Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215703.roa
File:                     AS215703.roa (raw, json)
Hash identifier:          2P23UT7DSfkJyqQTQQ3K5UotqozlV5g9UbBLXtKnPNA=
Subject key identifier:   1A:B1:DA:4A:4A:91:85:82:2B:C2:76:F9:C6:2B:1E:50:D2:F0:8C:19
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       52F0FD95D782E00AF8570E59269D5751C787DF1A
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215703.roa
Signing time:             Sun 28 Apr 2024 00:04:03 +0000
ROA not before:           Sat 27 Apr 2024 23:59:03 +0000
ROA not after:            Sun 27 Apr 2025 00:04:03 +0000
asID:                     215703
IP address blocks:        191.96.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:f0:fd:95:d7:82:e0:0a:f8:57:0e:59:26:9d:57:51:c7:87:df:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr 27 23:59:03 2024 GMT
            Not After : Apr 27 00:04:03 2025 GMT
        Subject: CN=1AB1DA4A4A9185822BC276F9C62B1E50D2F08C19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:fa:56:7c:1c:78:c2:17:74:1f:03:f5:b2:79:
                    c1:83:5c:62:72:c0:10:a1:a0:c6:b0:59:6f:6e:36:
                    8f:6d:0a:06:6e:5c:7e:44:ed:e1:33:cd:01:be:7c:
                    ad:c4:d8:8e:00:ac:2c:fe:b3:c9:ef:c5:04:21:31:
                    03:f0:3d:7a:46:21:3f:e3:cc:6e:df:33:8a:1d:58:
                    0d:c3:50:96:e8:51:02:0d:81:3b:7c:92:8d:9b:6d:
                    3b:8a:f7:27:f8:f0:15:83:d0:11:b9:6a:fe:a7:c3:
                    8a:5d:b0:c4:00:15:22:a8:5d:5d:74:50:74:6d:f8:
                    f3:7e:17:ec:81:07:74:e7:b8:72:b2:77:bc:6d:09:
                    ac:a7:18:9a:8c:34:4f:12:12:ac:78:47:5f:a6:73:
                    6a:07:f0:32:bf:c4:c2:bb:5b:74:b4:be:76:c4:53:
                    4f:32:de:48:02:7d:d1:9f:03:2f:a8:b0:07:7d:57:
                    4d:28:ea:5a:f0:15:4c:47:f6:1b:1d:9d:a1:c2:7b:
                    01:8c:28:e2:8e:c5:9e:0f:9e:88:24:f8:a0:da:3c:
                    e7:1b:86:7f:14:4f:a1:26:e4:8a:83:f2:de:95:f8:
                    93:3b:86:06:68:92:f5:00:2c:75:6e:c5:eb:ce:96:
                    54:97:dc:5a:a4:a9:12:39:1a:54:3c:03:fd:11:95:
                    e2:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:B1:DA:4A:4A:91:85:82:2B:C2:76:F9:C6:2B:1E:50:D2:F0:8C:19
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215703.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:cd:60:65:3e:f0:32:de:f0:2a:de:dd:2e:cc:01:23:c5:a5:
         14:46:a8:06:e6:f6:ef:8e:ad:40:5f:ab:32:d7:c6:8f:a8:e7:
         68:d3:8a:67:3c:d8:1a:2c:57:fe:61:5f:d4:13:5c:81:38:97:
         5a:4f:5a:cc:6f:ca:9b:d0:ae:ec:94:69:e9:b1:97:3e:64:f0:
         91:55:e7:8d:ef:73:69:dd:ba:2b:b2:27:1d:a0:6c:32:ab:5a:
         f1:79:da:2a:61:cb:37:21:a8:b4:b3:40:09:0d:1a:a6:79:3c:
         ce:0f:67:75:62:28:95:78:4a:11:0b:f4:f0:8f:ec:12:5a:93:
         b3:d1:31:9b:81:4b:88:73:3f:33:18:f3:d3:4c:0f:0b:ef:18:
         cb:6d:01:67:a7:46:08:e0:07:af:f7:c2:9e:dc:4d:d4:d6:90:
         87:d5:ef:d2:9e:7e:12:98:ed:f0:0a:45:25:7a:71:cb:8f:00:
         ce:45:6d:65:65:d2:d1:ab:8b:ed:18:04:f7:15:da:9c:31:c6:
         7d:51:2d:6e:4f:58:42:2f:fe:e0:67:b3:ad:48:61:59:33:67:
         71:c1:b1:df:98:2e:dd:ab:60:0e:09:41:1f:c9:51:ab:b4:2f:
         80:2c:cd:83:0e:d4:3e:78:a8:98:8c:b2:74:78:53:8a:70:8c:
         60:8e:99:b3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUUvD9ldeC4Ar4Vw5ZJp1XUceH3xowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA0MjcyMzU5MDNaFw0yNTA0MjcwMDA0MDNaMDMxMTAvBgNV
BAMTKDFBQjFEQTRBNEE5MTg1ODIyQkMyNzZGOUM2MkIxRTUwRDJGMDhDMTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0+lZ8HHjCF3QfA/WyecGDXGJy
wBChoMawWW9uNo9tCgZuXH5E7eEzzQG+fK3E2I4ArCz+s8nvxQQhMQPwPXpGIT/j
zG7fM4odWA3DUJboUQINgTt8ko2bbTuK9yf48BWD0BG5av6nw4pdsMQAFSKoXV10
UHRt+PN+F+yBB3TnuHKyd7xtCaynGJqMNE8SEqx4R1+mc2oH8DK/xMK7W3S0vnbE
U08y3kgCfdGfAy+osAd9V00o6lrwFUxH9hsdnaHCewGMKOKOxZ4Pnogk+KDaPOcb
hn8UT6Em5IqD8t6V+JM7hgZokvUALHVuxevOllSX3FqkqRI5GlQ8A/0RleJdAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUGrHaSkqRhYIrwnb5xiseUNLwjBkwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE1NzAzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2Be
MA0GCSqGSIb3DQEBCwUAA4IBAQBszWBlPvAy3vAq3t0uzAEjxaUURqgG5vbvjq1A
X6sy18aPqOdo04pnPNgaLFf+YV/UE1yBOJdaT1rMb8qb0K7slGnpsZc+ZPCRVeeN
73Np3borsicdoGwyq1rxedoqYcs3Iai0s0AJDRqmeTzOD2d1YiiVeEoRC/Twj+wS
WpOz0TGbgUuIcz8zGPPTTA8L7xjLbQFnp0YI4Aev98Ke3E3U1pCH1e/Snn4SmO3w
CkUlenHLjwDORW1lZdLRq4vtGAT3FdqcMcZ9US1uT1hCL/7gZ7OtSGFZM2dxwbHf
mC7dq2AOCUEfyVGrtC+ALM2DDtQ+eKiYjLJ0eFOKcIxgjpmz
-----END CERTIFICATE-----