Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215143.roa
File:                     AS215143.roa (raw, json)
Hash identifier:          Y/wBB2NpfsPm7dlHNOhd4TaSPo662Wy+LUuec6RioCs=
Subject key identifier:   DA:A8:59:14:7E:36:33:CD:A8:94:E7:EE:BB:9B:A4:EC:B6:C6:AF:2F
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       0EBEB1D2AE0250B44B3DF26DF9B65420F65E0DD6
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215143.roa
Signing time:             Tue 07 May 2024 10:52:58 +0000
ROA not before:           Tue 07 May 2024 10:47:58 +0000
ROA not after:            Tue 06 May 2025 10:52:58 +0000
asID:                     215143
IP address blocks:        191.101.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:be:b1:d2:ae:02:50:b4:4b:3d:f2:6d:f9:b6:54:20:f6:5e:0d:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May  7 10:47:58 2024 GMT
            Not After : May  6 10:52:58 2025 GMT
        Subject: CN=DAA859147E3633CDA894E7EEBB9BA4ECB6C6AF2F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ac:5d:39:38:30:6a:b7:1f:9c:92:87:17:3a:
                    03:f7:c2:1a:0a:0b:03:c0:b0:dd:0c:fb:47:86:ed:
                    28:b2:64:01:b3:4c:98:b7:98:2d:58:85:29:d0:c9:
                    e0:5d:9f:aa:a5:18:9c:01:d5:e7:fe:0e:ce:7c:2e:
                    2e:af:28:af:ec:c9:e0:ce:2b:c0:fc:97:51:56:ef:
                    6a:71:1e:2d:34:27:c3:51:08:fa:d4:78:e3:22:3d:
                    ce:de:c5:9e:d7:14:f7:2b:36:1e:6f:f8:05:eb:b3:
                    2a:86:a5:27:39:9f:8b:57:fe:c6:59:d1:88:33:7e:
                    f4:e1:b7:a7:f0:a1:91:bc:a4:87:a3:d1:68:8f:d6:
                    79:d6:8e:e0:ef:4e:3d:7b:63:d7:77:ab:72:77:c1:
                    7d:60:3d:54:ac:66:bf:fd:9a:47:a0:c4:5f:19:50:
                    bb:5e:21:bf:69:a2:e0:e0:6d:16:53:72:d4:c2:7e:
                    af:2d:c9:9c:50:8d:fe:3f:03:a1:c3:7f:fc:4c:05:
                    1e:6e:b3:92:b9:3f:2e:72:b4:2e:13:ac:50:4a:81:
                    0a:6d:79:90:22:6a:47:a0:b2:b7:84:b4:7d:cd:27:
                    8a:eb:1d:3d:94:46:25:12:fc:41:3e:b5:2f:d1:e2:
                    7b:f2:8a:2c:ec:14:af:a8:a4:c3:2b:55:5d:16:0e:
                    47:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:A8:59:14:7E:36:33:CD:A8:94:E7:EE:BB:9B:A4:EC:B6:C6:AF:2F
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215143.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:a5:ba:81:ae:e3:c7:60:2e:35:64:99:c6:06:da:45:b1:2e:
         b3:8f:df:15:04:b4:53:20:55:d8:a5:ed:1f:21:a4:2b:db:eb:
         59:c9:6e:03:02:89:b0:8e:c7:9b:8b:da:17:c6:1e:35:42:bd:
         5f:73:f0:b1:25:67:7c:61:02:83:21:75:b2:82:d8:9c:5a:58:
         b1:d2:97:38:f4:07:af:7c:b9:f3:a2:98:1c:8a:f4:e6:cc:5a:
         e2:23:28:b4:2e:26:e3:dd:70:b0:1c:7a:51:0d:67:9c:cf:e0:
         79:6a:02:7b:63:6d:0e:cd:e8:ad:ef:91:a1:49:61:01:50:df:
         c5:1d:0b:e9:41:53:ec:ed:65:2b:15:36:6e:ea:65:c4:8f:43:
         7f:d6:03:88:84:51:24:ac:6b:26:4a:d5:5b:cf:b6:94:a0:0b:
         dc:d3:ca:41:7f:f1:27:3a:ea:bd:bf:b9:0a:0d:ed:8e:ac:35:
         67:4e:dc:4f:0e:49:b1:17:b3:21:c4:b4:c6:91:1f:8a:b3:5a:
         1d:3d:68:70:11:2a:48:07:df:e7:3b:7a:fa:83:0c:99:9b:a7:
         74:a6:1e:21:30:86:50:97:8c:f9:cc:cc:dc:a1:f8:1b:fa:00:
         82:5c:0a:1a:89:4b:9a:03:9d:44:94:ce:45:3b:61:a1:af:28:
         13:6e:69:b8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUDr6x0q4CULRLPfJt+bZUIPZeDdYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA1MDcxMDQ3NThaFw0yNTA1MDYxMDUyNThaMDMxMTAvBgNV
BAMTKERBQTg1OTE0N0UzNjMzQ0RBODk0RTdFRUJCOUJBNEVDQjZDNkFGMkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIrF05ODBqtx+ckocXOgP3whoK
CwPAsN0M+0eG7SiyZAGzTJi3mC1YhSnQyeBdn6qlGJwB1ef+Ds58Li6vKK/syeDO
K8D8l1FW72pxHi00J8NRCPrUeOMiPc7exZ7XFPcrNh5v+AXrsyqGpSc5n4tX/sZZ
0YgzfvTht6fwoZG8pIej0WiP1nnWjuDvTj17Y9d3q3J3wX1gPVSsZr/9mkegxF8Z
ULteIb9pouDgbRZTctTCfq8tyZxQjf4/A6HDf/xMBR5us5K5Py5ytC4TrFBKgQpt
eZAiakegsreEtH3NJ4rrHT2URiUS/EE+tS/R4nvyiizsFK+opMMrVV0WDkfJAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU2qhZFH42M82olOfuu5uk7LbGry8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE1MTQzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2Ub
MA0GCSqGSIb3DQEBCwUAA4IBAQAOpbqBruPHYC41ZJnGBtpFsS6zj98VBLRTIFXY
pe0fIaQr2+tZyW4DAomwjsebi9oXxh41Qr1fc/CxJWd8YQKDIXWygticWlix0pc4
9AevfLnzopgcivTmzFriIyi0Libj3XCwHHpRDWecz+B5agJ7Y20Ozeit75GhSWEB
UN/FHQvpQVPs7WUrFTZu6mXEj0N/1gOIhFEkrGsmStVbz7aUoAvc08pBf/EnOuq9
v7kKDe2OrDVnTtxPDkmxF7MhxLTGkR+Ks1odPWhwESpIB9/nO3r6gwyZm6d0ph4h
MIZQl4z5zMzcofgb+gCCXAoaiUuaA51ElM5FO2GhrygTbmm4
-----END CERTIFICATE-----