Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS15440.roa
File:                     AS15440.roa (raw, json)
Hash identifier:          VJvPEijTzr0dBSak+md+8dPwSszV9q/Gje0C4GPy9UE=
Subject key identifier:   01:F4:AE:58:53:4A:91:11:AE:E9:46:AB:A4:22:DE:DB:09:A7:3F:EB
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1EAFEBB85CB29BD3DBE640CD2875B14ED011C478
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS15440.roa
Signing time:             Wed 31 Jan 2024 08:05:12 +0000
ROA not before:           Wed 31 Jan 2024 08:00:12 +0000
ROA not after:            Wed 29 Jan 2025 08:05:12 +0000
asID:                     15440
IP address blocks:        181.214.147.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:af:eb:b8:5c:b2:9b:d3:db:e6:40:cd:28:75:b1:4e:d0:11:c4:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:12 2024 GMT
            Not After : Jan 29 08:05:12 2025 GMT
        Subject: CN=01F4AE58534A9111AEE946ABA422DEDB09A73FEB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:96:64:27:16:77:09:25:80:a9:cb:b3:1d:6c:
                    6d:5a:a3:86:e5:a8:96:56:d5:90:80:30:37:b4:07:
                    e5:8c:7a:92:2f:87:2c:2f:a6:c6:4a:ca:8e:9a:2e:
                    0a:43:89:b0:df:a6:ed:2d:d3:94:c8:7e:11:36:7c:
                    33:a3:09:85:97:a8:f9:74:43:a6:6e:28:6c:34:3d:
                    8e:7e:72:4e:40:99:b1:3f:1d:85:4c:91:58:8e:aa:
                    0b:a9:66:b1:61:0f:bc:2c:30:f9:1f:f5:2c:ed:75:
                    3d:77:e1:9b:66:2a:ab:ee:82:6c:2c:15:76:7e:68:
                    a3:62:56:a4:65:a5:ac:68:fc:11:84:83:ce:b8:c8:
                    1e:29:f1:8c:24:54:29:8e:98:28:e0:ba:6a:0e:e1:
                    c3:55:4a:bf:30:1b:e2:8f:f3:25:ec:1d:ee:68:bf:
                    d5:2a:ab:ed:5f:cf:e9:a9:8d:7a:62:37:40:b3:34:
                    9e:22:4a:ee:e9:e6:8b:80:39:08:83:cb:9c:74:84:
                    17:d5:cd:9d:fa:41:f2:18:91:5e:be:89:37:f6:8e:
                    1c:b6:f9:22:79:00:91:b8:8a:a8:f9:2f:eb:51:b7:
                    c5:5f:8d:bf:72:fc:04:39:ed:fb:fa:04:02:bb:87:
                    d2:66:88:0e:3d:e9:fe:57:9c:01:9e:43:0d:2a:a2:
                    0a:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:F4:AE:58:53:4A:91:11:AE:E9:46:AB:A4:22:DE:DB:09:A7:3F:EB
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS15440.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:40:0d:4d:ac:c3:0b:9f:dc:58:1f:bb:5c:9c:da:ee:73:d6:
         15:55:98:c9:9f:3b:bd:1d:ed:5a:d6:67:5c:2d:42:96:d6:f9:
         d8:11:31:ef:8b:ae:2c:ee:a5:7c:6a:84:8c:e5:c4:7e:cd:c7:
         04:5a:1a:45:f5:a5:a0:f7:e1:4b:56:7b:61:a2:68:c6:d3:2a:
         07:2a:e2:a6:3c:eb:e8:a9:c2:3c:0e:6c:70:95:28:4b:bc:b8:
         9d:a5:b3:33:e9:a7:04:53:49:89:06:97:ea:94:ed:b1:b1:f7:
         9f:00:55:e7:e1:c1:b3:9f:59:99:50:43:bd:dc:1e:2e:2d:27:
         a1:a5:d1:58:50:f0:6c:e0:4a:9d:c0:0e:fe:ff:fc:01:26:9e:
         2b:24:f0:3d:86:eb:40:db:63:22:57:04:d2:72:2c:5a:c1:00:
         5f:17:51:7a:cb:85:7a:ef:a1:01:03:5b:c6:6c:00:16:a5:1d:
         08:ba:e5:74:b7:f1:59:48:c9:f6:ed:72:01:e4:f6:a3:04:56:
         66:1b:67:45:18:b5:fe:95:66:c2:2d:17:f5:9b:66:43:8b:15:
         f2:0a:4d:0f:80:90:9a:78:9d:ca:11:93:2d:e3:53:de:d1:12:
         0e:34:e6:13:33:48:1f:71:02:03:bd:13:38:d9:b0:40:27:ca:
         62:c7:97:8b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUHq/ruFyym9Pb5kDNKHWxTtARxHgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMTJaFw0yNTAxMjkwODA1MTJaMDMxMTAvBgNV
BAMTKDAxRjRBRTU4NTM0QTkxMTFBRUU5NDZBQkE0MjJERURCMDlBNzNGRUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtlmQnFncJJYCpy7MdbG1ao4bl
qJZW1ZCAMDe0B+WMepIvhywvpsZKyo6aLgpDibDfpu0t05TIfhE2fDOjCYWXqPl0
Q6ZuKGw0PY5+ck5AmbE/HYVMkViOqgupZrFhD7wsMPkf9SztdT134ZtmKqvugmws
FXZ+aKNiVqRlpaxo/BGEg864yB4p8YwkVCmOmCjgumoO4cNVSr8wG+KP8yXsHe5o
v9Uqq+1fz+mpjXpiN0CzNJ4iSu7p5ouAOQiDy5x0hBfVzZ36QfIYkV6+iTf2jhy2
+SJ5AJG4iqj5L+tRt8Vfjb9y/AQ57fv6BAK7h9JmiA496f5XnAGeQw0qogp7AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUAfSuWFNKkRGu6UarpCLe2wmnP+swHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTU0NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC11pMw
DQYJKoZIhvcNAQELBQADggEBAClADU2swwuf3Fgfu1yc2u5z1hVVmMmfO70d7VrW
Z1wtQpbW+dgRMe+LrizupXxqhIzlxH7NxwRaGkX1paD34UtWe2GiaMbTKgcq4qY8
6+ipwjwObHCVKEu8uJ2lszPppwRTSYkGl+qU7bGx958AVefhwbOfWZlQQ73cHi4t
J6Gl0VhQ8GzgSp3ADv7//AEmnisk8D2G60DbYyJXBNJyLFrBAF8XUXrLhXrvoQED
W8ZsABalHQi65XS38VlIyfbtcgHk9qMEVmYbZ0UYtf6VZsItF/WbZkOLFfIKTQ+A
kJp4ncoRky3jU97REg405hMzSB9xAgO9EzjZsEAnymLHl4s=
-----END CERTIFICATE-----