Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS271960.roa
File:                     AS271960.roa (raw, json)
Hash identifier:          4sGjncRD3Xck4aEdlhUEqtZcNRT6ZfqYahw0vJLVMz0=
Subject key identifier:   09:1E:EA:18:D1:2D:F0:A7:0A:39:D5:88:3F:06:55:67:56:F6:1E:A0
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       2C876AFC3FC6650F5A227F2E05E2BD62336CD064
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS271960.roa
Signing time:             Wed 31 Jan 2024 08:05:10 +0000
ROA not before:           Wed 31 Jan 2024 08:00:10 +0000
ROA not after:            Wed 29 Jan 2025 08:05:10 +0000
asID:                     271960
IP address blocks:        181.215.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:87:6a:fc:3f:c6:65:0f:5a:22:7f:2e:05:e2:bd:62:33:6c:d0:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:10 2024 GMT
            Not After : Jan 29 08:05:10 2025 GMT
        Subject: CN=091EEA18D12DF0A70A39D5883F06556756F61EA0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:05:0b:f5:82:8d:33:84:89:1a:35:58:55:b7:
                    76:8a:51:da:ac:c3:de:92:c9:0f:3c:8e:3e:3a:3e:
                    be:47:ee:eb:f2:54:08:d2:61:99:45:39:84:35:9c:
                    5c:2b:0d:08:93:bd:0a:50:9b:cb:04:c8:9b:6b:91:
                    8a:5f:6b:94:a5:cf:da:e6:e9:2d:6a:b7:66:6b:9f:
                    a4:83:72:6d:78:83:2e:3c:7f:32:21:6a:da:a6:38:
                    27:fa:8b:a5:41:61:5f:5f:16:fe:f7:07:71:be:6d:
                    28:b6:c2:b2:18:c4:4b:b2:10:7f:e1:d5:c3:62:4a:
                    5a:b4:8b:97:94:1f:fa:d3:30:a4:4f:66:43:9e:a4:
                    0c:49:45:ef:84:dd:d4:78:e6:c0:d9:36:6a:1f:ae:
                    c0:c5:11:31:0d:19:b9:e8:8e:a4:fa:0f:1f:f8:56:
                    74:15:90:62:3b:ff:18:d5:cf:a6:18:f1:03:c3:9b:
                    bf:20:20:12:fa:24:85:3c:14:d8:16:70:a5:08:fd:
                    48:6c:6e:73:b6:bb:b6:d6:e3:20:af:b0:d0:ad:03:
                    b8:27:75:aa:42:30:7d:1e:78:bf:87:3b:94:06:9f:
                    26:dd:cc:78:d7:ad:d7:da:53:ae:c1:77:ee:0c:64:
                    ee:81:05:29:de:f5:b5:76:e3:ce:ea:16:0e:5b:a6:
                    8b:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:1E:EA:18:D1:2D:F0:A7:0A:39:D5:88:3F:06:55:67:56:F6:1E:A0
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS271960.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:98:86:97:8c:2d:9e:5b:c6:31:7a:ce:7b:78:02:53:e4:e8:
         2a:a4:41:fd:af:92:73:1c:05:4d:2f:d1:16:46:ab:50:4e:b1:
         fd:6b:5a:71:b3:37:70:9b:4c:b6:7c:bb:7f:91:86:38:78:1e:
         67:a4:6b:01:af:9a:97:f9:a6:19:75:a8:76:0a:d4:33:aa:51:
         9e:a1:89:4a:b9:86:2d:b3:fa:ae:a0:b0:41:a3:54:6c:d5:29:
         db:6e:b3:f5:9a:9c:89:0b:41:98:d5:33:af:9e:ec:bf:bc:49:
         bc:4a:36:f8:94:65:6c:6c:10:e3:53:c6:71:4b:d4:21:fa:2b:
         af:b4:5d:db:47:3f:49:76:6b:ac:c6:73:59:9b:6d:de:7f:60:
         5a:7a:83:7b:bf:9d:4b:16:70:0e:13:9d:46:26:62:fd:b3:0b:
         36:3d:df:b0:bb:06:17:32:0d:20:84:3f:bb:cf:43:63:cc:f1:
         31:3c:7e:31:d6:d0:33:19:37:2e:d2:ab:a3:57:26:78:65:b8:
         50:db:a3:1e:66:0a:4a:19:4b:41:8d:cf:8a:75:5e:0c:ba:ab:
         a7:5d:2b:06:db:30:ec:b4:2b:4d:8a:15:91:a3:62:e9:d9:90:
         45:c9:9f:32:6e:4a:d8:5b:1e:ec:30:e8:f8:a8:23:1f:45:e4:
         65:48:db:ec
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIULIdq/D/GZQ9aIn8uBeK9YjNs0GQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMTBaFw0yNTAxMjkwODA1MTBaMDMxMTAvBgNV
BAMTKDA5MUVFQTE4RDEyREYwQTcwQTM5RDU4ODNGMDY1NTY3NTZGNjFFQTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6BQv1go0zhIkaNVhVt3aKUdqs
w96SyQ88jj46Pr5H7uvyVAjSYZlFOYQ1nFwrDQiTvQpQm8sEyJtrkYpfa5Slz9rm
6S1qt2Zrn6SDcm14gy48fzIhatqmOCf6i6VBYV9fFv73B3G+bSi2wrIYxEuyEH/h
1cNiSlq0i5eUH/rTMKRPZkOepAxJRe+E3dR45sDZNmofrsDFETENGbnojqT6Dx/4
VnQVkGI7/xjVz6YY8QPDm78gIBL6JIU8FNgWcKUI/UhsbnO2u7bW4yCvsNCtA7gn
dapCMH0eeL+HO5QGnybdzHjXrdfaU67Bd+4MZO6BBSne9bV2487qFg5bposVAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUCR7qGNEt8KcKOdWIPwZVZ1b2HqAwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjcxOTYwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdfm
MA0GCSqGSIb3DQEBCwUAA4IBAQCkmIaXjC2eW8Yxes57eAJT5OgqpEH9r5JzHAVN
L9EWRqtQTrH9a1pxszdwm0y2fLt/kYY4eB5npGsBr5qX+aYZdah2CtQzqlGeoYlK
uYYts/quoLBBo1Rs1SnbbrP1mpyJC0GY1TOvnuy/vEm8Sjb4lGVsbBDjU8ZxS9Qh
+iuvtF3bRz9JdmusxnNZm23ef2BaeoN7v51LFnAOE51GJmL9sws2Pd+wuwYXMg0g
hD+7z0NjzPExPH4x1tAzGTcu0qujVyZ4ZbhQ26MeZgpKGUtBjc+KdV4MuqunXSsG
2zDstCtNihWRo2Lp2ZBFyZ8ybkrYWx7sMOj4qCMfReRlSNvs
-----END CERTIFICATE-----