Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215097.roa
File:                     AS215097.roa (raw, json)
Hash identifier:          kdVMzZIYU59qUzyvmKHixX6DPGM4+vyTqYWhCu0VgtY=
Subject key identifier:   5A:D8:F1:6A:44:22:74:C8:CB:4E:DC:06:77:8A:AB:E8:B3:E1:F8:7A
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       43F1C728FA0C430CC1B49A16C4C810F772E5FC3B
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215097.roa
Signing time:             Thu 18 Apr 2024 12:28:38 +0000
ROA not before:           Thu 18 Apr 2024 12:23:38 +0000
ROA not after:            Thu 17 Apr 2025 12:28:38 +0000
asID:                     215097
IP address blocks:        191.101.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:f1:c7:28:fa:0c:43:0c:c1:b4:9a:16:c4:c8:10:f7:72:e5:fc:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr 18 12:23:38 2024 GMT
            Not After : Apr 17 12:28:38 2025 GMT
        Subject: CN=5AD8F16A442274C8CB4EDC06778AABE8B3E1F87A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ac:8f:e5:d2:c4:ff:f1:3f:33:1f:6c:75:82:
                    fb:60:2f:29:15:e6:c4:a1:72:fa:be:b6:fa:0d:01:
                    54:0e:4c:4e:4f:5e:88:1c:8b:2b:50:4e:14:ea:23:
                    6e:3c:0f:fe:4b:01:00:9b:65:07:ed:69:b6:44:55:
                    d2:e5:be:89:d5:d3:e7:c3:11:4c:e2:e9:01:db:dc:
                    25:86:86:e6:6d:70:e0:e2:de:54:39:3e:da:a6:49:
                    f8:94:71:24:60:b3:93:71:9e:bb:91:e9:2f:af:d9:
                    fb:25:ec:b7:aa:90:8b:b6:0e:06:95:c2:13:fc:99:
                    94:1d:12:e8:93:86:3a:cc:26:71:9d:a9:40:42:9b:
                    3c:f7:27:3e:fa:70:49:86:e9:70:c1:11:52:f2:1a:
                    0d:c1:a1:90:91:00:2b:ef:71:0b:f8:2b:ce:73:0e:
                    3e:2d:b6:73:3b:33:45:0a:02:68:0d:e2:72:e4:d2:
                    93:fd:4b:e9:4a:61:07:4d:88:4a:ba:a5:3a:70:a6:
                    f7:23:aa:bf:f5:49:67:3b:a9:be:30:e1:54:be:5f:
                    48:3a:68:e5:f2:c7:3e:a3:2a:c8:64:82:1d:4e:45:
                    a8:d8:b8:93:24:23:a0:96:d6:6f:46:9e:b2:cd:ca:
                    c3:4a:8d:f5:2f:dc:1d:dd:76:8d:fa:59:52:5d:7d:
                    cd:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:D8:F1:6A:44:22:74:C8:CB:4E:DC:06:77:8A:AB:E8:B3:E1:F8:7A
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215097.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:09:2a:ba:9d:45:2a:42:21:d7:a1:7c:21:c8:06:1e:8c:fa:
         96:48:fb:54:05:39:c1:d3:6d:97:d3:a6:64:92:e2:31:8c:81:
         ed:fc:56:e9:4e:8f:ca:25:79:20:06:84:83:90:ac:93:96:f6:
         f0:1a:33:ac:61:59:36:fb:de:7a:f4:4e:52:7b:62:09:71:37:
         2c:5e:c0:58:75:49:49:34:32:a4:7b:a8:ad:be:72:20:d1:14:
         a9:ee:fe:c1:2b:88:99:98:ba:ca:8e:4a:44:63:20:92:1d:77:
         60:4c:94:98:c9:cf:6e:80:8f:25:9e:aa:8c:fe:fe:a6:bf:81:
         e9:1e:f6:13:da:05:20:7f:24:4a:ef:c4:f8:8e:17:dc:c1:13:
         8f:8b:f8:b1:6a:b9:11:a8:f0:4c:f1:1f:8f:13:d5:70:e7:dc:
         03:c1:dc:e7:79:2b:13:d5:dc:bd:4c:a2:56:a6:60:41:da:88:
         73:44:87:a2:63:fa:8e:31:aa:71:94:2d:59:22:87:c4:aa:b7:
         ac:d1:2a:07:3a:19:c9:08:fc:85:3d:26:4b:1c:8d:3c:c8:20:
         fd:49:a1:62:23:3d:25:a7:dd:17:80:50:02:61:a4:82:27:2b:
         33:e9:dc:88:48:0c:60:52:a8:cf:58:75:ec:be:59:c6:6d:c4:
         d6:7b:08:4a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUQ/HHKPoMQwzBtJoWxMgQ93Ll/DswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA0MTgxMjIzMzhaFw0yNTA0MTcxMjI4MzhaMDMxMTAvBgNV
BAMTKDVBRDhGMTZBNDQyMjc0QzhDQjRFREMwNjc3OEFBQkU4QjNFMUY4N0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZrI/l0sT/8T8zH2x1gvtgLykV
5sShcvq+tvoNAVQOTE5PXogciytQThTqI248D/5LAQCbZQftabZEVdLlvonV0+fD
EUzi6QHb3CWGhuZtcODi3lQ5PtqmSfiUcSRgs5NxnruR6S+v2fsl7LeqkIu2DgaV
whP8mZQdEuiThjrMJnGdqUBCmzz3Jz76cEmG6XDBEVLyGg3BoZCRACvvcQv4K85z
Dj4ttnM7M0UKAmgN4nLk0pP9S+lKYQdNiEq6pTpwpvcjqr/1SWc7qb4w4VS+X0g6
aOXyxz6jKshkgh1ORajYuJMkI6CW1m9GnrLNysNKjfUv3B3ddo36WVJdfc1PAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUWtjxakQidMjLTtwGd4qr6LPh+HowHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE1MDk3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2UJ
MA0GCSqGSIb3DQEBCwUAA4IBAQCoCSq6nUUqQiHXoXwhyAYejPqWSPtUBTnB022X
06ZkkuIxjIHt/FbpTo/KJXkgBoSDkKyTlvbwGjOsYVk2+9569E5Se2IJcTcsXsBY
dUlJNDKke6itvnIg0RSp7v7BK4iZmLrKjkpEYyCSHXdgTJSYyc9ugI8lnqqM/v6m
v4HpHvYT2gUgfyRK78T4jhfcwROPi/ixarkRqPBM8R+PE9Vw59wDwdzneSsT1dy9
TKJWpmBB2ohzRIeiY/qOMapxlC1ZIofEqres0SoHOhnJCPyFPSZLHI08yCD9SaFi
Iz0lp90XgFACYaSCJysz6dyISAxgUqjPWHXsvlnGbcTWewhK
-----END CERTIFICATE-----