Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS152911.roa
File:                     AS152911.roa (raw, json)
Hash identifier:          6jMW/yCL/i6AiyVB2sGacZtatabR65e5sKkw3A5KRtY=
Subject key identifier:   06:D2:82:41:3C:E8:27:04:FE:FC:68:9F:2B:F3:E4:88:3A:B9:4F:72
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       16646C61ADD7C65BE5778BD34AD4C2388625D40C
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS152911.roa
Signing time:             Thu 08 Aug 2024 16:49:36 +0000
ROA not before:           Thu 08 Aug 2024 16:44:36 +0000
ROA not after:            Thu 07 Aug 2025 16:49:36 +0000
asID:                     152911
IP address blocks:        181.215.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Oct 2024 16:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:64:6c:61:ad:d7:c6:5b:e5:77:8b:d3:4a:d4:c2:38:86:25:d4:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug  8 16:44:36 2024 GMT
            Not After : Aug  7 16:49:36 2025 GMT
        Subject: CN=06D282413CE82704FEFC689F2BF3E4883AB94F72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:f8:99:b0:3c:67:0b:b1:b2:ab:1f:0d:d4:1b:
                    03:fb:51:d8:23:5a:7f:d6:e2:21:3c:cf:af:db:ad:
                    ba:31:a8:b9:9e:3c:ef:73:28:5a:7a:51:65:8b:d3:
                    a4:ee:59:d2:a9:3e:c5:92:b0:73:e2:c8:8f:79:72:
                    1b:84:76:0b:a1:0b:ae:5d:2d:70:b5:e2:55:09:59:
                    9a:a0:20:cd:cb:c9:97:54:36:b3:66:b1:b2:2b:44:
                    3c:17:42:47:9b:55:29:9c:fa:7a:74:a3:00:5a:3b:
                    6d:26:52:7f:91:83:4a:0b:05:87:81:09:12:f9:40:
                    51:90:88:da:05:a4:12:aa:17:f5:5a:25:36:9e:29:
                    91:63:15:92:d9:66:74:28:61:e0:cb:a3:d3:05:c2:
                    16:88:48:39:ba:47:5b:6f:d8:a9:72:3b:2d:af:7d:
                    3d:94:1a:52:e7:25:b0:e0:0f:96:42:31:32:96:d8:
                    97:e7:03:23:0a:03:72:47:8e:cd:fe:be:3d:ab:ab:
                    7e:48:74:af:e6:87:d4:c2:90:1c:c3:af:d7:9f:c0:
                    2a:fe:6a:c0:25:9b:05:80:57:99:2f:21:97:b6:08:
                    68:c4:50:a8:c5:af:34:bf:0b:c3:0d:da:49:8e:c1:
                    9a:4b:ab:ea:35:10:b0:0b:72:3c:ad:e2:2f:38:a0:
                    b7:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:D2:82:41:3C:E8:27:04:FE:FC:68:9F:2B:F3:E4:88:3A:B9:4F:72
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS152911.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:25:9f:ee:e4:9e:82:62:4c:cd:94:1a:83:f3:d8:ce:d8:01:
         a4:97:23:5f:d0:a3:ed:38:f3:99:0b:ef:1d:47:49:a5:df:6c:
         83:b4:4d:d0:d0:27:99:6c:26:bc:f1:5c:39:98:e3:99:24:77:
         92:30:7c:d2:2a:68:dd:e1:b1:55:7f:61:d4:a3:ba:67:c9:92:
         14:a5:83:6c:e0:53:a6:fd:40:1f:3f:aa:bb:3b:a1:97:59:e3:
         13:69:db:a6:08:39:12:69:de:de:7b:0f:69:cc:d3:a8:a3:3f:
         b3:41:7e:89:ae:87:3a:91:e5:bc:d9:3e:6b:b2:bb:9b:c3:75:
         ba:d7:f9:70:f3:b0:5a:8a:b1:73:5a:76:2e:1c:d5:e7:6c:57:
         d8:56:7a:89:01:c7:78:e1:9b:df:e4:7f:d4:eb:c3:3a:53:f7:
         3d:5e:10:35:5a:39:db:e7:52:12:17:e3:4b:0d:f8:62:e1:27:
         9e:a0:b4:c8:00:fb:d2:97:10:58:61:8b:52:46:18:2a:5d:fc:
         0f:e1:30:33:81:c9:a5:19:42:81:35:05:c5:2b:ef:a0:66:dd:
         10:ec:e2:8a:ae:6c:d5:0b:c6:5f:5f:93:f3:6f:15:91:77:66:
         4c:20:3a:dd:ef:5f:d0:11:4c:25:97:0b:34:ab:10:fe:13:b6:
         92:83:6e:90
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUFmRsYa3Xxlvld4vTStTCOIYl1AwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA4MDgxNjQ0MzZaFw0yNTA4MDcxNjQ5MzZaMDMxMTAvBgNV
BAMTKDA2RDI4MjQxM0NFODI3MDRGRUZDNjg5RjJCRjNFNDg4M0FCOTRGNzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK+JmwPGcLsbKrHw3UGwP7Udgj
Wn/W4iE8z6/brboxqLmePO9zKFp6UWWL06TuWdKpPsWSsHPiyI95chuEdguhC65d
LXC14lUJWZqgIM3LyZdUNrNmsbIrRDwXQkebVSmc+np0owBaO20mUn+Rg0oLBYeB
CRL5QFGQiNoFpBKqF/VaJTaeKZFjFZLZZnQoYeDLo9MFwhaISDm6R1tv2KlyOy2v
fT2UGlLnJbDgD5ZCMTKW2JfnAyMKA3JHjs3+vj2rq35IdK/mh9TCkBzDr9efwCr+
asAlmwWAV5kvIZe2CGjEUKjFrzS/C8MN2kmOwZpLq+o1ELALcjyt4i84oLfBAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUBtKCQTzoJwT+/GifK/PkiDq5T3IwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTUyOTExLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdcd
MA0GCSqGSIb3DQEBCwUAA4IBAQB8JZ/u5J6CYkzNlBqD89jO2AGklyNf0KPtOPOZ
C+8dR0ml32yDtE3Q0CeZbCa88Vw5mOOZJHeSMHzSKmjd4bFVf2HUo7pnyZIUpYNs
4FOm/UAfP6q7O6GXWeMTadumCDkSad7eew9pzNOooz+zQX6Jroc6keW82T5rsrub
w3W61/lw87BairFzWnYuHNXnbFfYVnqJAcd44Zvf5H/U68M6U/c9XhA1Wjnb51IS
F+NLDfhi4SeeoLTIAPvSlxBYYYtSRhgqXfwP4TAzgcmlGUKBNQXFK++gZt0Q7OKK
rmzVC8ZfX5PzbxWRd2ZMIDrd71/QEUwllws0qxD+E7aSg26Q
-----END CERTIFICATE-----