Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215304.roa
File:                     AS215304.roa (raw, json)
Hash identifier:          gtb23Mff8JQboIDOCfa1f/dF4QxYBXfK7IzjQOEPwEU=
Subject key identifier:   EF:80:C1:AA:4B:57:12:3E:B2:38:98:46:77:B1:D8:D8:CA:9C:2C:B4
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       30231D741F6480C2FC3F9E6C46308741A83475CB
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215304.roa
Signing time:             Fri 11 Oct 2024 10:47:35 +0000
ROA not before:           Fri 11 Oct 2024 10:42:35 +0000
ROA not after:            Fri 10 Oct 2025 10:47:35 +0000
asID:                     215304
IP address blocks:        179.61.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:23:1d:74:1f:64:80:c2:fc:3f:9e:6c:46:30:87:41:a8:34:75:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Oct 11 10:42:35 2024 GMT
            Not After : Oct 10 10:47:35 2025 GMT
        Subject: CN=EF80C1AA4B57123EB238984677B1D8D8CA9C2CB4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:64:33:c3:1a:80:cf:df:b8:14:f6:6d:7f:0f:
                    42:c8:49:e4:67:78:e4:a7:69:5f:40:90:e6:53:8a:
                    6e:5d:78:2e:02:76:a6:29:a7:b0:fb:ee:73:ad:67:
                    01:82:c9:29:97:8d:08:6d:dc:d7:16:04:fb:c9:e1:
                    9c:02:fb:2e:2b:26:fe:16:cc:39:5c:f4:08:25:69:
                    be:c7:6c:39:26:6e:fb:7c:74:ed:43:f6:e5:65:67:
                    12:1c:27:82:d1:7a:36:0b:ab:4e:39:82:2e:26:95:
                    d1:fb:14:e4:79:1e:2a:11:bc:0c:2c:66:6e:d2:1c:
                    5a:62:d7:e8:2f:c2:fa:b2:82:1d:41:dd:0f:71:47:
                    18:84:fe:fc:4c:ff:48:e9:44:f0:39:c1:fb:ed:08:
                    fa:1f:b5:34:9b:4d:03:f5:9f:39:d0:1c:b2:2e:f7:
                    6c:58:70:97:d5:37:82:d5:11:79:a7:5d:7d:5d:e4:
                    e5:f4:80:50:b2:ae:53:ea:43:f4:80:a5:35:e9:c1:
                    0a:40:fd:a2:bc:69:1d:f0:3f:6d:9c:3f:06:a5:aa:
                    eb:75:b1:1d:87:2d:9b:5c:69:3b:65:09:ee:15:d4:
                    df:69:10:58:26:1b:13:03:7a:a5:cd:55:3a:3f:31:
                    86:cb:e7:ee:03:e2:64:7d:9b:02:ce:cf:89:86:f0:
                    8a:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:80:C1:AA:4B:57:12:3E:B2:38:98:46:77:B1:D8:D8:CA:9C:2C:B4
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215304.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:5b:f2:56:33:e0:b1:97:46:80:36:10:7a:7d:dc:8b:85:d6:
         ce:36:80:01:48:83:d6:a7:e8:69:31:3a:1b:c0:13:a4:ff:18:
         a1:ad:04:ae:c6:1b:e1:5f:fa:8f:77:75:4e:06:25:a5:56:e9:
         5e:48:07:e5:26:ce:14:e5:78:8a:7f:6d:09:e7:fb:6a:28:79:
         9a:22:2d:f0:6b:d3:a5:47:dc:fb:84:31:d6:81:15:0e:f4:c2:
         df:f7:4f:0c:9d:b0:af:36:a5:16:37:18:27:ad:72:99:54:b1:
         46:d3:ca:9b:3e:03:90:36:5b:7d:b4:d4:15:f1:5f:4f:88:18:
         a3:7d:25:7a:07:df:b2:0d:d7:ff:4e:9a:42:34:16:2f:58:1d:
         46:9c:9e:0b:08:96:df:fe:ac:39:05:64:42:37:ae:e3:a8:4e:
         4f:b9:5e:53:ec:7b:24:26:8f:35:88:bf:5c:43:d3:f8:f6:82:
         ab:99:32:7b:b2:9f:bb:b6:76:19:b5:c4:2a:d8:49:b8:71:ff:
         a7:1b:38:df:ee:3d:58:ce:83:14:d0:56:46:51:ed:66:df:14:
         8a:e5:85:b9:19:a3:ba:f2:bc:2c:59:c5:2d:f3:f1:65:28:cf:
         2c:b5:6f:b0:2f:6c:49:5c:46:66:13:8b:dd:84:14:bd:7a:ac:
         40:21:b1:d5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUMCMddB9kgML8P55sRjCHQag0dcswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDEwMTExMDQyMzVaFw0yNTEwMTAxMDQ3MzVaMDMxMTAvBgNV
BAMTKEVGODBDMUFBNEI1NzEyM0VCMjM4OTg0Njc3QjFEOEQ4Q0E5QzJDQjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVZDPDGoDP37gU9m1/D0LISeRn
eOSnaV9AkOZTim5deC4CdqYpp7D77nOtZwGCySmXjQht3NcWBPvJ4ZwC+y4rJv4W
zDlc9Aglab7HbDkmbvt8dO1D9uVlZxIcJ4LRejYLq045gi4mldH7FOR5HioRvAws
Zm7SHFpi1+gvwvqygh1B3Q9xRxiE/vxM/0jpRPA5wfvtCPoftTSbTQP1nznQHLIu
92xYcJfVN4LVEXmnXX1d5OX0gFCyrlPqQ/SApTXpwQpA/aK8aR3wP22cPwalqut1
sR2HLZtcaTtlCe4V1N9pEFgmGxMDeqXNVTo/MYbL5+4D4mR9mwLOz4mG8IphAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU74DBqktXEj6yOJhGd7HY2MqcLLQwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE1MzA0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsz25
MA0GCSqGSIb3DQEBCwUAA4IBAQCIW/JWM+Cxl0aANhB6fdyLhdbONoABSIPWp+hp
MTobwBOk/xihrQSuxhvhX/qPd3VOBiWlVuleSAflJs4U5XiKf20J5/tqKHmaIi3w
a9OlR9z7hDHWgRUO9MLf908MnbCvNqUWNxgnrXKZVLFG08qbPgOQNlt9tNQV8V9P
iBijfSV6B9+yDdf/TppCNBYvWB1GnJ4LCJbf/qw5BWRCN67jqE5PuV5T7HskJo81
iL9cQ9P49oKrmTJ7sp+7tnYZtcQq2Em4cf+nGzjf7j1YzoMU0FZGUe1m3xSK5YW5
GaO68rwsWcUt8/FlKM8stW+wL2xJXEZmE4vdhBS9eqxAIbHV
-----END CERTIFICATE-----