Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS216155.roa
File:                     AS216155.roa (raw, json)
Hash identifier:          Ef/xJHvob4xxegk4Ja1Q/XpO5bBXg0mWvSW94/jfrAk=
Subject key identifier:   90:7B:6D:B0:80:64:0A:04:74:EF:BE:5F:E5:7A:75:B6:FD:D8:9A:69
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       29981AA576C7740FB04BA8708878276B4788802D
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS216155.roa
Signing time:             Thu 04 Apr 2024 16:29:49 +0000
ROA not before:           Thu 04 Apr 2024 16:24:49 +0000
ROA not after:            Thu 03 Apr 2025 16:29:49 +0000
asID:                     216155
IP address blocks:        181.41.218.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:98:1a:a5:76:c7:74:0f:b0:4b:a8:70:88:78:27:6b:47:88:80:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr  4 16:24:49 2024 GMT
            Not After : Apr  3 16:29:49 2025 GMT
        Subject: CN=907B6DB080640A0474EFBE5FE57A75B6FDD89A69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ea:43:49:88:d1:8f:8e:88:6d:ce:c3:aa:2f:
                    45:6d:a4:0c:75:45:32:34:39:f1:03:ef:d1:7f:79:
                    70:60:ac:6b:b9:55:58:cf:0c:d9:19:0d:b5:02:c7:
                    a8:e3:5b:56:46:9e:cb:67:8e:73:ee:f8:a0:a5:01:
                    23:49:e9:6c:ea:82:eb:0e:96:dd:8a:51:46:39:0b:
                    27:1e:da:f1:1f:c0:9f:85:1d:28:30:f5:c7:93:31:
                    f7:3e:0f:b7:7c:59:b8:52:56:7f:bb:68:19:6a:80:
                    9e:39:48:d2:0f:f5:68:df:62:00:55:d1:d8:42:83:
                    6a:ae:c4:52:30:65:68:2a:56:e4:94:96:fc:45:96:
                    3d:c7:67:48:19:50:b7:ef:b1:1b:a2:7b:65:f3:62:
                    82:7c:11:78:39:1d:6d:0f:ba:98:75:fa:24:25:85:
                    58:d8:ec:d6:86:88:10:e0:7f:47:5e:45:2a:cf:37:
                    a1:14:2b:cb:ac:8f:eb:29:28:45:d0:4a:bd:26:d1:
                    f9:27:79:5f:f8:c4:cf:04:52:33:6d:45:7e:26:0f:
                    72:2a:8c:dd:4d:9e:bc:95:6e:0f:3f:ab:4a:67:0d:
                    76:32:19:c8:8e:49:cc:bd:33:bb:df:53:c8:ae:fe:
                    ee:f7:0a:25:81:73:e8:65:9c:bd:7f:72:95:5d:a0:
                    bc:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:7B:6D:B0:80:64:0A:04:74:EF:BE:5F:E5:7A:75:B6:FD:D8:9A:69
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS216155.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.41.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:e0:7f:b4:d9:97:83:23:33:a5:40:1e:07:0f:36:03:5d:d5:
         16:48:c5:11:eb:2a:f7:1e:c3:38:d8:8f:9d:37:23:a9:75:d5:
         9f:b7:5c:9d:30:79:a7:37:a5:30:8d:2a:4a:b7:7e:ac:c0:35:
         86:af:22:bd:72:7d:5a:dd:d4:31:b3:65:91:fc:28:1b:81:e6:
         55:96:10:1b:3a:8a:4f:35:97:07:02:b8:bc:71:37:fa:b9:97:
         63:66:40:e9:46:b1:a8:30:f4:f1:8d:12:47:6f:17:ca:61:cc:
         bf:37:08:d2:5b:85:b3:a0:6b:c6:4b:7e:35:a0:dd:f1:ae:8a:
         0c:32:eb:b5:e7:b7:da:86:2c:bc:12:95:9b:26:5e:03:40:2e:
         df:62:76:db:de:96:b7:07:04:4f:f2:ac:ca:0d:77:04:90:48:
         41:e3:e2:8b:ac:5a:21:f3:4e:dd:b3:86:08:97:48:85:6d:b1:
         5e:64:f0:5c:9f:16:fc:83:c0:2e:c0:c7:d5:bb:57:50:6b:df:
         73:4f:c0:1c:71:95:34:94:94:41:71:76:80:a4:fc:74:62:c1:
         5c:aa:e3:dc:d5:cc:24:a9:50:c6:50:c5:b6:b7:2f:71:32:cb:
         95:e0:e6:1a:5a:31:6b:89:43:d9:c8:ca:3b:5b:36:50:b7:f3:
         f2:94:13:32
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUKZgapXbHdA+wS6hwiHgna0eIgC0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA0MDQxNjI0NDlaFw0yNTA0MDMxNjI5NDlaMDMxMTAvBgNV
BAMTKDkwN0I2REIwODA2NDBBMDQ3NEVGQkU1RkU1N0E3NUI2RkREODlBNjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC96kNJiNGPjohtzsOqL0VtpAx1
RTI0OfED79F/eXBgrGu5VVjPDNkZDbUCx6jjW1ZGnstnjnPu+KClASNJ6WzqgusO
lt2KUUY5Cyce2vEfwJ+FHSgw9ceTMfc+D7d8WbhSVn+7aBlqgJ45SNIP9WjfYgBV
0dhCg2quxFIwZWgqVuSUlvxFlj3HZ0gZULfvsRuie2XzYoJ8EXg5HW0Puph1+iQl
hVjY7NaGiBDgf0deRSrPN6EUK8usj+spKEXQSr0m0fkneV/4xM8EUjNtRX4mD3Iq
jN1NnryVbg8/q0pnDXYyGciOScy9M7vfU8iu/u73CiWBc+hlnL1/cpVdoLw3AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUkHttsIBkCgR0775f5Xp1tv3YmmkwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE2MTU1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtSna
MA0GCSqGSIb3DQEBCwUAA4IBAQBn4H+02ZeDIzOlQB4HDzYDXdUWSMUR6yr3HsM4
2I+dNyOpddWft1ydMHmnN6UwjSpKt36swDWGryK9cn1a3dQxs2WR/CgbgeZVlhAb
OopPNZcHAri8cTf6uZdjZkDpRrGoMPTxjRJHbxfKYcy/NwjSW4WzoGvGS341oN3x
rooMMuu157fahiy8EpWbJl4DQC7fYnbb3pa3BwRP8qzKDXcEkEhB4+KLrFoh807d
s4YIl0iFbbFeZPBcnxb8g8AuwMfVu1dQa99zT8AccZU0lJRBcXaApPx0YsFcquPc
1cwkqVDGUMW2ty9xMsuV4OYaWjFriUPZyMo7WzZQt/PylBMy
-----END CERTIFICATE-----