Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS271700.roa
File:                     AS271700.roa (raw, json)
Hash identifier:          Ab9FK7JS24hAm6qg8bwgzHcZ46hSsEctdEHfCBFoidg=
Subject key identifier:   3E:45:32:8E:0D:3A:F4:F9:21:AD:31:9F:02:9B:45:5A:BB:92:EF:9F
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       741F615BB3FF52C0D5A8F6E16567CB44A594B55F
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS271700.roa
Signing time:             Wed 31 Jan 2024 08:05:11 +0000
ROA not before:           Wed 31 Jan 2024 08:00:11 +0000
ROA not after:            Wed 29 Jan 2025 08:05:11 +0000
asID:                     271700
IP address blocks:        181.214.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:1f:61:5b:b3:ff:52:c0:d5:a8:f6:e1:65:67:cb:44:a5:94:b5:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:11 2024 GMT
            Not After : Jan 29 08:05:11 2025 GMT
        Subject: CN=3E45328E0D3AF4F921AD319F029B455ABB92EF9F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:ae:9c:26:04:a4:c2:8a:f7:25:54:bc:08:ca:
                    51:08:7e:6e:55:8d:87:1c:47:4e:27:6f:b5:94:4d:
                    96:94:d1:02:ef:fc:06:6b:25:41:e1:43:5e:05:04:
                    5a:d7:d5:55:a5:ef:a6:04:18:e0:59:53:bc:fd:1f:
                    41:34:f6:d8:10:cf:62:dc:93:6c:6e:23:49:8b:23:
                    ae:5f:f2:6e:9c:50:b7:35:1e:6d:15:89:bc:7f:74:
                    d7:8c:df:b3:e1:59:b0:af:57:45:8d:6f:2c:4a:69:
                    c1:d2:ac:72:6e:e9:cd:c7:27:c0:75:6e:d4:8f:a9:
                    fb:b6:f3:e8:13:3c:d6:ec:8b:d1:19:f0:09:1a:78:
                    e2:66:28:6c:e0:0f:58:4c:e8:02:c6:e1:40:23:46:
                    ee:63:77:91:8f:2b:26:12:fa:e8:78:9e:eb:32:e6:
                    50:b9:53:dd:5c:08:14:bf:67:d1:3c:b2:a6:46:67:
                    bb:52:53:6d:a4:61:6c:87:7f:78:37:55:e9:44:e4:
                    f1:72:f6:f0:fa:dc:ca:b5:8c:7a:38:03:af:ac:61:
                    fb:a5:50:cb:dc:bd:8b:49:4d:cc:94:06:d8:b0:e9:
                    0f:2f:f6:fa:b4:2d:f2:c7:ea:f0:33:32:51:0f:0d:
                    e3:e1:78:63:fa:2e:5a:ae:d1:9c:34:6e:56:88:8c:
                    97:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:45:32:8E:0D:3A:F4:F9:21:AD:31:9F:02:9B:45:5A:BB:92:EF:9F
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS271700.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:8f:96:00:87:fe:0c:60:0f:fc:1e:11:14:0c:af:91:4a:20:
         9b:c1:6f:86:43:67:5a:88:ba:e6:40:5e:78:a3:1e:e2:b3:85:
         49:19:ae:2d:2a:74:70:93:10:7b:00:47:a0:bd:7e:07:b2:c3:
         cb:fc:78:fa:a7:27:fc:7b:53:00:75:4a:5d:0e:7e:48:7c:de:
         8b:f3:74:2f:95:be:fc:f6:e8:5d:6e:45:70:ac:a5:54:13:08:
         39:da:68:d3:db:00:bc:60:b0:07:f5:b5:95:46:5c:dd:f4:d9:
         c1:d3:69:9e:9c:7e:3c:b8:3d:4a:80:89:4f:38:8d:f9:57:54:
         00:f0:37:07:9f:b9:e4:2d:a7:1d:ea:cd:05:9a:e3:d7:00:56:
         71:f5:fa:09:21:8b:d1:44:d2:14:ac:e8:23:ae:0a:63:a0:a5:
         b9:c8:75:b4:02:96:64:50:4a:e4:2e:61:26:98:a3:eb:69:3f:
         4f:29:31:df:2b:23:88:68:e6:c8:5c:19:0b:9d:93:86:cd:a8:
         7d:85:73:fd:65:72:bc:cc:2b:b0:cb:02:75:e7:5d:2c:6f:e0:
         41:cf:5c:ae:59:d7:81:d9:15:40:63:03:f0:44:b6:c3:5a:11:
         83:f5:88:93:58:d7:c4:b1:88:58:1d:8b:26:f8:6d:4f:6a:02:
         41:42:96:1e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUdB9hW7P/UsDVqPbhZWfLRKWUtV8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMTFaFw0yNTAxMjkwODA1MTFaMDMxMTAvBgNV
BAMTKDNFNDUzMjhFMEQzQUY0RjkyMUFEMzE5RjAyOUI0NTVBQkI5MkVGOUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYrpwmBKTCivclVLwIylEIfm5V
jYccR04nb7WUTZaU0QLv/AZrJUHhQ14FBFrX1VWl76YEGOBZU7z9H0E09tgQz2Lc
k2xuI0mLI65f8m6cULc1Hm0Vibx/dNeM37PhWbCvV0WNbyxKacHSrHJu6c3HJ8B1
btSPqfu28+gTPNbsi9EZ8AkaeOJmKGzgD1hM6ALG4UAjRu5jd5GPKyYS+uh4nusy
5lC5U91cCBS/Z9E8sqZGZ7tSU22kYWyHf3g3VelE5PFy9vD63Mq1jHo4A6+sYful
UMvcvYtJTcyUBtiw6Q8v9vq0LfLH6vAzMlEPDePheGP6Llqu0Zw0blaIjJeRAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUPkUyjg069PkhrTGfAptFWruS758wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjcxNzAwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdbb
MA0GCSqGSIb3DQEBCwUAA4IBAQBBj5YAh/4MYA/8HhEUDK+RSiCbwW+GQ2daiLrm
QF54ox7is4VJGa4tKnRwkxB7AEegvX4HssPL/Hj6pyf8e1MAdUpdDn5IfN6L83Qv
lb789uhdbkVwrKVUEwg52mjT2wC8YLAH9bWVRlzd9NnB02menH48uD1KgIlPOI35
V1QA8DcHn7nkLacd6s0FmuPXAFZx9foJIYvRRNIUrOgjrgpjoKW5yHW0ApZkUErk
LmEmmKPraT9PKTHfKyOIaObIXBkLnZOGzah9hXP9ZXK8zCuwywJ1510sb+BBz1yu
WdeB2RVAYwPwRLbDWhGD9YiTWNfEsYhYHYsm+G1PagJBQpYe
-----END CERTIFICATE-----