Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215672.roa
File:                     AS215672.roa (raw, json)
Hash identifier:          LjX8+pDPkfd7eAkSKnHFeRFgsHf2UMP4Fd2UVqr9WNg=
Subject key identifier:   12:59:E4:F6:16:86:24:63:E9:95:DF:41:AC:64:60:44:B4:32:BA:55
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       0B1F4E4C98945080A2C21A77B14AF4791050EBC0
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215672.roa
Signing time:             Tue 28 Jan 2025 03:02:54 +0000
ROA not before:           Tue 28 Jan 2025 02:57:54 +0000
ROA not after:            Tue 27 Jan 2026 03:02:54 +0000
asID:                     215672
IP address blocks:        85.208.72.0/24 maxlen: 24
                          191.96.206.0/24 maxlen: 24
                          191.101.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 07:05:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:1f:4e:4c:98:94:50:80:a2:c2:1a:77:b1:4a:f4:79:10:50:eb:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 28 02:57:54 2025 GMT
            Not After : Jan 27 03:02:54 2026 GMT
        Subject: CN=1259E4F616862463E995DF41AC646044B432BA55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:6a:ba:7e:84:b5:c2:c9:2a:55:cc:f0:1b:31:
                    b9:5e:89:29:09:49:ba:f4:ef:b5:72:7b:6d:f4:a6:
                    25:b0:a2:9d:7b:e7:dc:9e:33:db:87:ca:50:2f:b3:
                    78:5f:13:e3:f6:91:48:3c:0b:74:42:2a:4d:9c:50:
                    5b:53:f2:60:48:5c:14:b6:cf:23:8d:27:b3:1a:9c:
                    fa:f4:d9:83:a9:9b:04:d9:a2:fd:f4:a9:14:13:42:
                    19:ba:ee:1d:0d:ea:c1:38:d4:9b:5b:a8:cd:cd:47:
                    01:e0:98:72:d4:a7:62:44:e6:c2:c8:ff:f4:68:6f:
                    35:8e:64:18:a6:40:f0:b1:b8:a7:13:58:10:9d:b2:
                    d3:81:fa:00:d8:e4:a8:a0:70:cd:45:71:f2:90:33:
                    e4:76:75:c4:a4:60:14:99:51:ae:0c:55:95:8d:bc:
                    57:ae:bf:c2:5e:bd:b0:8a:4a:f3:82:73:3d:49:ab:
                    36:b2:a7:c4:e0:73:06:ad:84:f4:2e:d6:e2:c2:dd:
                    e5:46:e8:0e:03:fd:67:6e:6a:a1:3b:f1:b3:e7:4c:
                    7f:d7:03:63:3c:3b:1c:4b:f8:a2:9a:12:c7:02:b7:
                    ba:ec:27:14:25:f6:78:68:7a:b7:61:84:19:f4:5b:
                    62:98:36:fe:5a:6d:22:cb:97:53:ea:53:fb:3b:db:
                    c9:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:59:E4:F6:16:86:24:63:E9:95:DF:41:AC:64:60:44:B4:32:BA:55
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215672.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.72.0/24
                  191.96.206.0/24
                  191.101.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:02:08:55:1f:5b:22:d2:00:a6:98:c7:72:35:0e:1e:09:ea:
         12:f6:d9:35:1c:fe:b4:0a:ca:0f:dd:b9:f3:7c:67:bd:41:52:
         e9:e4:b7:05:30:3b:7d:6c:c1:a4:14:11:59:81:4a:e5:b2:16:
         3b:01:fd:32:30:02:95:9a:b6:59:cf:98:50:38:78:d5:61:79:
         cf:26:88:81:31:0f:a5:2e:ac:99:20:39:8b:f5:4e:bb:58:b8:
         10:05:a8:3a:d9:16:e3:d2:4b:b9:31:87:ec:8a:30:41:ee:e9:
         a6:ac:8d:02:c5:6c:6f:d7:35:81:b9:16:ec:c6:14:f6:b4:8d:
         ab:c3:c7:a5:3f:85:21:6b:e1:8a:c2:e4:78:3c:25:e4:15:35:
         1a:1c:c0:91:e4:a0:4c:6c:c6:b7:ca:aa:b4:2d:b5:30:f9:39:
         1c:dd:f8:b2:9f:5d:c2:4c:b7:5f:20:57:06:95:43:c9:4c:fa:
         30:e4:f5:cf:b5:c6:b4:da:bb:af:8b:53:15:49:69:a3:96:06:
         84:87:be:04:a4:d1:f1:9e:97:0e:d3:50:57:c5:4c:f6:5f:69:
         b1:45:4c:67:6d:79:a1:e8:26:2b:34:97:0a:5a:d0:df:bb:21:
         30:e5:50:d7:fc:4b:c3:f3:c9:a3:ee:18:a9:01:d9:5a:0c:3f:
         b5:ff:4a:a3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUCx9OTJiUUICiwhp3sUr0eRBQ68AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAxMjgwMjU3NTRaFw0yNjAxMjcwMzAyNTRaMDMxMTAvBgNV
BAMTKDEyNTlFNEY2MTY4NjI0NjNFOTk1REY0MUFDNjQ2MDQ0QjQzMkJBNTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7arp+hLXCySpVzPAbMbleiSkJ
Sbr077Vye230piWwop1759yeM9uHylAvs3hfE+P2kUg8C3RCKk2cUFtT8mBIXBS2
zyONJ7ManPr02YOpmwTZov30qRQTQhm67h0N6sE41JtbqM3NRwHgmHLUp2JE5sLI
//RobzWOZBimQPCxuKcTWBCdstOB+gDY5KigcM1FcfKQM+R2dcSkYBSZUa4MVZWN
vFeuv8JevbCKSvOCcz1Jqzayp8TgcwathPQu1uLC3eVG6A4D/WduaqE78bPnTH/X
A2M8OxxL+KKaEscCt7rsJxQl9nhoerdhhBn0W2KYNv5abSLLl1PqU/s728kvAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUElnk9haGJGPpld9BrGRgRLQyulUwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE1NjcyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVdBI
AwQAv2DOAwQAv2WwMA0GCSqGSIb3DQEBCwUAA4IBAQB+AghVH1si0gCmmMdyNQ4e
CeoS9tk1HP60CsoP3bnzfGe9QVLp5LcFMDt9bMGkFBFZgUrlshY7Af0yMAKVmrZZ
z5hQOHjVYXnPJoiBMQ+lLqyZIDmL9U67WLgQBag62Rbj0ku5MYfsijBB7ummrI0C
xWxv1zWBuRbsxhT2tI2rw8elP4Uha+GKwuR4PCXkFTUaHMCR5KBMbMa3yqq0LbUw
+Tkc3fiyn13CTLdfIFcGlUPJTPow5PXPtca02ruvi1MVSWmjlgaEh74EpNHxnpcO
01BXxUz2X2mxRUxnbXmh6CYrNJcKWtDfuyEw5VDX/EvD88mj7hipAdlaDD+1/0qj
-----END CERTIFICATE-----