Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS270075.roa
File:                     AS270075.roa (raw, json)
Hash identifier:          e0qPq3NsH4NCzBsL9t5xa+0l6/iMy7D0q/mznrZf3dg=
Subject key identifier:   65:C8:5A:3E:EB:C6:CB:0C:06:44:45:C2:05:2E:00:26:E5:7C:4C:6E
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       53E5E6D00617300E54F5DA16D2EAC487F01826E6
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS270075.roa
Signing time:             Fri 16 May 2025 17:54:08 +0000
ROA not before:           Fri 16 May 2025 17:49:08 +0000
ROA not after:            Fri 15 May 2026 17:54:08 +0000
asID:                     270075
IP address blocks:        181.214.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:e5:e6:d0:06:17:30:0e:54:f5:da:16:d2:ea:c4:87:f0:18:26:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 16 17:49:08 2025 GMT
            Not After : May 15 17:54:08 2026 GMT
        Subject: CN=65C85A3EEBC6CB0C064445C2052E0026E57C4C6E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:f5:6d:66:5c:1b:a5:f5:90:2f:ce:43:2c:c7:
                    11:01:c2:bb:8c:ce:3d:9a:16:7f:11:c2:ab:c5:5e:
                    bd:e0:19:1d:20:a4:80:31:fc:55:10:28:b1:77:3a:
                    ea:9a:e6:63:8c:05:44:6b:c8:65:26:13:39:b2:01:
                    94:b4:1c:cf:be:25:78:67:65:1c:ac:20:79:53:a7:
                    09:37:22:45:25:77:c3:52:de:2f:01:df:6d:1e:6c:
                    bd:d5:17:7f:bd:8d:6f:31:74:88:02:a7:21:a6:da:
                    fd:20:2f:fc:2b:8b:51:75:3a:22:45:84:8e:f0:15:
                    8f:18:e4:af:5f:ee:2d:2a:06:37:2c:be:80:14:12:
                    46:2e:a4:1a:6e:25:0a:91:f4:cc:8d:2d:ec:69:92:
                    4f:07:ed:7d:b0:76:6b:67:a5:e9:6b:36:a7:e7:25:
                    88:a4:a7:98:17:6d:78:f0:ad:b1:3f:6a:33:b5:f5:
                    fe:a9:30:ab:d8:4f:f2:21:0f:2e:e4:ab:80:7e:f2:
                    11:a6:4d:13:72:23:00:f7:06:03:0a:50:35:46:28:
                    59:a6:f3:4e:15:5d:69:f3:c7:4d:e3:ae:68:b6:80:
                    d0:ba:61:23:d9:76:86:8b:6c:c6:8d:16:bf:7a:7e:
                    b3:f6:75:b1:12:24:74:eb:a6:ad:2f:8c:30:f7:b7:
                    9b:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:C8:5A:3E:EB:C6:CB:0C:06:44:45:C2:05:2E:00:26:E5:7C:4C:6E
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS270075.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:4c:3b:69:64:2b:b4:91:af:92:84:fc:70:6a:13:88:5a:0b:
         b5:b0:74:79:35:19:8b:09:df:1f:29:f6:02:6e:d6:a8:40:c8:
         1d:7d:30:10:c4:7c:2f:49:cb:eb:1e:ef:25:10:42:c5:bc:a0:
         16:e4:66:91:16:01:c2:db:ce:ef:e3:0d:bb:b9:39:c7:11:5b:
         47:ac:f9:d8:23:82:11:92:7b:8e:a2:ab:9c:9b:ef:73:bc:ce:
         1f:8f:a0:ff:78:04:12:74:df:3f:7e:b2:1a:85:07:80:60:94:
         5d:a1:6d:34:8a:8d:df:22:ed:eb:34:d4:b2:00:f3:a0:b9:63:
         ee:50:eb:50:bd:0c:9b:55:d2:b8:dd:9a:a1:c3:1f:11:04:c2:
         04:36:fb:09:c8:0f:47:9a:cb:97:6e:bf:c0:07:a9:43:be:ec:
         af:90:d8:06:45:54:fb:25:a7:c7:0e:1b:aa:5e:60:40:09:81:
         55:23:8e:32:dd:8f:7c:b1:bc:79:46:a8:3a:63:92:07:40:c0:
         b0:15:e3:ff:a6:e7:63:84:05:f2:ba:ea:2d:3d:57:27:45:1c:
         7e:7f:5d:8f:f9:53:b7:87:56:99:e0:9f:8d:fc:80:d8:08:d1:
         fc:3b:ee:dd:38:9a:9b:84:b2:63:25:69:aa:f0:75:37:b1:c5:
         8a:f0:d6:ba
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUU+Xm0AYXMA5U9doW0urEh/AYJuYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA1MTYxNzQ5MDhaFw0yNjA1MTUxNzU0MDhaMDMxMTAvBgNV
BAMTKDY1Qzg1QTNFRUJDNkNCMEMwNjQ0NDVDMjA1MkUwMDI2RTU3QzRDNkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDi9W1mXBul9ZAvzkMsxxEBwruM
zj2aFn8RwqvFXr3gGR0gpIAx/FUQKLF3Ouqa5mOMBURryGUmEzmyAZS0HM++JXhn
ZRysIHlTpwk3IkUld8NS3i8B320ebL3VF3+9jW8xdIgCpyGm2v0gL/wri1F1OiJF
hI7wFY8Y5K9f7i0qBjcsvoAUEkYupBpuJQqR9MyNLexpkk8H7X2wdmtnpelrNqfn
JYikp5gXbXjwrbE/ajO19f6pMKvYT/IhDy7kq4B+8hGmTRNyIwD3BgMKUDVGKFmm
804VXWnzx03jrmi2gNC6YSPZdoaLbMaNFr96frP2dbESJHTrpq0vjDD3t5vbAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUZchaPuvGywwGREXCBS4AJuV8TG4wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjcwMDc1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdZp
MA0GCSqGSIb3DQEBCwUAA4IBAQA5TDtpZCu0ka+ShPxwahOIWgu1sHR5NRmLCd8f
KfYCbtaoQMgdfTAQxHwvScvrHu8lEELFvKAW5GaRFgHC287v4w27uTnHEVtHrPnY
I4IRknuOoqucm+9zvM4fj6D/eAQSdN8/frIahQeAYJRdoW00io3fIu3rNNSyAPOg
uWPuUOtQvQybVdK43Zqhwx8RBMIENvsJyA9HmsuXbr/AB6lDvuyvkNgGRVT7JafH
DhuqXmBACYFVI44y3Y98sbx5Rqg6Y5IHQMCwFeP/pudjhAXyuuotPVcnRRx+f12P
+VO3h1aZ4J+N/IDYCNH8O+7dOJqbhLJjJWmq8HU3scWK8Na6
-----END CERTIFICATE-----