Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS272696.roa
File:                     AS272696.roa (raw, json)
Hash identifier:          lVHfTf9qhFGKpWiTFevQsCVFUzHkmTILdEp71oTS0Uc=
Subject key identifier:   16:3A:5A:A9:E9:BE:A3:4F:FC:3F:28:84:3B:B8:9F:4C:A5:DB:BA:83
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7B19F887EFBF9F9A03DA39A9E8BDA73F723FDF75
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS272696.roa
Signing time:             Thu 08 Aug 2024 15:05:19 +0000
ROA not before:           Thu 08 Aug 2024 15:00:19 +0000
ROA not after:            Thu 07 Aug 2025 15:05:19 +0000
asID:                     272696
IP address blocks:        181.215.4.0/24 maxlen: 24
                          191.96.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:19:f8:87:ef:bf:9f:9a:03:da:39:a9:e8:bd:a7:3f:72:3f:df:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug  8 15:00:19 2024 GMT
            Not After : Aug  7 15:05:19 2025 GMT
        Subject: CN=163A5AA9E9BEA34FFC3F28843BB89F4CA5DBBA83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:1f:b7:b2:71:9c:1e:a4:7e:a9:05:d6:8f:30:
                    57:b1:e1:7d:fe:10:29:ca:8f:68:46:62:76:1f:bd:
                    e1:65:c3:bb:b7:c7:69:9b:e4:1b:d8:23:52:06:55:
                    5c:f7:70:72:49:7e:24:ca:b5:e5:7f:e4:03:0c:42:
                    80:6b:d5:a6:72:72:6f:a5:ec:36:df:63:86:67:7a:
                    ef:bd:1d:1b:ad:ad:51:43:9d:a9:b6:c8:f4:84:60:
                    a0:26:20:59:9d:5d:2d:7d:8e:8b:a9:aa:a7:4d:23:
                    75:29:88:e7:fb:70:d1:bd:28:f4:56:aa:0b:2f:1b:
                    c6:42:e8:ab:22:77:61:0b:3e:24:06:c3:5c:eb:e2:
                    18:1b:00:63:5e:bd:2a:0a:ed:65:e6:e4:2d:02:44:
                    d5:c6:44:34:5b:93:ec:b8:f8:06:96:71:1d:41:ea:
                    64:78:b6:60:21:e6:db:5d:03:f1:b7:19:f6:40:66:
                    16:d9:ba:1f:f6:9f:cb:36:73:7b:83:e1:34:e1:90:
                    b7:9d:36:42:05:a7:3f:09:bf:34:01:10:50:54:11:
                    5a:67:8e:c4:1c:78:28:f5:33:f2:d4:e4:a8:49:57:
                    62:a5:4c:1e:86:fd:62:59:08:19:37:16:4f:53:57:
                    93:4b:6c:f2:9d:df:b8:6a:9c:e3:a0:d9:b6:9f:36:
                    1b:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:3A:5A:A9:E9:BE:A3:4F:FC:3F:28:84:3B:B8:9F:4C:A5:DB:BA:83
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS272696.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.4.0/24
                  191.96.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:1c:8d:32:28:f4:3d:8e:9c:be:31:e0:ec:28:42:b3:58:f9:
         09:0c:c3:79:82:26:25:2c:84:6c:eb:33:30:4b:42:75:02:f5:
         73:e7:1e:f3:ff:86:76:68:b5:1b:7c:ee:32:c3:be:f9:80:0c:
         2e:ac:86:08:1d:4b:d3:ea:95:54:5c:34:e8:05:18:3e:67:72:
         c3:5d:ef:ef:c0:37:c8:d1:2c:4c:c8:81:e5:ad:91:15:d4:8d:
         74:3b:7e:12:c8:da:63:6e:d5:6d:f2:ff:81:4e:96:9a:5b:22:
         00:09:c4:6e:5e:98:63:56:e0:b2:c9:2d:13:cd:eb:e9:f1:a3:
         5c:5c:1a:c2:3a:f9:7d:ca:1e:61:e1:f0:c6:40:10:82:72:56:
         c6:03:c7:7f:2c:e0:f5:16:eb:47:2f:b4:e3:c5:07:20:1f:43:
         78:e7:05:62:7b:c7:ab:a7:24:3c:be:8d:4a:fa:74:0b:0d:d0:
         8c:27:59:61:45:e5:63:45:bc:bc:ba:90:9c:8b:2a:3c:08:d7:
         c5:8d:84:73:48:03:67:be:49:df:b0:35:63:eb:f6:12:c4:e1:
         e4:bd:8e:eb:0d:b5:69:fa:f7:99:86:11:2b:24:8c:45:42:dc:
         c7:33:59:da:3b:f7:76:e8:7d:3f:24:b2:2b:8c:37:7a:b4:28:
         f9:ba:79:47
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUexn4h++/n5oD2jmp6L2nP3I/33UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA4MDgxNTAwMTlaFw0yNTA4MDcxNTA1MTlaMDMxMTAvBgNV
BAMTKDE2M0E1QUE5RTlCRUEzNEZGQzNGMjg4NDNCQjg5RjRDQTVEQkJBODMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqH7eycZwepH6pBdaPMFex4X3+
ECnKj2hGYnYfveFlw7u3x2mb5BvYI1IGVVz3cHJJfiTKteV/5AMMQoBr1aZycm+l
7DbfY4Zneu+9HRutrVFDnam2yPSEYKAmIFmdXS19joupqqdNI3UpiOf7cNG9KPRW
qgsvG8ZC6Ksid2ELPiQGw1zr4hgbAGNevSoK7WXm5C0CRNXGRDRbk+y4+AaWcR1B
6mR4tmAh5ttdA/G3GfZAZhbZuh/2n8s2c3uD4TThkLedNkIFpz8JvzQBEFBUEVpn
jsQceCj1M/LU5KhJV2KlTB6G/WJZCBk3Fk9TV5NLbPKd37hqnOOg2bafNhuBAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUFjpaqem+o0/8PyiEO7ifTKXbuoMwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjcyNjk2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAtdcE
AwQAv2CcMA0GCSqGSIb3DQEBCwUAA4IBAQA8HI0yKPQ9jpy+MeDsKEKzWPkJDMN5
giYlLIRs6zMwS0J1AvVz5x7z/4Z2aLUbfO4yw775gAwurIYIHUvT6pVUXDToBRg+
Z3LDXe/vwDfI0SxMyIHlrZEV1I10O34SyNpjbtVt8v+BTpaaWyIACcRuXphjVuCy
yS0Tzevp8aNcXBrCOvl9yh5h4fDGQBCCclbGA8d/LOD1FutHL7TjxQcgH0N45wVi
e8erpyQ8vo1K+nQLDdCMJ1lhReVjRby8upCciyo8CNfFjYRzSANnvknfsDVj6/YS
xOHkvY7rDbVp+veZhhErJIxFQtzHM1naO/d26H0/JLIrjDd6tCj5unlH
-----END CERTIFICATE-----