Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS22427.roa
File:                     AS22427.roa (raw, json)
Hash identifier:          pMDsbNJZZA3/lNAYS2R5L4ZUm9Mjt4mEHXJj/rHLzlw=
Subject key identifier:   80:17:BC:4B:44:28:B2:16:6B:8E:8A:88:30:20:6B:0F:F0:17:D4:B7
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       60A74D5C9B5C3E9433F250CBD59369294476C0D0
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS22427.roa
Signing time:             Wed 25 Dec 2024 04:41:50 +0000
ROA not before:           Wed 25 Dec 2024 04:36:50 +0000
ROA not after:            Wed 24 Dec 2025 04:41:50 +0000
asID:                     22427
IP address blocks:        181.41.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 19:35:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:a7:4d:5c:9b:5c:3e:94:33:f2:50:cb:d5:93:69:29:44:76:c0:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Dec 25 04:36:50 2024 GMT
            Not After : Dec 24 04:41:50 2025 GMT
        Subject: CN=8017BC4B4428B2166B8E8A8830206B0FF017D4B7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:eb:50:3c:d3:e0:5c:c1:54:53:ab:47:22:81:
                    a7:43:0b:1b:f4:97:f7:f9:7d:ec:f5:fa:34:0e:0b:
                    6d:7a:ed:30:dc:8c:6c:20:68:7e:f4:8a:3c:52:59:
                    d0:76:15:e4:cc:1c:1e:12:74:55:90:c8:b0:c3:c6:
                    3a:7b:3b:81:13:08:0d:a2:69:12:2f:dd:9e:15:e4:
                    81:4e:32:b6:03:5e:bb:cb:27:e2:d2:e6:0b:94:35:
                    0b:6c:09:10:d3:1b:14:1e:5c:c5:0e:ba:fa:49:81:
                    30:d8:41:6c:f9:37:d1:5b:a9:3f:2b:77:64:c7:bb:
                    a1:18:5f:00:f0:33:b5:5a:0c:64:a0:d2:c8:50:b8:
                    12:83:dd:bc:ac:fc:6d:97:59:fc:0c:08:9d:1c:4d:
                    51:87:ae:c7:5e:e9:93:c0:1b:ef:97:e2:8d:ca:49:
                    1d:1a:df:04:d7:ff:f8:e0:63:bf:2e:d1:de:f2:0c:
                    0c:22:8e:1d:5a:12:39:9e:32:15:c7:5d:64:4d:40:
                    91:b8:9c:90:50:ad:fe:46:e7:57:28:aa:93:97:a8:
                    95:e9:ec:9d:e5:ca:2c:08:ac:b9:62:d1:c1:b9:32:
                    b0:bb:04:34:56:b1:2d:14:9a:bf:b0:ba:42:ac:69:
                    42:a0:3f:0e:e5:82:7c:bf:e5:85:f0:66:4b:e8:37:
                    6a:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:17:BC:4B:44:28:B2:16:6B:8E:8A:88:30:20:6B:0F:F0:17:D4:B7
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS22427.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.41.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:90:88:1a:40:ff:20:4d:23:18:58:51:c1:5d:b9:95:2b:88:
         c7:d2:88:b9:e8:42:7f:18:75:6e:aa:0d:58:b5:67:c5:ca:6a:
         dc:80:24:ab:be:33:70:ce:2a:53:4f:7e:00:49:1e:b5:a6:ae:
         b2:ca:03:f2:f5:8c:f8:47:42:66:29:8a:59:01:f8:08:67:90:
         1d:0d:34:37:20:0c:c1:2e:77:25:9d:f8:dd:25:5d:fe:4d:05:
         0c:5a:d2:fd:7e:25:d5:79:ee:9b:eb:e5:99:05:59:12:6c:98:
         52:9b:e1:b0:66:af:ef:e9:5e:1d:31:20:66:99:1e:8f:53:d5:
         fa:4c:af:20:4d:0c:26:61:42:dc:dd:f4:b3:2e:5c:52:99:ce:
         00:b1:d2:a6:d2:39:83:60:d0:76:d1:1c:95:65:0d:b3:b9:85:
         31:d9:df:16:47:7a:40:d9:82:f9:65:71:29:a0:64:14:98:e4:
         8f:60:37:18:5c:0e:ef:e4:fd:c9:7b:9b:f1:47:f5:83:e8:fe:
         6f:bd:35:4e:a1:0b:77:b8:73:cd:f3:63:40:9c:cb:2e:61:1a:
         93:72:ea:76:58:bd:a4:95:f9:0b:60:46:f3:7d:d1:b8:c5:29:
         a2:c9:a6:d3:9e:7a:f7:da:aa:90:e9:24:cf:a1:73:96:b8:4a:
         31:ad:f6:8e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUYKdNXJtcPpQz8lDL1ZNpKUR2wNAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDEyMjUwNDM2NTBaFw0yNTEyMjQwNDQxNTBaMDMxMTAvBgNV
BAMTKDgwMTdCQzRCNDQyOEIyMTY2QjhFOEE4ODMwMjA2QjBGRjAxN0Q0QjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu61A80+BcwVRTq0cigadDCxv0
l/f5fez1+jQOC2167TDcjGwgaH70ijxSWdB2FeTMHB4SdFWQyLDDxjp7O4ETCA2i
aRIv3Z4V5IFOMrYDXrvLJ+LS5guUNQtsCRDTGxQeXMUOuvpJgTDYQWz5N9FbqT8r
d2THu6EYXwDwM7VaDGSg0shQuBKD3bys/G2XWfwMCJ0cTVGHrsde6ZPAG++X4o3K
SR0a3wTX//jgY78u0d7yDAwijh1aEjmeMhXHXWRNQJG4nJBQrf5G51coqpOXqJXp
7J3lyiwIrLli0cG5MrC7BDRWsS0Umr+wukKsaUKgPw7lgny/5YXwZkvoN2qfAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUgBe8S0QoshZrjoqIMCBrD/AX1LcwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjI0Mjcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC1KdYw
DQYJKoZIhvcNAQELBQADggEBAImQiBpA/yBNIxhYUcFduZUriMfSiLnoQn8YdW6q
DVi1Z8XKatyAJKu+M3DOKlNPfgBJHrWmrrLKA/L1jPhHQmYpilkB+AhnkB0NNDcg
DMEudyWd+N0lXf5NBQxa0v1+JdV57pvr5ZkFWRJsmFKb4bBmr+/pXh0xIGaZHo9T
1fpMryBNDCZhQtzd9LMuXFKZzgCx0qbSOYNg0HbRHJVlDbO5hTHZ3xZHekDZgvll
cSmgZBSY5I9gNxhcDu/k/cl7m/FH9YPo/m+9NU6hC3e4c83zY0Ccyy5hGpNy6nZY
vaSV+QtgRvN90bjFKaLJptOeevfaqpDpJM+hc5a4SjGt9o4=
-----END CERTIFICATE-----