Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS270564.roa
File:                     AS270564.roa (raw, json)
Hash identifier:          enO+I4xUmdV4dckK3EkZqwa7IRPcVgIBm0W3LY8j7mc=
Subject key identifier:   65:5F:70:25:D0:DF:BE:F1:2C:21:5B:F4:B9:35:02:0A:FD:7E:2E:21
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       465193C846CD4678A5791AC303B9329C0FCB4BFA
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS270564.roa
Signing time:             Wed 01 Jan 2025 08:53:49 +0000
ROA not before:           Wed 01 Jan 2025 08:48:49 +0000
ROA not after:            Wed 31 Dec 2025 08:53:49 +0000
asID:                     270564
IP address blocks:        181.41.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:51:93:c8:46:cd:46:78:a5:79:1a:c3:03:b9:32:9c:0f:cb:4b:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan  1 08:48:49 2025 GMT
            Not After : Dec 31 08:53:49 2025 GMT
        Subject: CN=655F7025D0DFBEF12C215BF4B935020AFD7E2E21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ba:b6:f3:94:9e:ca:dd:c5:6b:fc:ac:ed:23:
                    32:e3:c6:f3:e0:43:6e:03:c5:b4:78:ac:be:d4:f6:
                    9a:4e:e8:c8:cc:9d:10:55:95:2e:5a:e7:e9:4b:05:
                    5e:01:c5:75:44:6c:a3:dc:bc:66:65:10:6e:4e:76:
                    ec:3e:57:00:6f:fa:0b:17:ca:54:0c:86:2d:40:1a:
                    4e:6c:a1:78:c4:ff:58:6e:80:0a:7a:c3:55:11:15:
                    38:62:0e:7d:b6:f5:32:c8:c9:04:46:c9:dc:69:4f:
                    3a:16:37:fc:bb:e8:40:75:69:79:4a:60:9d:f2:df:
                    86:db:91:18:d2:cd:da:87:29:61:f5:74:a9:f6:8d:
                    6b:16:d8:7f:a4:77:ac:d3:8b:81:96:6a:c7:bf:9a:
                    48:32:90:f2:7d:22:5e:d6:08:84:18:1e:dc:93:31:
                    80:47:87:b2:41:7e:ae:85:29:1d:ce:03:c6:33:ea:
                    67:16:a9:08:c1:5e:36:21:19:ed:f2:97:ab:8f:f1:
                    55:57:ee:64:6a:30:3a:4c:d9:35:10:12:5f:f2:23:
                    d8:f6:de:de:9f:2b:f8:17:92:00:ea:b0:a8:cf:b2:
                    6e:29:c8:b8:f4:2d:63:a7:24:9c:d6:8a:50:9c:32:
                    e1:56:84:38:b9:03:4a:33:6e:2e:a0:17:de:13:cf:
                    00:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:5F:70:25:D0:DF:BE:F1:2C:21:5B:F4:B9:35:02:0A:FD:7E:2E:21
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS270564.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.41.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:0e:47:48:f8:02:68:9e:93:26:77:3f:65:88:55:26:37:4a:
         85:c8:a5:cf:d9:55:0f:1b:8f:79:a1:fc:3f:1f:c9:4f:81:80:
         2f:a0:63:c1:ff:4e:4f:4b:0f:ec:00:e3:5e:f7:16:a5:b1:1c:
         0e:d4:b3:bf:9c:2b:39:a3:1a:20:bd:31:68:8a:8d:16:25:2c:
         cd:e3:6e:6b:36:21:95:b8:20:a3:12:87:39:69:92:a0:30:bd:
         4a:a5:21:e0:ec:03:05:34:20:58:db:8e:ef:92:fa:c3:dd:9e:
         fd:cf:ea:88:75:65:1c:8a:83:5a:ec:03:35:28:86:fe:05:40:
         a1:bc:24:80:70:0c:1d:f4:47:38:7a:53:03:d9:5a:6f:f5:9b:
         d8:16:a8:eb:bb:b5:9e:6f:11:81:5d:2a:cf:47:f0:d8:56:2d:
         bd:7f:bb:fb:79:a4:82:0f:c7:86:78:7c:4d:f6:40:c6:83:8e:
         95:0a:87:1a:22:7e:91:25:ea:05:04:a1:37:61:7e:98:94:10:
         26:ac:2e:4e:00:c4:40:f9:5a:e7:33:aa:34:a8:b8:5b:cf:b0:
         9c:b3:60:b2:84:86:86:69:ad:57:37:4d:4c:ea:20:14:09:f1:
         b5:32:8e:27:b2:ad:5d:e8:ce:69:f2:ad:44:83:7e:cd:4b:18:
         eb:2f:0c:cf
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURlGTyEbNRnileRrDA7kynA/LS/owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAxMDEwODQ4NDlaFw0yNTEyMzEwODUzNDlaMDMxMTAvBgNV
BAMTKDY1NUY3MDI1RDBERkJFRjEyQzIxNUJGNEI5MzUwMjBBRkQ3RTJFMjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDurbzlJ7K3cVr/KztIzLjxvPg
Q24DxbR4rL7U9ppO6MjMnRBVlS5a5+lLBV4BxXVEbKPcvGZlEG5Oduw+VwBv+gsX
ylQMhi1AGk5soXjE/1hugAp6w1URFThiDn229TLIyQRGydxpTzoWN/y76EB1aXlK
YJ3y34bbkRjSzdqHKWH1dKn2jWsW2H+kd6zTi4GWase/mkgykPJ9Il7WCIQYHtyT
MYBHh7JBfq6FKR3OA8Yz6mcWqQjBXjYhGe3yl6uP8VVX7mRqMDpM2TUQEl/yI9j2
3t6fK/gXkgDqsKjPsm4pyLj0LWOnJJzWilCcMuFWhDi5A0ozbi6gF94TzwDNAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUZV9wJdDfvvEsIVv0uTUCCv1+LiEwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjcwNTY0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtSnI
MA0GCSqGSIb3DQEBCwUAA4IBAQCZDkdI+AJonpMmdz9liFUmN0qFyKXP2VUPG495
ofw/H8lPgYAvoGPB/05PSw/sAONe9xalsRwO1LO/nCs5oxogvTFoio0WJSzN425r
NiGVuCCjEoc5aZKgML1KpSHg7AMFNCBY247vkvrD3Z79z+qIdWUcioNa7AM1KIb+
BUChvCSAcAwd9Ec4elMD2Vpv9ZvYFqjru7WebxGBXSrPR/DYVi29f7v7eaSCD8eG
eHxN9kDGg46VCocaIn6RJeoFBKE3YX6YlBAmrC5OAMRA+VrnM6o0qLhbz7Ccs2Cy
hIaGaa1XN01M6iAUCfG1Mo4nsq1d6M5p8q1Eg37NSxjrLwzP
-----END CERTIFICATE-----