Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215304.roa
File:                     AS215304.roa (raw, json)
Hash identifier:          3A0NLVFPSLHa9gBiohRHoGYn4BF4jEF4iCk+aimfdsk=
Subject key identifier:   ED:0B:92:32:2F:63:CF:57:DB:8B:77:56:0A:FA:56:F7:B0:63:13:6A
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7095CD495E403510CB8B9CE72C90D8F9DCAB248C
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215304.roa
Signing time:             Thu 06 Feb 2025 17:02:59 +0000
ROA not before:           Thu 06 Feb 2025 16:57:59 +0000
ROA not after:            Thu 05 Feb 2026 17:02:59 +0000
asID:                     215304
IP address blocks:        179.61.182.0/24 maxlen: 24
                          179.61.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:95:cd:49:5e:40:35:10:cb:8b:9c:e7:2c:90:d8:f9:dc:ab:24:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb  6 16:57:59 2025 GMT
            Not After : Feb  5 17:02:59 2026 GMT
        Subject: CN=ED0B92322F63CF57DB8B77560AFA56F7B063136A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:b6:06:73:8b:fa:47:98:07:95:c5:84:e3:c9:
                    5e:c2:93:08:eb:b5:2b:db:29:60:8f:86:7b:77:5a:
                    f6:57:90:92:aa:4b:35:d8:4e:fa:53:0c:9f:c9:44:
                    bc:f7:fe:a9:e0:91:01:63:e5:f7:27:e3:79:c4:be:
                    46:d9:01:d0:7c:30:26:9e:e7:14:cd:5f:05:d8:10:
                    72:74:3a:8d:15:cf:d6:3c:c3:77:a2:0b:f4:9b:91:
                    90:a7:1a:fd:ba:30:ea:6f:b3:1d:5b:a9:4c:c2:b4:
                    ab:df:fb:34:f4:8c:15:16:df:02:24:3f:e0:68:e2:
                    49:a1:4d:f0:8e:13:5a:86:17:fc:af:bd:f2:c6:cc:
                    4b:5f:85:6e:ff:e1:18:e2:22:95:d3:b5:50:60:73:
                    b1:cd:d8:e1:06:02:6a:94:e5:56:6d:14:8b:7b:17:
                    60:70:8f:64:6e:cc:61:cb:54:49:d3:1b:d3:78:fd:
                    43:2a:9e:cd:78:af:3e:81:d4:a7:9f:77:f9:f3:87:
                    bb:64:ec:30:3e:04:af:94:23:2c:f0:25:41:5c:c6:
                    97:4c:1a:47:e7:ef:74:fb:d4:b3:2b:e3:75:83:80:
                    0a:7f:9d:29:4a:61:c9:76:d9:ea:73:06:3b:a3:7e:
                    2f:3e:a7:48:ef:5c:2c:22:e5:46:88:c4:89:7f:43:
                    11:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:0B:92:32:2F:63:CF:57:DB:8B:77:56:0A:FA:56:F7:B0:63:13:6A
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215304.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.182.0/24
                  179.61.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:cd:40:d6:3c:19:84:e7:87:21:0a:ee:d5:7f:26:91:64:72:
         19:af:6e:d1:26:ba:4c:27:95:8c:44:2a:f1:d0:0e:e3:ed:11:
         7a:80:1f:f2:9c:22:c6:f2:0a:92:1c:e7:95:2c:49:98:3d:74:
         97:b4:91:99:05:2f:e4:f3:94:9d:b7:43:fc:10:9b:cf:95:70:
         5c:91:f7:f6:e6:f9:97:1c:19:11:46:57:9b:4c:0d:b8:7b:d5:
         40:9e:22:30:c8:02:55:fa:6d:90:7f:50:b6:4b:79:32:a2:fe:
         f9:58:81:fa:33:6f:7c:85:9c:18:a3:26:9e:cb:73:1f:99:8b:
         3b:36:78:b5:da:69:a3:94:1f:c3:6f:6b:02:5a:99:95:bc:57:
         4e:c0:f7:24:e8:28:0a:5a:33:90:16:65:f1:c5:52:be:0b:ac:
         a1:b9:9a:59:29:41:82:e9:39:e1:f4:a0:87:ce:63:24:e8:18:
         4a:9d:f7:d7:63:79:82:04:cc:de:6e:8a:55:03:11:d5:94:ad:
         c7:2f:7a:51:db:b1:75:d4:72:76:59:65:e0:d5:d4:3a:c5:4c:
         f4:7d:cf:d2:77:da:f0:b2:29:0e:97:e2:5f:7b:a2:22:af:4f:
         9b:3a:1e:57:db:ca:a7:5c:a1:34:21:b5:67:c0:dd:df:36:00:
         f3:e1:5f:89
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUcJXNSV5ANRDLi5znLJDY+dyrJIwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAyMDYxNjU3NTlaFw0yNjAyMDUxNzAyNTlaMDMxMTAvBgNV
BAMTKEVEMEI5MjMyMkY2M0NGNTdEQjhCNzc1NjBBRkE1NkY3QjA2MzEzNkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9tgZzi/pHmAeVxYTjyV7Ckwjr
tSvbKWCPhnt3WvZXkJKqSzXYTvpTDJ/JRLz3/qngkQFj5fcn43nEvkbZAdB8MCae
5xTNXwXYEHJ0Oo0Vz9Y8w3eiC/SbkZCnGv26MOpvsx1bqUzCtKvf+zT0jBUW3wIk
P+Bo4kmhTfCOE1qGF/yvvfLGzEtfhW7/4RjiIpXTtVBgc7HN2OEGAmqU5VZtFIt7
F2Bwj2RuzGHLVEnTG9N4/UMqns14rz6B1Kefd/nzh7tk7DA+BK+UIyzwJUFcxpdM
Gkfn73T71LMr43WDgAp/nSlKYcl22epzBjujfi8+p0jvXCwi5UaIxIl/QxGTAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU7QuSMi9jz1fbi3dWCvpW97BjE2owHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE1MzA0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsz22
AwQAsz25MA0GCSqGSIb3DQEBCwUAA4IBAQCIzUDWPBmE54chCu7VfyaRZHIZr27R
JrpMJ5WMRCrx0A7j7RF6gB/ynCLG8gqSHOeVLEmYPXSXtJGZBS/k85Sdt0P8EJvP
lXBckff25vmXHBkRRlebTA24e9VAniIwyAJV+m2Qf1C2S3kyov75WIH6M298hZwY
oyaey3MfmYs7Nni12mmjlB/Db2sCWpmVvFdOwPck6CgKWjOQFmXxxVK+C6yhuZpZ
KUGC6Tnh9KCHzmMk6BhKnffXY3mCBMzebopVAxHVlK3HL3pR27F11HJ2WWXg1dQ6
xUz0fc/Sd9rwsikOl+Jfe6Iir0+bOh5X28qnXKE0IbVnwN3fNgDz4V+J
-----END CERTIFICATE-----