Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS23470.roa
File:                     AS23470.roa (raw, json)
Hash identifier:          Judtu+bVDSMkRcbcB32Mn530zxVbLPnzE0zWC2XfqnE=
Subject key identifier:   2A:20:06:FE:1E:C5:B4:95:28:54:82:71:B2:98:CB:50:3C:E7:25:B9
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       77CD72D2073AEC8D9D5657EF3FF539C8CDD06228
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS23470.roa
Signing time:             Wed 25 Sep 2024 12:34:34 +0000
ROA not before:           Wed 25 Sep 2024 12:29:34 +0000
ROA not after:            Wed 24 Sep 2025 12:34:34 +0000
asID:                     23470
IP address blocks:        181.215.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:cd:72:d2:07:3a:ec:8d:9d:56:57:ef:3f:f5:39:c8:cd:d0:62:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Sep 25 12:29:34 2024 GMT
            Not After : Sep 24 12:34:34 2025 GMT
        Subject: CN=2A2006FE1EC5B49528548271B298CB503CE725B9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:d1:4b:27:11:55:26:02:08:18:ed:97:6d:e8:
                    d2:fc:f7:de:63:8d:d6:02:8c:19:61:34:3d:cd:46:
                    cd:8c:88:4d:9a:63:14:7d:45:d4:3d:6d:c1:fa:cb:
                    92:53:f0:94:d0:2e:77:09:a4:70:37:2a:4a:57:8a:
                    93:69:eb:9f:4e:c5:30:d2:0c:8c:c6:14:cc:c9:d1:
                    0e:6f:05:94:78:4c:d3:a0:6a:52:ab:6a:41:1f:7e:
                    a3:ec:06:9b:e1:e5:6c:46:9e:c3:f7:aa:82:ea:9a:
                    76:01:b9:3e:74:8c:8a:c3:00:f0:00:e2:a4:9c:00:
                    fc:61:89:28:ad:29:a0:6b:39:c6:dc:f1:6a:b1:73:
                    b1:b6:3c:00:14:22:60:2a:da:71:9c:a8:a9:49:61:
                    63:7e:68:14:a6:bb:b7:11:ed:fe:88:37:37:e7:49:
                    49:8f:a2:7a:85:e8:33:a8:0a:ea:85:23:8a:81:24:
                    b7:2a:5d:82:b6:9c:17:4c:f4:77:fb:7e:41:28:92:
                    46:63:ef:bc:f1:8e:64:7a:18:f9:d8:ff:33:44:b8:
                    6d:fe:d4:4d:1d:fe:33:65:2d:ce:44:3e:13:0f:89:
                    66:d3:26:c8:c5:96:27:e4:1c:67:d5:08:e5:3e:84:
                    85:43:a5:8e:78:35:b5:e2:c1:71:1b:31:af:b1:80:
                    a9:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:20:06:FE:1E:C5:B4:95:28:54:82:71:B2:98:CB:50:3C:E7:25:B9
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS23470.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:6c:6b:84:30:81:4f:42:c9:2b:de:4c:fd:2b:f6:c6:2d:aa:
         11:fb:15:2f:5b:f7:03:1f:fe:dc:5f:00:4f:aa:48:0b:d0:28:
         3d:2a:2d:9b:7b:6b:e1:83:fd:54:1b:58:d4:39:e7:d4:9a:ce:
         72:ae:7b:b8:2d:06:14:f5:b0:da:35:ff:83:eb:d4:a7:ec:85:
         ae:6d:ed:f5:3f:bf:ea:f7:35:73:b9:2b:78:96:a6:2d:e1:a0:
         b1:83:3c:27:9b:02:0b:93:14:30:4b:8b:2e:3f:0d:30:88:57:
         52:43:01:c9:34:2d:03:93:d3:24:52:ed:35:a5:b6:1c:9a:03:
         49:96:b5:d9:72:35:83:bb:a3:08:e3:22:63:00:3f:2a:52:5f:
         c2:a2:65:3f:a1:2c:c0:63:c4:97:8f:35:68:e4:0b:a1:3f:f0:
         62:88:e0:ac:93:6b:a4:58:91:d3:76:f3:8f:bb:61:61:5c:57:
         04:7e:a2:d4:6c:c5:0a:2e:8e:85:62:ec:9d:9d:5c:df:98:be:
         9e:71:fd:3b:32:3d:1f:ba:32:9b:4c:6d:cd:2a:6e:d2:d7:cb:
         73:a6:b0:bf:10:8e:b2:92:a4:b5:01:13:f8:76:0e:08:0c:5b:
         8b:4f:fc:e0:0b:fb:ab:a8:7b:97:ef:46:06:6b:a4:33:13:29:
         ac:3c:ac:0f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUd81y0gc67I2dVlfvP/U5yM3QYigwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA5MjUxMjI5MzRaFw0yNTA5MjQxMjM0MzRaMDMxMTAvBgNV
BAMTKDJBMjAwNkZFMUVDNUI0OTUyODU0ODI3MUIyOThDQjUwM0NFNzI1QjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF0UsnEVUmAggY7Zdt6NL8995j
jdYCjBlhND3NRs2MiE2aYxR9RdQ9bcH6y5JT8JTQLncJpHA3KkpXipNp659OxTDS
DIzGFMzJ0Q5vBZR4TNOgalKrakEffqPsBpvh5WxGnsP3qoLqmnYBuT50jIrDAPAA
4qScAPxhiSitKaBrOcbc8Wqxc7G2PAAUImAq2nGcqKlJYWN+aBSmu7cR7f6INzfn
SUmPonqF6DOoCuqFI4qBJLcqXYK2nBdM9Hf7fkEokkZj77zxjmR6GPnY/zNEuG3+
1E0d/jNlLc5EPhMPiWbTJsjFlifkHGfVCOU+hIVDpY54NbXiwXEbMa+xgKmLAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUKiAG/h7FtJUoVIJxspjLUDznJbkwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjM0NzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC1158w
DQYJKoZIhvcNAQELBQADggEBALRsa4QwgU9CySveTP0r9sYtqhH7FS9b9wMf/txf
AE+qSAvQKD0qLZt7a+GD/VQbWNQ559SaznKue7gtBhT1sNo1/4Pr1Kfsha5t7fU/
v+r3NXO5K3iWpi3hoLGDPCebAguTFDBLiy4/DTCIV1JDAck0LQOT0yRS7TWlthya
A0mWtdlyNYO7owjjImMAPypSX8KiZT+hLMBjxJePNWjkC6E/8GKI4KyTa6RYkdN2
84+7YWFcVwR+otRsxQoujoVi7J2dXN+Yvp5x/TsyPR+6MptMbc0qbtLXy3OmsL8Q
jrKSpLUBE/h2DggMW4tP/OAL+6uoe5fvRgZrpDMTKaw8rA8=
-----END CERTIFICATE-----