Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS216414.roa
File:                     AS216414.roa (raw, json)
Hash identifier:          N8bEov1kdk6ObqlmR6Jj63Q8FCTL0NMLHAIvu8NfZtA=
Subject key identifier:   12:84:AD:32:F0:1A:C0:14:5C:99:DA:1B:0D:85:B6:9F:E4:41:BA:8A
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1B26AE60F379ABEA79F7B0E094E831708B683CE9
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS216414.roa
Signing time:             Wed 31 Jul 2024 08:05:19 +0000
ROA not before:           Wed 31 Jul 2024 08:00:19 +0000
ROA not after:            Wed 30 Jul 2025 08:05:19 +0000
asID:                     216414
IP address blocks:        181.215.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:48:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:26:ae:60:f3:79:ab:ea:79:f7:b0:e0:94:e8:31:70:8b:68:3c:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul 31 08:00:19 2024 GMT
            Not After : Jul 30 08:05:19 2025 GMT
        Subject: CN=1284AD32F01AC0145C99DA1B0D85B69FE441BA8A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:3b:c3:23:1b:99:c4:f5:d1:d3:c8:d0:ff:48:
                    19:84:a7:a9:89:e5:82:40:6d:86:56:36:5e:bd:56:
                    2e:a8:7e:b1:57:43:15:59:f5:2d:cf:c5:50:cf:fd:
                    d4:4f:3d:af:2d:04:6e:5b:07:60:9e:c6:9f:72:e9:
                    95:6d:6a:3e:aa:12:eb:73:c3:69:f0:46:18:73:28:
                    ca:1d:e1:9a:b8:cc:a5:b1:a3:e3:17:f9:4b:58:89:
                    9d:7e:35:82:7c:d3:88:de:98:6f:4d:ff:46:0d:3e:
                    bb:c3:24:dc:f7:d7:a3:8e:74:46:be:36:f4:0c:f0:
                    0e:b3:34:d5:46:f8:a5:7d:f3:2a:06:67:c5:f7:81:
                    9f:14:0d:01:31:33:25:69:6c:18:6b:e3:64:e0:09:
                    3d:23:61:3f:39:ed:b3:e6:a1:e5:b4:53:49:21:11:
                    a3:97:f9:81:c5:a8:a2:e8:e0:6d:01:c6:eb:ff:dd:
                    5f:6d:bc:a2:d1:c6:e3:42:52:29:b8:79:8f:24:2d:
                    69:7e:b7:28:99:ab:3e:ee:d4:af:ab:29:d6:52:ce:
                    7d:8a:d4:3b:58:04:be:1a:e6:2d:ad:94:a6:c1:16:
                    96:e3:cd:4c:6c:c6:e1:d2:cd:10:ae:a6:71:8a:15:
                    af:fe:8e:f3:82:37:c9:b9:96:9d:b2:eb:af:99:3b:
                    50:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:84:AD:32:F0:1A:C0:14:5C:99:DA:1B:0D:85:B6:9F:E4:41:BA:8A
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS216414.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:df:a0:9b:08:74:6e:df:42:ac:80:0d:6c:2d:f9:77:05:20:
         6d:aa:9f:78:b0:71:2a:51:3b:52:7e:1d:3f:9c:a7:77:d1:1e:
         1f:1d:23:77:49:99:6a:65:a8:77:53:bb:d7:57:2e:b6:a4:b2:
         f9:69:4f:09:d3:d5:0b:0c:ac:7f:17:ab:e1:09:4c:fc:3d:96:
         72:84:14:af:11:79:eb:f8:34:b0:33:4e:9d:2d:c9:be:f2:d5:
         43:9f:ba:43:7a:94:12:19:c6:d1:64:7f:c5:da:65:e3:58:ab:
         25:1f:7d:54:2e:af:d4:ec:2d:61:9b:61:20:6a:3c:14:fd:e9:
         74:c1:d0:b3:ed:64:06:98:8d:94:75:e2:9b:ee:86:82:3c:68:
         26:e8:e9:50:09:65:54:b5:b0:46:fe:2a:ca:25:28:8c:58:ed:
         93:08:c8:b1:d7:57:fe:e1:de:fe:c9:ad:7d:82:2d:83:f2:df:
         ce:b7:be:06:7c:ec:df:74:c6:52:b9:36:c7:82:2e:e3:84:e1:
         b3:fe:31:8c:45:84:da:26:b0:86:23:6b:d7:13:00:89:2d:39:
         8a:15:87:c3:54:9d:5d:00:d9:bd:8b:88:3d:e7:db:21:32:aa:
         fe:49:2e:0d:84:03:82:84:d7:f4:79:dc:fc:6d:b9:2c:4f:c1:
         b2:ec:a9:4b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUGyauYPN5q+p597DglOgxcItoPOkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA3MzEwODAwMTlaFw0yNTA3MzAwODA1MTlaMDMxMTAvBgNV
BAMTKDEyODRBRDMyRjAxQUMwMTQ1Qzk5REExQjBEODVCNjlGRTQ0MUJBOEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUO8MjG5nE9dHTyND/SBmEp6mJ
5YJAbYZWNl69Vi6ofrFXQxVZ9S3PxVDP/dRPPa8tBG5bB2Cexp9y6ZVtaj6qEutz
w2nwRhhzKMod4Zq4zKWxo+MX+UtYiZ1+NYJ804jemG9N/0YNPrvDJNz316OOdEa+
NvQM8A6zNNVG+KV98yoGZ8X3gZ8UDQExMyVpbBhr42TgCT0jYT857bPmoeW0U0kh
EaOX+YHFqKLo4G0Bxuv/3V9tvKLRxuNCUim4eY8kLWl+tyiZqz7u1K+rKdZSzn2K
1DtYBL4a5i2tlKbBFpbjzUxsxuHSzRCupnGKFa/+jvOCN8m5lp2y66+ZO1BRAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUEoStMvAawBRcmdobDYW2n+RBuoowHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE2NDE0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdcW
MA0GCSqGSIb3DQEBCwUAA4IBAQAH36CbCHRu30KsgA1sLfl3BSBtqp94sHEqUTtS
fh0/nKd30R4fHSN3SZlqZah3U7vXVy62pLL5aU8J09ULDKx/F6vhCUz8PZZyhBSv
EXnr+DSwM06dLcm+8tVDn7pDepQSGcbRZH/F2mXjWKslH31ULq/U7C1hm2EgajwU
/el0wdCz7WQGmI2UdeKb7oaCPGgm6OlQCWVUtbBG/irKJSiMWO2TCMix11f+4d7+
ya19gi2D8t/Ot74GfOzfdMZSuTbHgi7jhOGz/jGMRYTaJrCGI2vXEwCJLTmKFYfD
VJ1dANm9i4g959shMqr+SS4NhAOChNf0edz8bbksT8Gy7KlL
-----END CERTIFICATE-----