Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215605.roa
File:                     AS215605.roa (raw, json)
Hash identifier:          MT9txvQlVB7VCsi737cboFlNmI5iLXoTGp3RPktZC5Y=
Subject key identifier:   B5:E0:A7:3F:A8:99:B1:DC:B7:16:D8:00:23:A9:30:01:12:73:60:E3
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       28DBB185D05836598A444761E772681C27F7CB6E
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215605.roa
Signing time:             Thu 07 Nov 2024 16:43:43 +0000
ROA not before:           Thu 07 Nov 2024 16:38:43 +0000
ROA not after:            Thu 06 Nov 2025 16:43:43 +0000
asID:                     215605
IP address blocks:        5.181.130.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:db:b1:85:d0:58:36:59:8a:44:47:61:e7:72:68:1c:27:f7:cb:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Nov  7 16:38:43 2024 GMT
            Not After : Nov  6 16:43:43 2025 GMT
        Subject: CN=B5E0A73FA899B1DCB716D80023A93001127360E3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:fe:2c:fa:20:2f:d3:93:9c:bf:42:0f:2d:84:
                    23:27:49:1f:0d:9f:8b:2f:34:50:91:0f:f0:8a:58:
                    fc:79:9c:ad:b1:42:90:2d:e3:5f:4a:8b:fb:ce:52:
                    47:de:a5:1d:d1:74:57:4a:24:e1:f5:ba:da:f7:4a:
                    87:73:30:f6:a3:8b:5d:cc:e3:a5:49:b6:f8:61:86:
                    77:80:dd:1b:53:1d:08:e5:6f:be:0f:aa:23:ef:0d:
                    90:d9:42:82:48:c0:53:30:1b:01:bb:f0:0b:c0:4e:
                    dc:49:b9:3c:64:a6:82:80:a4:99:61:d0:af:fd:1c:
                    c0:2a:f3:2e:98:28:e6:07:9d:ee:64:79:ed:b7:2a:
                    ae:b6:2f:50:9f:80:24:b9:9c:e8:d6:b0:da:bf:c4:
                    81:69:96:bf:9a:dc:d6:75:5a:da:d6:68:3a:1a:bc:
                    25:3a:6d:1b:33:28:60:55:e1:5c:7e:b3:a8:b1:a7:
                    46:36:1e:0b:7c:fe:d8:42:38:22:9e:15:79:26:7c:
                    07:6c:18:eb:75:de:ce:09:b6:47:da:a8:5b:d1:05:
                    e8:d6:19:c4:fb:c4:33:6a:9e:fd:18:d3:c7:a3:e3:
                    ba:f6:ee:2d:b8:02:22:91:3c:69:b8:27:f8:8c:cd:
                    9a:1b:df:8a:50:6e:81:71:c9:b9:6d:a7:db:a4:92:
                    78:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:E0:A7:3F:A8:99:B1:DC:B7:16:D8:00:23:A9:30:01:12:73:60:E3
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215605.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:23:e4:12:07:6c:7e:4e:48:a2:fa:27:3a:d1:7c:dd:00:4e:
         e3:50:5d:08:71:dc:5e:f1:ba:3a:9d:6d:80:a1:f7:8e:88:21:
         63:c0:0e:07:03:d2:64:df:84:c3:9e:c6:4b:27:73:fd:98:05:
         16:e8:de:f8:25:c4:5c:0d:c5:40:c8:c4:55:de:45:e3:cb:0d:
         dc:95:eb:b4:cf:c2:f7:64:7d:75:cf:54:6a:cf:ca:b4:29:5e:
         2b:79:59:84:e7:c0:10:43:72:df:70:1f:b6:6a:f7:61:f0:39:
         d7:52:bc:6b:3d:f0:8a:5d:68:d6:bc:91:d2:81:a0:e9:06:4f:
         3f:a2:2d:ef:cd:85:0c:9a:13:67:3b:16:1a:a5:e7:d6:18:ef:
         60:a7:53:ed:91:99:0c:c8:e2:fd:f2:e8:19:32:64:9c:30:3b:
         83:71:d1:c2:9a:8b:3d:ba:e2:a6:fc:80:38:ba:60:b5:f8:6a:
         d2:43:ad:27:65:bc:ad:a7:84:bd:51:81:0a:e9:b4:35:01:ab:
         4d:e6:5b:e4:15:b9:a3:7a:d2:eb:79:b2:52:32:44:86:c8:d2:
         bf:50:a2:59:40:84:f9:ac:a8:12:cc:ef:28:9d:8c:91:84:10:
         27:14:a1:13:ef:0d:79:eb:68:de:58:b2:3d:d9:6b:79:cb:a8:
         4c:05:82:d9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUKNuxhdBYNlmKREdh53JoHCf3y24wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDExMDcxNjM4NDNaFw0yNTExMDYxNjQzNDNaMDMxMTAvBgNV
BAMTKEI1RTBBNzNGQTg5OUIxRENCNzE2RDgwMDIzQTkzMDAxMTI3MzYwRTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF/iz6IC/Tk5y/Qg8thCMnSR8N
n4svNFCRD/CKWPx5nK2xQpAt419Ki/vOUkfepR3RdFdKJOH1utr3SodzMPaji13M
46VJtvhhhneA3RtTHQjlb74PqiPvDZDZQoJIwFMwGwG78AvATtxJuTxkpoKApJlh
0K/9HMAq8y6YKOYHne5kee23Kq62L1CfgCS5nOjWsNq/xIFplr+a3NZ1WtrWaDoa
vCU6bRszKGBV4Vx+s6ixp0Y2Hgt8/thCOCKeFXkmfAdsGOt13s4JtkfaqFvRBejW
GcT7xDNqnv0Y08ej47r27i24AiKRPGm4J/iMzZob34pQboFxybltp9ukknj1AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUteCnP6iZsdy3FtgAI6kwARJzYOMwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE1NjA1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbWC
MA0GCSqGSIb3DQEBCwUAA4IBAQChI+QSB2x+Tkii+ic60XzdAE7jUF0Icdxe8bo6
nW2AofeOiCFjwA4HA9Jk34TDnsZLJ3P9mAUW6N74JcRcDcVAyMRV3kXjyw3cleu0
z8L3ZH11z1Rqz8q0KV4reVmE58AQQ3LfcB+2avdh8DnXUrxrPfCKXWjWvJHSgaDp
Bk8/oi3vzYUMmhNnOxYapefWGO9gp1PtkZkMyOL98ugZMmScMDuDcdHCmos9uuKm
/IA4umC1+GrSQ60nZbytp4S9UYEK6bQ1AatN5lvkFbmjetLrebJSMkSGyNK/UKJZ
QIT5rKgSzO8onYyRhBAnFKET7w1562jeWLI92Wt5y6hMBYLZ
-----END CERTIFICATE-----