Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS272611.roa
File:                     AS272611.roa (raw, json)
Hash identifier:          rdVNrjNyW1UwpB6+AHZTdFHhxUudf6rVCL5a4KqG9bo=
Subject key identifier:   C9:99:62:DA:80:00:F9:F0:2E:A1:1D:D6:B4:52:83:B7:D8:6E:EB:12
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       6000346A67A4AECABE6003D5735A2F4AA4277F6A
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS272611.roa
Signing time:             Mon 29 Jan 2024 21:05:08 +0000
ROA not before:           Mon 29 Jan 2024 21:00:08 +0000
ROA not after:            Mon 27 Jan 2025 21:05:08 +0000
asID:                     272611
IP address blocks:        45.146.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:00:34:6a:67:a4:ae:ca:be:60:03:d5:73:5a:2f:4a:a4:27:7f:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jan 29 21:00:08 2024 GMT
            Not After : Jan 27 21:05:08 2025 GMT
        Subject: CN=C99962DA8000F9F02EA11DD6B45283B7D86EEB12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:3c:2e:d7:f0:0a:be:93:0c:aa:aa:82:06:a5:
                    e3:9c:47:d9:0c:d8:e4:46:5b:70:10:f6:ac:41:8d:
                    eb:ad:3b:96:3f:17:ec:e6:1b:1f:e2:92:c5:a0:c4:
                    5b:df:1e:9b:f6:c7:ab:fe:d5:b4:62:9a:9a:3d:76:
                    ae:24:d3:3d:fa:00:64:a1:da:73:09:e2:03:e9:17:
                    dc:e4:b3:22:2e:f6:ba:37:58:a5:f3:6c:cd:55:7b:
                    eb:a1:dd:b0:f3:7f:c0:a0:2f:41:09:57:2d:92:3e:
                    67:50:54:19:c1:ff:eb:e4:79:aa:2b:f5:2b:f2:22:
                    91:9a:2f:c5:41:b8:5c:41:6b:3d:dd:7f:d7:44:f4:
                    5f:a3:ef:a1:1e:eb:7b:51:07:57:6f:02:ab:99:e6:
                    09:25:11:65:6f:ea:27:30:9e:28:84:79:ed:80:f1:
                    10:e7:cb:5a:08:88:0c:8f:08:14:ee:23:e4:f1:ae:
                    de:18:93:74:f2:1e:6d:70:1c:64:3b:c0:db:d0:71:
                    6f:c9:be:3b:70:8b:51:67:42:f5:bd:e8:ef:db:1d:
                    91:ee:3a:24:c6:29:09:89:b3:2d:29:20:70:81:e5:
                    a0:b1:9f:8e:94:60:b7:c9:f8:b1:bf:b6:17:bb:bb:
                    5c:73:85:6c:19:e3:12:bb:d8:48:92:7f:89:10:dd:
                    4d:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:99:62:DA:80:00:F9:F0:2E:A1:1D:D6:B4:52:83:B7:D8:6E:EB:12
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS272611.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d1:72:d7:d7:5e:9e:bd:0e:93:ba:65:9e:82:a7:98:23:7c:73:
         f0:9a:84:eb:31:eb:be:df:1e:90:0b:0e:f4:ce:e8:10:a1:7b:
         64:fd:c9:35:80:68:7a:c0:f9:81:ad:84:79:f2:3f:85:6c:2e:
         fc:c9:ce:22:ad:73:84:25:7a:80:56:f5:4a:87:ff:59:25:23:
         30:e0:13:6d:9f:07:30:87:d1:9e:78:8f:fc:e9:5e:c0:7e:11:
         41:fc:14:0d:99:96:c1:9e:b5:4c:fd:57:91:3a:f9:70:5b:9b:
         33:ad:6e:b3:bf:4f:5e:e2:00:08:d1:8a:b8:78:8a:27:5b:63:
         71:68:91:ec:e0:ec:63:17:0e:26:c9:f6:1e:b5:63:84:0f:ac:
         8b:ec:42:d2:c8:5a:4e:5b:c4:b6:1e:19:81:2f:36:2b:21:2f:
         6b:6a:e5:7d:c1:6c:00:c3:bc:d4:ac:a4:2d:0a:9f:a3:6e:70:
         f9:13:7b:a3:34:fc:c4:f9:45:ae:98:f0:cb:6e:25:92:8f:d4:
         a6:6a:5e:06:da:55:97:7c:cc:94:a7:37:cf:58:21:c5:1b:e7:
         79:6e:c5:53:3a:3c:d7:0f:02:e5:68:25:cd:b1:67:b7:cb:69:
         bf:e6:67:b9:c1:f3:9e:75:17:dc:31:d0:a8:03:fc:08:c9:0f:
         bb:3e:ef:6d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUYAA0amekrsq+YAPVc1ovSqQnf2owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDAxMjkyMTAwMDhaFw0yNTAxMjcyMTA1MDhaMDMxMTAvBgNV
BAMTKEM5OTk2MkRBODAwMEY5RjAyRUExMURENkI0NTI4M0I3RDg2RUVCMTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzPC7X8Aq+kwyqqoIGpeOcR9kM
2ORGW3AQ9qxBjeutO5Y/F+zmGx/iksWgxFvfHpv2x6v+1bRimpo9dq4k0z36AGSh
2nMJ4gPpF9zksyIu9ro3WKXzbM1Ve+uh3bDzf8CgL0EJVy2SPmdQVBnB/+vkeaor
9SvyIpGaL8VBuFxBaz3df9dE9F+j76Ee63tRB1dvAquZ5gklEWVv6icwniiEee2A
8RDny1oIiAyPCBTuI+Txrt4Yk3TyHm1wHGQ7wNvQcW/Jvjtwi1FnQvW96O/bHZHu
OiTGKQmJsy0pIHCB5aCxn46UYLfJ+LG/the7u1xzhWwZ4xK72EiSf4kQ3U2bAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUyZli2oAA+fAuoR3WtFKDt9hu6xIwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjcyNjExLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZJR
MA0GCSqGSIb3DQEBCwUAA4IBAQDRctfXXp69DpO6ZZ6Cp5gjfHPwmoTrMeu+3x6Q
Cw70zugQoXtk/ck1gGh6wPmBrYR58j+FbC78yc4irXOEJXqAVvVKh/9ZJSMw4BNt
nwcwh9GeeI/86V7AfhFB/BQNmZbBnrVM/VeROvlwW5szrW6zv09e4gAI0Yq4eIon
W2NxaJHs4OxjFw4myfYetWOED6yL7ELSyFpOW8S2HhmBLzYrIS9rauV9wWwAw7zU
rKQtCp+jbnD5E3ujNPzE+UWumPDLbiWSj9Smal4G2lWXfMyUpzfPWCHFG+d5bsVT
OjzXDwLlaCXNsWe3y2m/5me5wfOedRfcMdCoA/wIyQ+7Pu9t
-----END CERTIFICATE-----