Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215355.roa
File:                     AS215355.roa (raw, json)
Hash identifier:          CrLgGMEMZpwgkGYDgqIScUoWk87DD0x5toEU7/1VrNs=
Subject key identifier:   99:71:FA:B2:17:A6:03:38:0C:7F:06:BD:A9:86:5F:82:82:92:83:7F
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6063DD7C1FB62E42349C8F7285AD063380F41F97
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215355.roa
Signing time:             Wed 10 Apr 2024 16:14:54 +0000
ROA not before:           Wed 10 Apr 2024 16:09:54 +0000
ROA not after:            Wed 09 Apr 2025 16:14:54 +0000
asID:                     215355
IP address blocks:        181.215.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 04:39:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:63:dd:7c:1f:b6:2e:42:34:9c:8f:72:85:ad:06:33:80:f4:1f:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr 10 16:09:54 2024 GMT
            Not After : Apr  9 16:14:54 2025 GMT
        Subject: CN=9971FAB217A603380C7F06BDA9865F828292837F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:39:97:33:d7:8b:6c:59:ec:8b:52:10:29:f0:
                    d8:66:20:ba:78:46:9c:ee:37:c4:1b:fb:ac:38:6c:
                    42:8a:40:74:60:dd:f8:33:1a:71:9e:bb:3f:74:5a:
                    3b:d3:7c:a0:07:22:cf:74:a7:fb:2c:7e:10:d7:ed:
                    55:2c:8e:c6:ec:54:25:72:ce:95:0a:24:cf:ad:85:
                    2d:74:66:8c:75:93:8a:1a:dd:31:15:8f:75:e3:c2:
                    9c:5f:2e:9f:80:07:ef:fe:4e:7a:4f:d9:be:dd:e7:
                    b9:db:1b:82:ce:ec:a2:08:5e:5c:cb:bd:9c:f6:af:
                    3c:fd:98:11:e2:64:70:a7:bc:62:b9:e1:39:88:6f:
                    f4:dc:64:21:d4:0e:77:cb:db:00:fd:69:28:69:b0:
                    27:87:2c:1f:47:d9:ae:63:94:14:7c:dc:4d:75:48:
                    b1:1b:3c:ea:ee:c9:85:9f:fe:cb:2e:86:bf:4a:2e:
                    b8:2c:8b:3f:f8:74:74:d2:fc:e1:a9:69:e7:2a:4b:
                    18:fd:48:cb:ab:3e:0f:a4:1a:70:75:90:10:0f:ed:
                    df:7c:83:9a:01:5d:7c:41:22:0f:4b:c3:e6:ee:f8:
                    f7:91:88:12:96:05:dc:a0:b7:c5:47:c7:91:37:0e:
                    0f:6f:3d:d0:db:d8:69:69:31:19:4c:34:03:73:02:
                    05:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:71:FA:B2:17:A6:03:38:0C:7F:06:BD:A9:86:5F:82:82:92:83:7F
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215355.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:af:3d:12:cb:36:30:36:3f:33:63:20:cf:0a:7b:4c:d8:92:
         3d:82:e9:51:a3:7d:95:23:65:3a:7f:00:0f:23:37:3c:2f:c5:
         b5:a3:f3:07:d7:fe:ea:b3:da:8d:26:f6:56:b3:05:8a:0d:ec:
         e1:db:0c:8a:9d:f9:c9:8b:e0:e0:73:d5:26:25:a6:c1:c9:31:
         7e:9e:a5:db:41:84:c2:69:f3:3f:53:8f:91:90:83:26:bb:be:
         cc:84:e8:67:4d:a7:4d:7e:39:2a:5d:19:6b:18:d6:93:4c:d3:
         b1:62:7c:23:0b:29:b6:4b:c0:72:68:d8:5f:da:d4:4d:1a:a5:
         be:f5:b3:6e:bf:09:a8:c3:74:6f:44:3a:6e:af:08:b9:31:be:
         1e:9e:19:a8:46:41:b7:1d:a3:18:54:42:cc:43:7d:56:12:b7:
         a4:8c:d1:d2:50:3c:0c:89:f0:a4:f0:c9:b1:8b:f0:98:f2:b1:
         44:d5:07:88:96:0d:1f:e2:6a:04:23:27:01:78:11:bf:e3:55:
         78:bb:00:bd:99:67:be:fd:40:e8:5b:df:e0:fd:6b:13:9f:9e:
         4f:15:a4:0e:70:1a:01:00:ec:e7:19:28:43:92:01:58:6c:ac:
         4e:70:01:11:22:84:cd:12:6f:71:3f:4b:00:28:6b:27:28:e8:
         4e:e1:ba:ff
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUYGPdfB+2LkI0nI9yha0GM4D0H5cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA0MTAxNjA5NTRaFw0yNTA0MDkxNjE0NTRaMDMxMTAvBgNV
BAMTKDk5NzFGQUIyMTdBNjAzMzgwQzdGMDZCREE5ODY1RjgyODI5MjgzN0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuOZcz14tsWeyLUhAp8NhmILp4
RpzuN8Qb+6w4bEKKQHRg3fgzGnGeuz90WjvTfKAHIs90p/ssfhDX7VUsjsbsVCVy
zpUKJM+thS10Zox1k4oa3TEVj3XjwpxfLp+AB+/+TnpP2b7d57nbG4LO7KIIXlzL
vZz2rzz9mBHiZHCnvGK54TmIb/TcZCHUDnfL2wD9aShpsCeHLB9H2a5jlBR83E11
SLEbPOruyYWf/ssuhr9KLrgsiz/4dHTS/OGpaecqSxj9SMurPg+kGnB1kBAP7d98
g5oBXXxBIg9Lw+bu+PeRiBKWBdygt8VHx5E3Dg9vPdDb2GlpMRlMNANzAgUFAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUmXH6shemAzgMfwa9qYZfgoKSg38wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE1MzU1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdcG
MA0GCSqGSIb3DQEBCwUAA4IBAQCfrz0SyzYwNj8zYyDPCntM2JI9gulRo32VI2U6
fwAPIzc8L8W1o/MH1/7qs9qNJvZWswWKDezh2wyKnfnJi+Dgc9UmJabByTF+nqXb
QYTCafM/U4+RkIMmu77MhOhnTadNfjkqXRlrGNaTTNOxYnwjCym2S8ByaNhf2tRN
GqW+9bNuvwmow3RvRDpurwi5Mb4enhmoRkG3HaMYVELMQ31WErekjNHSUDwMifCk
8Mmxi/CY8rFE1QeIlg0f4moEIycBeBG/41V4uwC9mWe+/UDoW9/g/WsTn55PFaQO
cBoBAOznGShDkgFYbKxOcAERIoTNEm9xP0sAKGsnKOhO4br/
-----END CERTIFICATE-----