Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215071.roa
File:                     AS215071.roa (raw, json)
Hash identifier:          d/R6rT7/ajAp8goHDUbgZskNu5mjsyb7HRJOtG102E0=
Subject key identifier:   E2:16:85:0D:99:93:7A:5F:54:41:E4:D9:61:38:10:CD:5A:72:B3:60
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6B2779A11DB5BD8CF5DF05B304C5ED96EF02496A
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215071.roa
Signing time:             Wed 24 Apr 2024 11:50:54 +0000
ROA not before:           Wed 24 Apr 2024 11:45:54 +0000
ROA not after:            Wed 23 Apr 2025 11:50:54 +0000
asID:                     215071
IP address blocks:        179.61.184.0/24 maxlen: 24
                          181.214.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:27:79:a1:1d:b5:bd:8c:f5:df:05:b3:04:c5:ed:96:ef:02:49:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr 24 11:45:54 2024 GMT
            Not After : Apr 23 11:50:54 2025 GMT
        Subject: CN=E216850D99937A5F5441E4D9613810CD5A72B360
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:6f:56:88:8e:cb:ff:57:f0:4e:29:0b:dc:47:
                    cf:f1:c1:ee:03:92:7e:bc:06:f0:00:a7:62:5a:b4:
                    55:4b:f0:2a:2d:20:99:fe:87:f1:a3:d4:89:58:de:
                    1d:21:e9:d1:cd:bb:78:95:15:43:3c:0d:ec:df:be:
                    f0:a0:74:52:fe:d2:32:c9:82:b6:78:ba:47:17:53:
                    8d:b4:c5:1b:31:91:25:89:bf:37:d9:bf:0c:09:a8:
                    50:5c:cc:d3:98:66:0a:29:39:32:5c:54:d9:04:6d:
                    a3:e0:2b:18:9e:b0:0b:23:ca:31:57:56:af:52:14:
                    80:9b:2d:44:8d:38:fc:3c:d1:c7:89:be:07:5c:ea:
                    03:9b:24:a5:54:e3:0d:93:0f:b0:3f:8f:5c:d7:9a:
                    78:1f:d6:39:74:a0:32:48:50:51:83:83:c9:49:84:
                    a2:80:39:ad:20:b8:09:3f:65:5c:18:0b:11:9b:06:
                    1d:dd:6b:28:9b:5b:18:55:fa:dd:6e:4b:f1:9a:75:
                    ca:23:26:2f:59:a4:ae:be:5d:c8:ad:fe:cc:fd:23:
                    02:76:12:44:4c:33:02:65:f1:0f:3b:c3:64:5b:7e:
                    d2:df:a6:3c:78:00:f5:43:6a:de:5f:79:f5:32:8e:
                    e0:08:6a:20:cf:de:3f:06:93:c6:55:eb:b4:ca:33:
                    9e:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:16:85:0D:99:93:7A:5F:54:41:E4:D9:61:38:10:CD:5A:72:B3:60
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215071.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.184.0/24
                  181.214.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:2b:0d:3d:c8:aa:b7:00:e1:1e:04:9a:63:1f:0a:49:fc:fe:
         8c:ad:2a:dd:d5:fb:e7:69:a3:48:73:b4:e7:9e:ef:24:00:55:
         0f:09:2b:5b:ac:25:1f:70:15:91:f8:51:74:a4:bc:e4:73:ef:
         ff:06:21:49:2a:86:4a:fa:e5:a5:0c:2b:4b:fc:9e:3e:66:cf:
         d4:94:d9:90:1e:09:38:f7:98:df:4b:12:5f:cb:60:85:63:d1:
         b3:9f:01:cc:fa:dc:cb:43:11:dd:38:e3:c8:a2:b8:d6:df:51:
         14:43:61:ca:8f:45:5b:26:03:fa:75:d3:14:0b:71:77:0f:01:
         ff:9d:d2:d1:9a:74:dd:2f:c6:21:76:05:00:16:8d:db:89:63:
         4d:99:8a:ad:3e:f6:da:af:63:26:fb:24:be:02:4e:f4:0b:21:
         85:48:20:14:7f:32:be:aa:ea:e7:f1:5f:5b:52:f5:d6:57:14:
         d4:f9:c3:71:64:29:4a:8a:0a:95:fc:33:de:7a:48:0d:4b:3d:
         07:a3:08:6f:a0:74:3d:3d:95:ac:c8:1f:c1:13:14:b5:1e:ed:
         70:65:07:91:fe:a5:77:fa:75:6e:27:70:7d:48:df:19:d8:3d:
         b7:c3:f5:a7:b3:b3:90:a8:e3:59:25:4c:ee:1c:e7:4b:a6:4f:
         a1:6f:69:2a
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUayd5oR21vYz13wWzBMXtlu8CSWowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA0MjQxMTQ1NTRaFw0yNTA0MjMxMTUwNTRaMDMxMTAvBgNV
BAMTKEUyMTY4NTBEOTk5MzdBNUY1NDQxRTREOTYxMzgxMENENUE3MkIzNjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwb1aIjsv/V/BOKQvcR8/xwe4D
kn68BvAAp2JatFVL8CotIJn+h/Gj1IlY3h0h6dHNu3iVFUM8DezfvvCgdFL+0jLJ
grZ4ukcXU420xRsxkSWJvzfZvwwJqFBczNOYZgopOTJcVNkEbaPgKxiesAsjyjFX
Vq9SFICbLUSNOPw80ceJvgdc6gObJKVU4w2TD7A/j1zXmngf1jl0oDJIUFGDg8lJ
hKKAOa0guAk/ZVwYCxGbBh3dayibWxhV+t1uS/GadcojJi9ZpK6+Xcit/sz9IwJ2
EkRMMwJl8Q87w2RbftLfpjx4APVDat5fefUyjuAIaiDP3j8Gk8ZV67TKM565AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU4haFDZmTel9UQeTZYTgQzVpys2AwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE1MDcxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsz24
AwQAtdbVMA0GCSqGSIb3DQEBCwUAA4IBAQAKKw09yKq3AOEeBJpjHwpJ/P6MrSrd
1fvnaaNIc7Tnnu8kAFUPCStbrCUfcBWR+FF0pLzkc+//BiFJKoZK+uWlDCtL/J4+
Zs/UlNmQHgk495jfSxJfy2CFY9GznwHM+tzLQxHdOOPIorjW31EUQ2HKj0VbJgP6
ddMUC3F3DwH/ndLRmnTdL8YhdgUAFo3biWNNmYqtPvbar2Mm+yS+Ak70CyGFSCAU
fzK+qurn8V9bUvXWVxTU+cNxZClKigqV/DPeekgNSz0HowhvoHQ9PZWsyB/BExS1
Hu1wZQeR/qV3+nVuJ3B9SN8Z2D23w/Wns7OQqONZJUzuHOdLpk+hb2kq
-----END CERTIFICATE-----