Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS216466.roa
File:                     AS216466.roa (raw, json)
Hash identifier:          cnDGoQg/ZMZib3Bf4qBk7y3q3h2mFAeCP0kUl2ScXLg=
Subject key identifier:   4C:44:0C:62:10:6C:C6:B1:97:50:2B:A9:3C:7F:8D:33:BB:10:B2:CD
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       216A042D8F49008E757B079FBA2324D04CFE54FA
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS216466.roa
Signing time:             Thu 24 Aug 2023 07:28:31 +0000
ROA not before:           Thu 24 Aug 2023 07:23:31 +0000
ROA not after:            Thu 22 Aug 2024 07:28:31 +0000
asID:                     216466
IP address blocks:        181.215.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:6a:04:2d:8f:49:00:8e:75:7b:07:9f:ba:23:24:d0:4c:fe:54:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug 24 07:23:31 2023 GMT
            Not After : Aug 22 07:28:31 2024 GMT
        Subject: CN=4C440C62106CC6B197502BA93C7F8D33BB10B2CD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:f0:44:9d:8a:af:59:51:70:2e:b7:b4:6a:6c:
                    21:72:8e:39:50:c3:1a:0f:fc:c6:4c:c5:e0:ff:6e:
                    a0:74:6a:57:56:7d:a2:58:84:3d:49:45:e5:7f:c6:
                    f3:f5:0e:4d:c9:57:9f:6e:9e:83:71:26:ff:6f:f4:
                    e4:3d:04:72:55:30:a6:4c:31:c5:4a:30:27:5b:5f:
                    ad:5a:af:81:ad:24:82:56:3e:df:c9:87:f2:de:46:
                    17:66:41:64:29:11:c3:67:90:05:a1:e4:30:bf:6d:
                    fd:7a:96:91:ad:1f:59:dd:06:59:09:8f:bd:d6:a8:
                    49:e3:3a:84:91:b3:23:c9:b4:68:d3:fd:1d:a0:07:
                    67:ff:4f:83:73:a6:3d:1a:c4:59:09:32:a3:4b:8b:
                    bd:fc:f6:1b:c7:a1:78:a5:ef:19:13:11:ba:47:04:
                    0a:cf:ca:80:76:77:bf:97:18:f3:95:5b:77:e2:51:
                    5e:cd:65:7f:ef:32:9f:4f:29:5f:44:3f:d2:16:b8:
                    1c:34:6d:eb:e3:d0:6a:0a:95:12:b0:95:ea:7b:a7:
                    63:64:eb:7a:f6:cc:57:4d:4b:89:e9:83:ec:33:cd:
                    79:b8:70:c9:44:7b:fe:d7:25:13:33:08:d1:aa:d9:
                    f9:ed:cf:c4:e3:f2:70:b8:ad:10:92:13:31:a6:35:
                    70:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:44:0C:62:10:6C:C6:B1:97:50:2B:A9:3C:7F:8D:33:BB:10:B2:CD
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS216466.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:f6:ce:69:7c:c5:5a:80:e7:82:0d:16:df:2a:94:a4:d4:80:
         b8:37:eb:67:b0:09:58:11:87:e5:6b:e9:b8:7f:3f:f0:7a:2b:
         3a:2c:85:34:02:a3:74:f5:b2:19:0a:89:db:5b:fe:21:4f:ec:
         b6:49:c1:86:fc:f8:82:93:f5:0c:6f:1d:55:b0:5f:b2:1a:03:
         7a:ae:fe:ec:61:f9:27:e9:a7:89:d0:f2:27:16:92:50:1a:ed:
         ec:fc:06:7d:da:b5:cc:cc:c5:d0:91:c5:45:92:25:d3:e3:c3:
         57:0c:22:70:d3:56:9d:c9:86:eb:0e:12:e2:00:ca:72:49:45:
         d0:93:11:4b:35:ac:48:88:7f:32:59:34:a2:65:38:f6:6f:db:
         12:4f:f3:75:75:ed:33:d5:0b:d2:0d:10:d2:00:13:0e:20:18:
         a3:93:79:1c:92:7f:0f:91:c2:79:b3:aa:37:2b:3b:76:2d:38:
         86:cf:c8:76:65:52:8a:e0:6e:ba:a9:45:1c:93:2d:db:a4:88:
         bb:8e:0f:cb:94:e5:dc:45:a6:bd:08:b4:59:29:dc:16:d6:30:
         c7:7e:fe:fc:e6:75:e8:a2:a0:4a:0f:ce:0c:ca:53:e9:d4:6c:
         fd:8d:5e:d6:fd:8b:87:67:14:33:89:0b:96:56:4e:9f:55:46:
         25:42:eb:b8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUIWoELY9JAI51ewefuiMk0Ez+VPowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzA4MjQwNzIzMzFaFw0yNDA4MjIwNzI4MzFaMDMxMTAvBgNV
BAMTKDRDNDQwQzYyMTA2Q0M2QjE5NzUwMkJBOTNDN0Y4RDMzQkIxMEIyQ0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDT8ESdiq9ZUXAut7RqbCFyjjlQ
wxoP/MZMxeD/bqB0aldWfaJYhD1JReV/xvP1Dk3JV59unoNxJv9v9OQ9BHJVMKZM
McVKMCdbX61ar4GtJIJWPt/Jh/LeRhdmQWQpEcNnkAWh5DC/bf16lpGtH1ndBlkJ
j73WqEnjOoSRsyPJtGjT/R2gB2f/T4Nzpj0axFkJMqNLi7389hvHoXil7xkTEbpH
BArPyoB2d7+XGPOVW3fiUV7NZX/vMp9PKV9EP9IWuBw0bevj0GoKlRKwlep7p2Nk
63r2zFdNS4npg+wzzXm4cMlEe/7XJRMzCNGq2fntz8Tj8nC4rRCSEzGmNXABAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUTEQMYhBsxrGXUCupPH+NM7sQss0wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE2NDY2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdeM
MA0GCSqGSIb3DQEBCwUAA4IBAQA39s5pfMVagOeCDRbfKpSk1IC4N+tnsAlYEYfl
a+m4fz/weis6LIU0AqN09bIZConbW/4hT+y2ScGG/PiCk/UMbx1VsF+yGgN6rv7s
Yfkn6aeJ0PInFpJQGu3s/AZ92rXMzMXQkcVFkiXT48NXDCJw01adyYbrDhLiAMpy
SUXQkxFLNaxIiH8yWTSiZTj2b9sST/N1de0z1QvSDRDSABMOIBijk3kckn8PkcJ5
s6o3Kzt2LTiGz8h2ZVKK4G66qUUcky3bpIi7jg/LlOXcRaa9CLRZKdwW1jDHfv78
5nXooqBKD84MylPp1Gz9jV7W/YuHZxQziQuWVk6fVUYlQuu4
-----END CERTIFICATE-----