Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215311.roa
File:                     AS215311.roa (raw, json)
Hash identifier:          dVEnpTOH4aePGI6x8W8cYQQ7sry4AET4e7OQDMdjsxE=
Subject key identifier:   75:FE:67:8C:F2:88:28:E3:00:C3:C7:29:31:3D:91:AF:1D:7E:4B:6A
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6BFE8CEB381D5366005E1227D4757FD83FDFD949
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215311.roa
Signing time:             Sun 17 Mar 2024 15:02:54 +0000
ROA not before:           Sun 17 Mar 2024 14:57:54 +0000
ROA not after:            Sun 16 Mar 2025 15:02:54 +0000
asID:                     215311
IP address blocks:        193.31.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 04:39:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:fe:8c:eb:38:1d:53:66:00:5e:12:27:d4:75:7f:d8:3f:df:d9:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 17 14:57:54 2024 GMT
            Not After : Mar 16 15:02:54 2025 GMT
        Subject: CN=75FE678CF28828E300C3C729313D91AF1D7E4B6A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:6f:6b:56:48:a1:c4:4d:d9:f4:51:27:39:51:
                    f5:0e:a0:b8:f3:a1:eb:0c:56:82:bf:af:e2:e0:b9:
                    2c:e4:00:ba:30:61:ac:0c:b9:fe:b9:c3:e4:d5:89:
                    59:ab:91:50:e4:2d:f4:e9:b8:47:44:d5:bb:b9:9f:
                    fb:b9:ce:d8:21:a4:05:8c:3c:2e:14:6e:f8:ae:57:
                    b2:ce:ce:52:30:aa:71:dd:29:d0:82:eb:15:95:3d:
                    f3:3e:41:d3:14:e9:0c:36:74:20:16:38:0a:e7:75:
                    75:8a:ba:45:b8:fe:7d:ea:da:9d:d3:e9:64:fa:95:
                    85:73:0c:77:d0:04:74:43:06:d0:82:ad:6b:ea:99:
                    b5:9e:cc:55:a2:4e:1e:1b:aa:24:cb:59:5a:37:b9:
                    96:82:5b:05:28:c9:e8:ad:e9:e9:7a:c7:31:75:34:
                    8c:bd:c8:23:9b:6b:93:e8:3a:f4:80:5c:80:c2:3c:
                    fb:ba:6d:a0:89:3b:28:47:20:b9:31:ee:3a:00:7c:
                    b2:d9:9c:80:48:98:03:66:b9:79:1e:e1:64:0d:51:
                    6d:ff:a8:69:83:41:e7:72:f1:4d:96:24:e1:e0:01:
                    d7:4a:58:b1:83:14:16:d5:4e:d4:19:6a:da:da:5b:
                    f4:1a:28:0d:aa:6c:02:66:32:a4:f3:2e:1b:aa:42:
                    86:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:FE:67:8C:F2:88:28:E3:00:C3:C7:29:31:3D:91:AF:1D:7E:4B:6A
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215311.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.31.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:cc:49:a6:1d:53:b6:b3:0d:23:2b:74:f7:54:94:59:c1:57:
         73:99:dd:8a:a4:0b:ee:af:d8:5f:85:f8:01:99:de:cc:06:b3:
         08:e2:3c:6b:75:5c:d8:fe:c6:ba:2a:27:ce:c9:10:47:1d:42:
         33:64:fa:c8:7f:b3:4e:dc:18:ce:21:e2:b1:9c:02:c8:5c:8b:
         72:e5:34:f8:d1:5b:f9:a6:7c:2d:04:80:2f:c2:6a:08:b2:72:
         ff:7c:a5:c3:fd:f2:a3:dc:4f:a7:1e:bc:81:26:89:9e:b9:7c:
         28:f7:e8:02:15:e9:25:58:f7:5f:6a:2e:b5:5b:2b:73:82:80:
         b7:0f:fe:b1:27:7e:23:90:5e:73:08:f6:13:70:d2:74:50:4e:
         50:a2:d1:cd:99:5d:50:80:80:93:c2:ec:e0:ac:30:70:d0:71:
         33:3f:9a:eb:f3:75:ff:60:c3:08:26:51:05:e5:99:f7:af:ab:
         8f:b7:c4:02:24:82:a2:c6:42:dd:00:6f:a2:7a:12:ea:3c:f1:
         a8:cc:c2:22:ce:f1:b7:99:ee:09:df:ed:2b:4c:6b:dd:21:9e:
         45:74:ad:35:4b:e6:4b:c2:10:a4:34:9d:a5:33:dd:87:b7:a0:
         eb:8e:1b:cf:99:6c:4b:4e:6e:14:76:90:f6:30:52:c5:00:e0:
         5b:7b:d7:b7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUa/6M6zgdU2YAXhIn1HV/2D/f2UkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAzMTcxNDU3NTRaFw0yNTAzMTYxNTAyNTRaMDMxMTAvBgNV
BAMTKDc1RkU2NzhDRjI4ODI4RTMwMEMzQzcyOTMxM0Q5MUFGMUQ3RTRCNkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLb2tWSKHETdn0USc5UfUOoLjz
oesMVoK/r+LguSzkALowYawMuf65w+TViVmrkVDkLfTpuEdE1bu5n/u5ztghpAWM
PC4UbviuV7LOzlIwqnHdKdCC6xWVPfM+QdMU6Qw2dCAWOArndXWKukW4/n3q2p3T
6WT6lYVzDHfQBHRDBtCCrWvqmbWezFWiTh4bqiTLWVo3uZaCWwUoyeit6el6xzF1
NIy9yCOba5PoOvSAXIDCPPu6baCJOyhHILkx7joAfLLZnIBImANmuXke4WQNUW3/
qGmDQedy8U2WJOHgAddKWLGDFBbVTtQZatraW/QaKA2qbAJmMqTzLhuqQoZrAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUdf5njPKIKOMAw8cpMT2Rrx1+S2owHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE1MzExLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR8p
MA0GCSqGSIb3DQEBCwUAA4IBAQAnzEmmHVO2sw0jK3T3VJRZwVdzmd2KpAvur9hf
hfgBmd7MBrMI4jxrdVzY/sa6KifOyRBHHUIzZPrIf7NO3BjOIeKxnALIXIty5TT4
0Vv5pnwtBIAvwmoIsnL/fKXD/fKj3E+nHryBJomeuXwo9+gCFeklWPdfai61Wytz
goC3D/6xJ34jkF5zCPYTcNJ0UE5QotHNmV1QgICTwuzgrDBw0HEzP5rr83X/YMMI
JlEF5Zn3r6uPt8QCJIKixkLdAG+iehLqPPGozMIizvG3me4J3+0rTGvdIZ5FdK01
S+ZLwhCkNJ2lM92Ht6DrjhvPmWxLTm4UdpD2MFLFAOBbe9e3
-----END CERTIFICATE-----