Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS203647.roa
File:                     AS203647.roa (raw, json)
Hash identifier:          GH9iJnCQllp5nu7h/5O2WlWSx+IzBwEXQQMCcyoYBdc=
Subject key identifier:   EB:8F:DB:AE:AB:58:26:CB:1F:37:9E:D3:F5:8F:09:CE:ED:60:B3:63
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4924C9AE03925CD5EBB9D07FA8F5018122075231
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS203647.roa
Signing time:             Wed 31 Jan 2024 08:05:11 +0000
ROA not before:           Wed 31 Jan 2024 08:00:11 +0000
ROA not after:            Wed 29 Jan 2025 08:05:11 +0000
asID:                     203647
IP address blocks:        181.215.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:24:c9:ae:03:92:5c:d5:eb:b9:d0:7f:a8:f5:01:81:22:07:52:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:11 2024 GMT
            Not After : Jan 29 08:05:11 2025 GMT
        Subject: CN=EB8FDBAEAB5826CB1F379ED3F58F09CEED60B363
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:5b:6e:ab:9d:d8:07:6b:b2:a2:01:bc:ed:7d:
                    ea:52:c4:9a:da:b5:ff:68:5b:e5:a5:14:00:69:df:
                    3e:43:0a:6d:fa:53:e2:86:c5:bd:9c:60:bb:eb:22:
                    1d:e9:2a:d2:93:34:f8:47:61:0f:3e:98:33:8b:ec:
                    e0:31:a0:2f:eb:75:12:98:b6:cf:67:94:1d:44:91:
                    5a:32:ee:b4:52:af:19:8e:a4:89:fd:55:67:a5:a4:
                    83:26:00:7d:a6:5a:37:fd:93:7e:7a:9b:f0:d8:a2:
                    36:9d:42:62:03:16:6d:c0:5d:50:9f:85:c4:df:ef:
                    0f:95:72:72:a6:ed:c6:6f:0b:f5:5f:db:de:6a:69:
                    53:5c:5f:c5:db:54:3d:41:c6:f5:f1:11:19:be:93:
                    5c:b2:13:a5:29:d1:99:86:a2:db:ba:79:a1:c8:40:
                    06:f6:d0:63:96:e6:3f:12:ff:a0:a5:e5:77:b5:2d:
                    d6:bf:9d:d1:82:b8:7e:57:9d:2d:61:d6:87:20:21:
                    53:d2:7f:9a:6c:46:e3:02:34:53:6a:50:c0:1d:55:
                    da:9d:ee:bd:6b:0b:6f:85:ec:7b:da:80:a0:d4:c4:
                    87:da:8e:2e:61:4a:2a:77:a8:91:62:3c:7c:49:ea:
                    36:4c:94:dd:0c:1e:2c:a6:af:b6:12:c6:f1:fe:ff:
                    99:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:8F:DB:AE:AB:58:26:CB:1F:37:9E:D3:F5:8F:09:CE:ED:60:B3:63
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS203647.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:a6:35:9c:92:ad:f5:c6:a8:70:14:fe:14:eb:4e:e6:b1:6d:
         69:36:4c:8c:84:90:de:37:96:be:80:4d:3f:c9:ac:48:e5:57:
         6c:61:40:f9:16:34:ce:60:2b:ba:ee:03:1e:7c:94:27:59:f9:
         27:19:e4:1d:16:49:23:48:e2:9f:59:f1:9b:2c:ba:d8:fa:ce:
         8c:1c:c8:12:04:34:c0:9f:24:56:52:d0:98:c1:95:b6:0d:1b:
         69:4e:21:9c:bc:82:66:d0:e9:09:22:c0:de:a3:ac:70:06:6b:
         2d:fe:16:60:02:f4:a1:a6:43:12:6d:4d:02:13:b4:61:a8:1d:
         f3:c3:76:3f:c0:b3:31:6f:6b:ac:b3:70:4c:de:4a:39:05:b6:
         2d:14:4f:ea:21:58:8a:6b:60:8f:70:6e:ca:bd:af:eb:1d:33:
         a4:c2:f5:57:72:b9:d7:d3:f4:a0:5c:36:0e:fb:cc:c0:0b:2e:
         89:38:f0:5b:01:09:16:87:01:7f:91:11:dd:3c:cb:74:10:8f:
         21:c6:25:8c:e2:e0:5c:18:34:21:ec:c8:16:fc:a3:23:57:ff:
         1f:8a:6a:5c:20:8e:82:0a:8a:e4:b0:43:bb:fc:61:08:33:43:
         ce:74:5f:2b:64:fc:75:23:22:b6:a5:06:70:14:20:5e:db:3e:
         ac:48:41:a8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUSSTJrgOSXNXrudB/qPUBgSIHUjEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMTFaFw0yNTAxMjkwODA1MTFaMDMxMTAvBgNV
BAMTKEVCOEZEQkFFQUI1ODI2Q0IxRjM3OUVEM0Y1OEYwOUNFRUQ2MEIzNjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxW26rndgHa7KiAbztfepSxJra
tf9oW+WlFABp3z5DCm36U+KGxb2cYLvrIh3pKtKTNPhHYQ8+mDOL7OAxoC/rdRKY
ts9nlB1EkVoy7rRSrxmOpIn9VWelpIMmAH2mWjf9k356m/DYojadQmIDFm3AXVCf
hcTf7w+VcnKm7cZvC/Vf295qaVNcX8XbVD1BxvXxERm+k1yyE6Up0ZmGotu6eaHI
QAb20GOW5j8S/6Cl5Xe1Lda/ndGCuH5XnS1h1ocgIVPSf5psRuMCNFNqUMAdVdqd
7r1rC2+F7HvagKDUxIfaji5hSip3qJFiPHxJ6jZMlN0MHiymr7YSxvH+/5mTAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU64/brqtYJssfN57T9Y8Jzu1gs2MwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAzNjQ3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdcP
MA0GCSqGSIb3DQEBCwUAA4IBAQA4pjWckq31xqhwFP4U607msW1pNkyMhJDeN5a+
gE0/yaxI5VdsYUD5FjTOYCu67gMefJQnWfknGeQdFkkjSOKfWfGbLLrY+s6MHMgS
BDTAnyRWUtCYwZW2DRtpTiGcvIJm0OkJIsDeo6xwBmst/hZgAvShpkMSbU0CE7Rh
qB3zw3Y/wLMxb2uss3BM3ko5BbYtFE/qIViKa2CPcG7Kva/rHTOkwvVXcrnX0/Sg
XDYO+8zACy6JOPBbAQkWhwF/kRHdPMt0EI8hxiWM4uBcGDQh7MgW/KMjV/8fimpc
II6CCorksEO7/GEIM0POdF8rZPx1IyK2pQZwFCBe2z6sSEGo
-----END CERTIFICATE-----