Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215703.roa
File:                     AS215703.roa (raw, json)
Hash identifier:          /j/7bA+eqHUciJvla+DCXSFXP+2il8ULOoMDl4i4p7M=
Subject key identifier:   CD:92:34:F7:40:A0:95:39:30:72:7B:7B:E5:45:97:10:CE:3F:A7:24
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       2174D9F5476EB18675FB91033CC6A860725BA7F2
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215703.roa
Signing time:             Sat 10 Aug 2024 16:23:00 +0000
ROA not before:           Sat 10 Aug 2024 16:18:00 +0000
ROA not after:            Sat 09 Aug 2025 16:23:00 +0000
asID:                     215703
IP address blocks:        179.61.132.0/24 maxlen: 24
                          191.96.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:48:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:74:d9:f5:47:6e:b1:86:75:fb:91:03:3c:c6:a8:60:72:5b:a7:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug 10 16:18:00 2024 GMT
            Not After : Aug  9 16:23:00 2025 GMT
        Subject: CN=CD9234F740A0953930727B7BE5459710CE3FA724
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:e2:46:30:c9:15:e5:34:5b:f4:84:bb:59:80:
                    be:b7:a9:4c:62:8c:f5:2f:10:77:ee:70:32:6c:7a:
                    98:49:5f:73:b3:5e:fa:1c:cd:7f:9f:a5:d5:54:d3:
                    4d:f2:a9:cd:1e:40:34:45:b4:6e:1c:a4:6c:f3:90:
                    64:95:c0:43:f6:05:3e:98:f9:01:3d:3f:48:75:bc:
                    b2:3b:02:20:71:f8:c9:81:99:f2:e9:2c:f3:91:44:
                    ea:6f:64:06:6e:d9:32:fa:4f:07:b0:b8:33:a6:5e:
                    00:68:14:73:d4:4c:c0:e5:0d:20:00:7c:27:99:f4:
                    38:46:15:46:f2:b8:2e:26:ac:8a:ba:52:7f:cf:eb:
                    31:1b:51:db:65:c8:11:42:58:3c:ff:7f:26:79:d8:
                    68:a4:e5:47:5b:55:9a:4c:6f:07:1a:51:40:f0:22:
                    31:64:43:d6:e3:ce:e0:6e:c5:ec:60:a8:0b:7b:ea:
                    aa:ff:42:69:01:7a:06:2a:90:03:f0:d5:6e:38:b5:
                    16:ad:fe:d0:6f:f3:40:67:75:a2:86:88:5e:15:2e:
                    45:03:26:a4:d9:db:7b:d5:bf:17:0f:9d:78:d3:08:
                    75:6a:d7:04:aa:36:81:60:d4:2f:28:d3:74:92:58:
                    a6:5c:cb:d5:82:13:33:f4:bf:d0:ac:75:45:71:a7:
                    a4:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:92:34:F7:40:A0:95:39:30:72:7B:7B:E5:45:97:10:CE:3F:A7:24
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215703.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.132.0/24
                  191.96.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:c0:0a:cd:0e:c2:ea:76:33:9a:f4:f1:f4:cf:9d:32:39:b9:
         56:94:32:25:62:51:b0:ea:d1:c5:7f:62:44:9d:a7:35:49:30:
         dd:a3:2b:91:f6:9f:4a:9e:87:a7:4a:ca:97:fe:61:d0:35:c1:
         9b:9d:32:fc:1c:bb:74:55:8c:9c:cc:53:8f:40:d1:68:64:74:
         24:27:cf:ce:23:06:e4:c1:8c:e8:8f:a1:2e:25:51:cc:c3:08:
         ec:60:ff:da:39:89:65:55:da:b2:97:51:72:0b:01:e4:dd:b9:
         0b:2c:a2:c5:3e:b1:73:03:0b:c1:62:d6:7d:e9:5b:70:f9:25:
         d9:18:64:9e:1e:db:cc:c8:db:31:06:c4:98:15:b6:60:a3:c6:
         ba:26:1e:e6:f1:c5:a4:2d:5c:2d:5e:44:5b:17:cc:f3:c2:5f:
         b8:f4:d8:0e:a0:ad:d1:88:51:8c:25:4f:83:5d:1d:e7:57:05:
         55:99:de:15:23:f3:e0:33:b3:1a:5e:ec:db:56:d5:0c:46:fb:
         c2:fa:d9:ad:da:63:dc:a8:d8:29:68:7b:00:f3:c3:1c:d9:29:
         69:58:c1:df:f2:b5:c8:e1:c7:1e:2b:85:14:eb:30:60:e4:5a:
         0e:64:b1:62:78:d3:3d:30:a2:2e:bf:f6:ca:a8:36:33:02:81:
         1f:42:7b:26
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUIXTZ9UdusYZ1+5EDPMaoYHJbp/IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA4MTAxNjE4MDBaFw0yNTA4MDkxNjIzMDBaMDMxMTAvBgNV
BAMTKENEOTIzNEY3NDBBMDk1MzkzMDcyN0I3QkU1NDU5NzEwQ0UzRkE3MjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD4kYwyRXlNFv0hLtZgL63qUxi
jPUvEHfucDJsephJX3OzXvoczX+fpdVU003yqc0eQDRFtG4cpGzzkGSVwEP2BT6Y
+QE9P0h1vLI7AiBx+MmBmfLpLPORROpvZAZu2TL6TwewuDOmXgBoFHPUTMDlDSAA
fCeZ9DhGFUbyuC4mrIq6Un/P6zEbUdtlyBFCWDz/fyZ52Gik5UdbVZpMbwcaUUDw
IjFkQ9bjzuBuxexgqAt76qr/QmkBegYqkAPw1W44tRat/tBv80BndaKGiF4VLkUD
JqTZ23vVvxcPnXjTCHVq1wSqNoFg1C8o03SSWKZcy9WCEzP0v9CsdUVxp6S9AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUzZI090CglTkwcnt75UWXEM4/pyQwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE1NzAzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsz2E
AwQAv2BeMA0GCSqGSIb3DQEBCwUAA4IBAQA8wArNDsLqdjOa9PH0z50yOblWlDIl
YlGw6tHFf2JEnac1STDdoyuR9p9KnoenSsqX/mHQNcGbnTL8HLt0VYyczFOPQNFo
ZHQkJ8/OIwbkwYzoj6EuJVHMwwjsYP/aOYllVdqyl1FyCwHk3bkLLKLFPrFzAwvB
YtZ96Vtw+SXZGGSeHtvMyNsxBsSYFbZgo8a6Jh7m8cWkLVwtXkRbF8zzwl+49NgO
oK3RiFGMJU+DXR3nVwVVmd4VI/PgM7MaXuzbVtUMRvvC+tmt2mPcqNgpaHsA88Mc
2SlpWMHf8rXI4cceK4UU6zBg5FoOZLFieNM9MKIuv/bKqDYzAoEfQnsm
-----END CERTIFICATE-----