Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS270764.roa
File:                     AS270764.roa (raw, json)
Hash identifier:          AqgBghWY81LR/haEw8Qs5asrKLFEdWF6M30Mwdh0Aiw=
Subject key identifier:   CA:EA:3C:5A:F8:BD:D6:32:61:DF:5F:70:71:0D:26:ED:E1:BC:36:27
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       2FA06B9814E08C95BBD1A0D297AFC369EB1E8790
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS270764.roa
Signing time:             Thu 19 Sep 2024 15:27:58 +0000
ROA not before:           Thu 19 Sep 2024 15:22:58 +0000
ROA not after:            Thu 18 Sep 2025 15:27:58 +0000
asID:                     270764
IP address blocks:        181.215.236.0/24 maxlen: 24
                          181.215.253.0/24 maxlen: 24
                          181.215.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:48:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:a0:6b:98:14:e0:8c:95:bb:d1:a0:d2:97:af:c3:69:eb:1e:87:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Sep 19 15:22:58 2024 GMT
            Not After : Sep 18 15:27:58 2025 GMT
        Subject: CN=CAEA3C5AF8BDD63261DF5F70710D26EDE1BC3627
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:c7:6a:6b:9b:8a:4c:ca:87:75:df:51:89:9c:
                    bb:50:0b:19:03:f0:be:49:aa:f3:8a:53:fe:aa:7a:
                    29:a3:f0:5a:36:1f:81:26:cd:bb:11:8b:55:a1:51:
                    fc:54:3d:7d:29:3c:55:f1:78:02:8d:4e:90:25:2f:
                    0e:18:5f:7b:8b:96:dd:34:8c:a6:4d:5c:90:0f:ab:
                    b0:a8:86:50:34:1d:53:d9:18:d3:f4:9d:46:d2:7b:
                    a1:2e:37:48:23:0b:66:fa:d6:9a:08:71:c0:9a:8b:
                    e3:f5:90:ab:4d:fb:85:bb:d7:c1:39:62:b7:0b:98:
                    45:0a:62:5a:3f:99:8f:53:8a:63:30:20:40:fc:08:
                    66:7e:b2:4d:e1:7a:a5:3b:12:2b:82:41:2d:f7:e6:
                    85:9d:3c:48:16:41:c5:a3:98:bb:8e:bf:f0:e0:66:
                    cf:7a:2b:6a:b5:ac:46:e9:f4:04:10:42:23:15:8b:
                    be:fe:b0:a4:05:98:a7:09:d7:3c:ee:dd:a5:e2:eb:
                    77:c2:6e:53:6c:f4:b8:b9:c4:c0:02:03:14:b2:ff:
                    d9:fd:cb:1e:74:f3:e7:74:ed:d7:8e:3a:8d:4d:34:
                    7b:92:ac:d1:31:ff:d3:4f:3f:3e:37:b9:8e:70:3a:
                    e4:26:9c:ea:68:f5:65:41:fe:6b:4d:3d:63:54:36:
                    0c:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:EA:3C:5A:F8:BD:D6:32:61:DF:5F:70:71:0D:26:ED:E1:BC:36:27
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS270764.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.236.0/24
                  181.215.253.0-181.215.254.255

    Signature Algorithm: sha256WithRSAEncryption
         24:40:b6:67:42:ef:f7:f1:f1:bb:d4:ad:c7:7c:4a:65:4c:55:
         18:26:70:49:5c:11:c8:af:fe:7e:f2:98:c0:37:0d:92:1e:5d:
         4e:33:08:f7:46:f2:66:a1:32:0b:65:bd:d0:00:9d:66:57:a1:
         65:c4:dc:26:99:b5:21:e4:7e:fa:d7:7c:42:c2:f1:00:4d:3f:
         02:9d:b3:67:e3:0e:2c:63:e8:48:0a:0b:da:a7:70:a1:91:a8:
         1b:f3:ce:2e:6d:7f:d7:d8:2c:d0:06:7b:89:8f:6c:95:83:44:
         8d:64:9e:dc:60:d0:6b:a6:5d:9a:e4:05:d9:10:68:91:a5:a8:
         df:2a:b6:7f:de:2f:a2:a9:82:2e:98:2d:50:93:e6:a0:75:3e:
         9b:03:38:c2:95:d4:be:25:d7:1c:2e:29:69:3b:26:a9:cc:d4:
         05:2e:50:32:3f:af:d6:e7:85:ba:4a:7e:84:63:10:1c:81:9f:
         bc:61:5f:f2:cf:9c:4c:85:30:e3:68:3b:95:f0:96:ae:c5:ff:
         47:85:0d:ff:75:d0:91:b7:d8:9a:63:76:f7:9a:51:ca:e7:06:
         62:4b:4b:c5:38:ad:fd:c9:a9:48:31:81:d6:d9:a0:3f:c3:03:
         3c:4a:f0:f2:41:27:ef:c1:54:3d:08:9c:1f:c6:ee:3c:5a:ff:
         61:9b:f5:f3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgIUL6BrmBTgjJW70aDSl6/Daeseh5AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA5MTkxNTIyNThaFw0yNTA5MTgxNTI3NThaMDMxMTAvBgNV
BAMTKENBRUEzQzVBRjhCREQ2MzI2MURGNUY3MDcxMEQyNkVERTFCQzM2MjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZx2prm4pMyod131GJnLtQCxkD
8L5JqvOKU/6qeimj8Fo2H4EmzbsRi1WhUfxUPX0pPFXxeAKNTpAlLw4YX3uLlt00
jKZNXJAPq7CohlA0HVPZGNP0nUbSe6EuN0gjC2b61poIccCai+P1kKtN+4W718E5
YrcLmEUKYlo/mY9TimMwIED8CGZ+sk3heqU7EiuCQS335oWdPEgWQcWjmLuOv/Dg
Zs96K2q1rEbp9AQQQiMVi77+sKQFmKcJ1zzu3aXi63fCblNs9Li5xMACAxSy/9n9
yx508+d07deOOo1NNHuSrNEx/9NPPz43uY5wOuQmnOpo9WVB/mtNPWNUNgzFAgMB
AAGjggIYMIICFDAdBgNVHQ4EFgQUyuo8Wvi91jJh319wcQ0m7eG8NicwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjcwNzY0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAtdfs
MAwDBAC11/0DBAC11/4wDQYJKoZIhvcNAQELBQADggEBACRAtmdC7/fx8bvUrcd8
SmVMVRgmcElcEciv/n7ymMA3DZIeXU4zCPdG8mahMgtlvdAAnWZXoWXE3CaZtSHk
fvrXfELC8QBNPwKds2fjDixj6EgKC9qncKGRqBvzzi5tf9fYLNAGe4mPbJWDRI1k
ntxg0GumXZrkBdkQaJGlqN8qtn/eL6Kpgi6YLVCT5qB1PpsDOMKV1L4l1xwuKWk7
JqnM1AUuUDI/r9bnhbpKfoRjEByBn7xhX/LPnEyFMONoO5Xwlq7F/0eFDf910JG3
2JpjdveaUcrnBmJLS8U4rf3JqUgxgdbZoD/DAzxK8PJBJ+/BVD0InB/G7jxa/2Gb
9fM=
-----END CERTIFICATE-----