcoN59tI4O7KZAXmlUBbs1E26EMKM=
Subject key identifier:   63:D0:57:38:07:E5:17:F2:07:BE:C8:22:A3:DE:36:C1:34:1D:89:EF
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       08F4AD5D4BE3CD68185D216941D8CB20B0B4DAAB
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215528.roa
Signing time:             Fri 04 Oct 2024 13:59:47 +0000
ROA not before:           Fri 04 Oct 2024 13:54:47 +0000
ROA not after:            Fri 03 Oct 2025 13:59:47 +0000
asID:                     215528
IP address blocks:        191.101.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 07:05:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:f4:ad:5d:4b:e3:cd:68:18:5d:21:69:41:d8:cb:20:b0:b4:da:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Oct  4 13:54:47 2024 GMT
            Not After : Oct  3 13:59:47 2025 GMT
        Subject: CN=63D0573807E517F207BEC822A3DE36C1341D89EF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:52:2d:73:38:9f:90:c5:1b:0f:91:21:e8:5a:
                    5b:a1:f5:56:6a:0b:de:1f:9f:02:45:83:b0:bc:4b:
                    85:c0:83:16:3c:3a:d6:f9:5d:14:47:c0:ba:28:e6:
                    a6:78:62:42:fc:74:fa:0a:fa:a1:af:b9:9d:17:6f:
                    1c:00:a6:d8:74:9a:27:d5:5d:5b:f1:ca:bd:46:d8:
                    76:f7:ff:39:00:50:c6:df:a9:c3:f6:66:2d:c6:f7:
                    2c:fb:8d:0b:a4:04:c0:fa:0d:aa:d5:b1:f6:11:5f:
                    ed:f1:44:f4:93:8d:83:5d:54:4c:d5:1e:d6:e6:7b:
                    57:b8:a6:80:3c:fe:89:a4:1f:01:2a:23:a3:17:0c:
                    49:30:82:d4:f6:b0:95:40:dd:e6:df:9c:8e:27:c9:
                    0d:76:2a:f7:fc:ba:ab:23:48:c6:ec:8c:4e:a8:0d:
                    5a:6e:bc:e2:51:58:ad:13:e9:f8:ff:a6:40:ba:ec:
                    78:d0:d9:5d:80:25:ce:68:36:81:8e:c2:9e:68:f2:
                    b9:3d:46:5c:1c:d6:80:39:9a:ba:59:1a:7a:f5:18:
                    cf:ee:b9:24:cd:5b:6f:d7:90:b5:99:f7:5d:db:40:
                    ee:e2:f8:be:61:e5:a4:88:a3:3b:b6:5a:1d:79:42:
                    61:b3:28:f9:d7:62:9a:9d:b8:fc:4d:f7:41:67:bc:
                    3a:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:D0:57:38:07:E5:17:F2:07:BE:C8:22:A3:DE:36:C1:34:1D:89:EF
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215528.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:54:ce:37:21:1a:b7:67:4c:b4:e7:01:14:af:be:48:46:3f:
         95:67:de:53:48:cb:b7:42:7e:6b:63:24:c9:ae:bb:8c:dc:d3:
         1e:a0:ba:b6:3b:89:49:8e:11:0a:7c:d2:ea:f3:63:47:c8:85:
         ef:5a:2c:56:4b:5a:12:ac:c1:3e:28:ab:d9:fa:6c:6f:b5:67:
         8f:40:2a:44:03:0e:1a:17:a9:89:4b:2e:50:ce:61:61:a2:cf:
         7f:51:e2:eb:14:8a:93:40:50:e3:8b:5a:58:ec:ff:aa:de:79:
         88:2f:a5:f5:47:b1:78:02:e3:98:4f:72:aa:1b:90:54:54:23:
         a4:c0:12:2b:ef:b0:7b:91:1f:d0:9e:91:71:83:6d:d0:fa:80:
         3b:d0:27:98:d1:30:0a:2f:e5:86:81:02:46:62:ab:5b:36:57:
         81:07:cf:e5:bc:26:df:88:95:9e:97:01:aa:98:07:a5:33:b7:
         0e:b2:97:6e:36:5b:0d:4c:ff:bd:92:ee:91:78:ab:b6:ce:70:
         5a:9f:b4:d9:28:e9:a3:73:2b:7f:38:26:30:d6:53:fe:50:48:
         2a:00:51:d1:14:98:34:84:38:53:c3:55:cf:2f:a6:98:f1:04:
         51:c7:d5:d6:7d:01:fd:21:7f:11:2d:fc:a4:14:b0:50:4e:2b:
         34:8a:6c:55
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUCPStXUvjzWgYXSFpQdjLILC02qswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDEwMDQxMzU0NDdaFw0yNTEwMDMxMzU5NDdaMDMxMTAvBgNV
BAMTKDYzRDA1NzM4MDdFNTE3RjIwN0JFQzgyMkEzREUzNkMxMzQxRDg5RUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfUi1zOJ+QxRsPkSHoWluh9VZq
C94fnwJFg7C8S4XAgxY8Otb5XRRHwLoo5qZ4YkL8dPoK+qGvuZ0XbxwApth0mifV
XVvxyr1G2Hb3/zkAUMbfqcP2Zi3G9yz7jQukBMD6DarVsfYRX+3xRPSTjYNdVEzV
Htbme1e4poA8/omkHwEqI6MXDEkwgtT2sJVA3ebfnI4nyQ12Kvf8uqsjSMbsjE6o
DVpuvOJRWK0T6fj/pkC67HjQ2V2AJc5oNoGOwp5o8rk9Rlwc1oA5mrpZGnr1GM/u
uSTNW2/XkLWZ913bQO7i+L5h5aSIozu2Wh15QmGzKPnXYpqduPxN90FnvDpFAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUY9BXOAflF/IHvsgio942wTQdie8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE1NTI4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2WI
MA0GCSqGSIb3DQEBCwUAA4IBAQCJVM43IRq3Z0y05wEUr75IRj+VZ95TSMu3Qn5r
YyTJrruM3NMeoLq2O4lJjhEKfNLq82NHyIXvWixWS1oSrME+KKvZ+mxvtWePQCpE
Aw4aF6mJSy5QzmFhos9/UeLrFIqTQFDji1pY7P+q3nmIL6X1R7F4AuOYT3KqG5BU
VCOkwBIr77B7kR/QnpFxg23Q+oA70CeY0TAKL+WGgQJGYqtbNleBB8/lvCbfiJWe
lwGqmAelM7cOspduNlsNTP+9ku6ReKu2znBan7TZKOmjcyt/OCYw1lP+UEgqAFHR
FJg0hDhTw1XPL6aY8QRRx9XWfQH9IX8RLfykFLBQTis0imxV
-----END CERTIFICATE-----