Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS271960.roa
File:                     AS271960.roa (raw, json)
Hash identifier:          RIMyYDj7eNeABU7ya0EmrEhuWHOZjhEmzyZMJq+yfRA=
Subject key identifier:   3F:15:18:86:C5:C9:92:C8:D4:22:3C:BE:02:62:A1:22:EA:AB:13:A2
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       41FB9A27DE7A6007EA81A747F4E836E5CFD660D7
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS271960.roa
Signing time:             Wed 01 Jan 2025 08:53:50 +0000
ROA not before:           Wed 01 Jan 2025 08:48:50 +0000
ROA not after:            Wed 31 Dec 2025 08:53:50 +0000
asID:                     271960
IP address blocks:        181.215.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:fb:9a:27:de:7a:60:07:ea:81:a7:47:f4:e8:36:e5:cf:d6:60:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan  1 08:48:50 2025 GMT
            Not After : Dec 31 08:53:50 2025 GMT
        Subject: CN=3F151886C5C992C8D4223CBE0262A122EAAB13A2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:bb:b0:0b:6b:1c:b4:ff:38:7a:de:df:b9:99:
                    db:e6:f3:7e:34:34:f1:31:75:41:79:8d:74:8a:66:
                    13:16:40:d0:c4:1d:d3:f7:1a:dd:b1:4a:b1:74:ff:
                    e7:d6:64:ee:fa:bf:14:dd:9b:56:6c:cf:45:6f:0b:
                    f5:8c:d1:34:dd:46:55:03:c3:77:df:69:b9:32:ca:
                    03:eb:62:c4:d8:16:15:8f:b1:c1:13:e0:83:f3:f1:
                    38:f1:4a:f0:45:2c:26:0a:52:16:e7:15:09:75:e6:
                    8a:34:1b:5d:51:26:68:58:98:30:74:3f:6b:ad:8a:
                    6e:53:b0:2f:56:f0:64:d0:40:d5:d3:34:1e:57:10:
                    e2:04:bc:b1:17:9d:75:5f:89:20:52:48:c5:68:90:
                    2e:53:ed:c7:62:82:05:15:7f:1c:4a:92:f0:46:85:
                    fd:18:70:25:c8:a9:eb:d6:5c:0d:c0:38:6f:37:b3:
                    88:ed:ec:a8:2a:8c:98:d0:8b:1f:93:87:aa:50:28:
                    78:fe:d2:41:47:4d:3c:38:9a:c8:2e:9a:9c:c9:c1:
                    7a:03:12:fe:5f:77:a6:49:37:e7:7b:d8:3c:e4:30:
                    1c:bb:62:8d:86:fd:96:4e:74:60:68:26:69:3e:22:
                    8d:f4:4a:d6:c4:cf:f5:e9:06:4b:a9:47:bc:a0:d5:
                    38:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:15:18:86:C5:C9:92:C8:D4:22:3C:BE:02:62:A1:22:EA:AB:13:A2
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS271960.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:d1:2b:d6:db:f6:9a:f8:11:84:d4:a2:f2:a1:92:6f:be:fa:
         c7:75:7e:28:00:1b:d6:d5:22:15:73:8b:4a:aa:fe:c1:de:ed:
         01:5b:48:df:08:b7:d0:e7:20:74:0d:2d:59:0a:50:ee:37:01:
         71:1b:36:a7:11:85:0e:d3:7a:07:44:06:2f:0c:e3:85:6f:66:
         81:e5:ab:6a:8e:47:98:6c:95:6a:87:ee:f9:09:36:fc:15:09:
         b1:1e:07:bb:a0:12:00:b8:30:42:1a:75:27:b2:eb:d0:c9:17:
         20:e2:c1:88:5a:e7:23:08:f4:c0:c5:20:07:60:08:6f:64:7c:
         59:d9:6d:d5:a4:b0:27:cf:35:30:d5:6c:a4:5e:52:e7:94:56:
         7e:4b:30:26:50:8f:d5:b5:7c:32:1c:ec:cd:62:a6:e9:2c:be:
         58:3e:25:1d:70:1b:17:9d:de:6d:92:0e:2e:5b:a1:de:22:77:
         9a:7d:1a:1b:8f:08:49:90:78:57:70:6d:e9:05:5b:7a:af:04:
         17:bf:cc:e8:d3:6e:8a:c3:a7:c8:e4:2d:fd:30:17:ec:4c:ff:
         7f:a2:f1:5e:39:40:1a:25:22:f7:30:13:b2:95:a5:ad:00:3d:
         50:dd:d5:85:6c:d1:a2:32:9a:03:6a:a2:52:97:ef:16:d2:81:
         75:57:b1:30
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUQfuaJ956YAfqgadH9Og25c/WYNcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAxMDEwODQ4NTBaFw0yNTEyMzEwODUzNTBaMDMxMTAvBgNV
BAMTKDNGMTUxODg2QzVDOTkyQzhENDIyM0NCRTAyNjJBMTIyRUFBQjEzQTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSu7ALaxy0/zh63t+5mdvm8340
NPExdUF5jXSKZhMWQNDEHdP3Gt2xSrF0/+fWZO76vxTdm1Zsz0VvC/WM0TTdRlUD
w3ffabkyygPrYsTYFhWPscET4IPz8TjxSvBFLCYKUhbnFQl15oo0G11RJmhYmDB0
P2utim5TsC9W8GTQQNXTNB5XEOIEvLEXnXVfiSBSSMVokC5T7cdiggUVfxxKkvBG
hf0YcCXIqevWXA3AOG83s4jt7KgqjJjQix+Th6pQKHj+0kFHTTw4msgumpzJwXoD
Ev5fd6ZJN+d72DzkMBy7Yo2G/ZZOdGBoJmk+Io30StbEz/XpBkupR7yg1TiFAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUPxUYhsXJksjUIjy+AmKhIuqrE6IwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjcxOTYwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdfm
MA0GCSqGSIb3DQEBCwUAA4IBAQCD0SvW2/aa+BGE1KLyoZJvvvrHdX4oABvW1SIV
c4tKqv7B3u0BW0jfCLfQ5yB0DS1ZClDuNwFxGzanEYUO03oHRAYvDOOFb2aB5atq
jkeYbJVqh+75CTb8FQmxHge7oBIAuDBCGnUnsuvQyRcg4sGIWucjCPTAxSAHYAhv
ZHxZ2W3VpLAnzzUw1WykXlLnlFZ+SzAmUI/VtXwyHOzNYqbpLL5YPiUdcBsXnd5t
kg4uW6HeIneafRobjwhJkHhXcG3pBVt6rwQXv8zo026Kw6fI5C39MBfsTP9/ovFe
OUAaJSL3MBOylaWtAD1Q3dWFbNGiMpoDaqJSl+8W0oF1V7Ew
-----END CERTIFICATE-----