Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS270075.roa
File:                     AS270075.roa (raw, json)
Hash identifier:          kktsH6lAhkVKyiE3Y2HkVdn5BcYMqJRlWgnqZRlRTrg=
Subject key identifier:   DB:52:12:72:34:21:6A:F1:02:70:D5:47:7A:C8:39:F1:22:00:F5:59
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       14F83CB1490311623183947A4167F96FAFC970C3
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS270075.roa
Signing time:             Fri 14 Jul 2023 16:07:01 +0000
ROA not before:           Fri 14 Jul 2023 16:02:01 +0000
ROA not after:            Fri 12 Jul 2024 16:07:01 +0000
asID:                     270075
IP address blocks:        181.214.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:f8:3c:b1:49:03:11:62:31:83:94:7a:41:67:f9:6f:af:c9:70:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul 14 16:02:01 2023 GMT
            Not After : Jul 12 16:07:01 2024 GMT
        Subject: CN=DB52127234216AF10270D5477AC839F12200F559
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:a4:65:bb:52:90:a1:10:ea:a8:8e:7d:46:45:
                    78:8a:a6:6b:a5:b9:1d:67:e9:51:25:7c:aa:99:8f:
                    6f:97:88:10:f2:bd:39:9a:a4:96:d4:8e:56:55:a3:
                    58:c9:f2:da:f3:75:44:12:2f:95:a1:4d:60:49:dd:
                    a8:61:85:06:b2:90:a6:ab:c7:13:12:6d:5f:1c:1d:
                    ad:9e:4a:65:8c:73:27:3f:c1:08:1f:7b:e2:dc:3f:
                    95:fd:35:55:89:9c:84:89:e0:f2:5a:ab:9e:53:c6:
                    3b:4b:fa:f3:1c:4f:d4:48:4d:3d:c6:d6:31:79:fe:
                    f8:5b:92:73:a6:a0:d0:8e:ba:92:0d:70:e9:b9:e4:
                    1c:2d:7d:c6:a9:8d:b0:9e:81:d3:86:47:f7:e0:1e:
                    4a:61:b0:9d:43:84:50:e9:5f:ea:00:31:20:fd:82:
                    d7:51:90:0d:75:4f:be:af:14:60:8a:69:17:2e:3f:
                    e7:ae:66:06:69:f3:22:f3:4f:9f:71:42:d8:72:95:
                    dd:b6:fa:b5:5e:f5:04:e7:b2:92:2f:74:51:ee:e7:
                    3e:32:01:d1:8d:22:8f:d7:3f:8d:e4:13:28:98:74:
                    98:94:30:12:0c:61:7b:6f:37:3f:d8:3d:22:98:00:
                    2a:1e:bb:cd:69:30:b1:d9:c5:62:e9:b9:e1:55:50:
                    b8:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:52:12:72:34:21:6A:F1:02:70:D5:47:7A:C8:39:F1:22:00:F5:59
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS270075.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:69:b8:b3:cb:8c:c6:71:e3:bf:24:7c:86:ee:ca:cf:ff:3a:
         f5:a9:1b:8d:74:8a:84:f1:af:8c:78:fe:10:aa:eb:b3:be:e4:
         8e:14:06:eb:a1:f8:fd:5e:be:ad:51:9c:24:0f:fb:37:6d:51:
         81:31:b5:8a:c7:c0:05:d1:44:c8:d7:4d:23:06:df:67:b2:cd:
         0f:22:51:ed:d7:fa:b1:5a:82:97:64:ba:46:6d:00:d0:b1:83:
         e9:18:49:20:a2:c4:e4:9a:75:81:40:e9:b7:99:52:61:9a:db:
         7c:04:b6:cb:10:34:f6:65:25:1c:a7:11:c8:79:9c:46:d3:17:
         e1:11:1b:4f:e9:41:c9:2d:3f:8b:38:14:3f:d9:ac:95:77:ca:
         41:cc:80:bb:67:3f:fd:cd:d2:5f:2c:cb:c7:7f:41:45:e8:2d:
         cb:81:cd:82:da:44:ca:f0:b1:c3:aa:34:0b:80:ea:d5:aa:3b:
         d5:c2:57:e0:50:56:c3:87:ed:0f:3a:6f:2d:ed:1f:72:4c:c9:
         07:d4:9d:05:90:21:6e:7e:58:35:7f:6c:e4:75:e4:c4:a0:1f:
         9b:59:f0:83:22:24:0f:e6:86:3c:05:d4:42:79:ce:c8:42:fd:
         56:92:86:e2:22:f3:1f:70:29:83:a7:ea:b3:e5:8a:8e:c1:66:
         db:8a:94:de
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUFPg8sUkDEWIxg5R6QWf5b6/JcMMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzA3MTQxNjAyMDFaFw0yNDA3MTIxNjA3MDFaMDMxMTAvBgNV
BAMTKERCNTIxMjcyMzQyMTZBRjEwMjcwRDU0NzdBQzgzOUYxMjIwMEY1NTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZpGW7UpChEOqojn1GRXiKpmul
uR1n6VElfKqZj2+XiBDyvTmapJbUjlZVo1jJ8trzdUQSL5WhTWBJ3ahhhQaykKar
xxMSbV8cHa2eSmWMcyc/wQgfe+LcP5X9NVWJnISJ4PJaq55TxjtL+vMcT9RITT3G
1jF5/vhbknOmoNCOupINcOm55BwtfcapjbCegdOGR/fgHkphsJ1DhFDpX+oAMSD9
gtdRkA11T76vFGCKaRcuP+euZgZp8yLzT59xQthyld22+rVe9QTnspIvdFHu5z4y
AdGNIo/XP43kEyiYdJiUMBIMYXtvNz/YPSKYACoeu81pMLHZxWLpueFVULhlAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU21IScjQhavECcNVHesg58SIA9VkwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjcwMDc1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdZp
MA0GCSqGSIb3DQEBCwUAA4IBAQAiabizy4zGceO/JHyG7srP/zr1qRuNdIqE8a+M
eP4QquuzvuSOFAbrofj9Xr6tUZwkD/s3bVGBMbWKx8AF0UTI100jBt9nss0PIlHt
1/qxWoKXZLpGbQDQsYPpGEkgosTkmnWBQOm3mVJhmtt8BLbLEDT2ZSUcpxHIeZxG
0xfhERtP6UHJLT+LOBQ/2ayVd8pBzIC7Zz/9zdJfLMvHf0FF6C3Lgc2C2kTK8LHD
qjQLgOrVqjvVwlfgUFbDh+0POm8t7R9yTMkH1J0FkCFuflg1f2zkdeTEoB+bWfCD
IiQP5oY8BdRCec7IQv1WkobiIvMfcCmDp+qz5YqOwWbbipTe
-----END CERTIFICATE-----