Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS271965.roa
File:                     AS271965.roa (raw, json)
Hash identifier:          JLR+sTxdV6btIGg7cf6p5UDg0NQL2iO0NBf+j/YKHMA=
Subject key identifier:   A0:09:5D:A7:D4:7A:19:B3:3A:88:9A:E7:53:24:0D:DD:51:54:46:7A
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4EE977A3D8DC4408DC1F9BF5C069C76CCC42A4C1
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS271965.roa
Signing time:             Wed 05 Jun 2024 14:05:18 +0000
ROA not before:           Wed 05 Jun 2024 14:00:18 +0000
ROA not after:            Wed 04 Jun 2025 14:05:18 +0000
asID:                     271965
IP address blocks:        191.101.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:e9:77:a3:d8:dc:44:08:dc:1f:9b:f5:c0:69:c7:6c:cc:42:a4:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun  5 14:00:18 2024 GMT
            Not After : Jun  4 14:05:18 2025 GMT
        Subject: CN=A0095DA7D47A19B33A889AE753240DDD5154467A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:74:5a:a1:da:bd:3f:ca:81:80:89:7c:86:80:
                    cc:ff:92:13:9f:3d:08:78:03:a3:b0:cf:4b:28:48:
                    bd:64:72:6d:30:90:1a:4b:c4:f7:ec:99:64:70:cd:
                    b7:8d:a4:00:37:92:1f:0d:c5:74:3e:07:43:92:14:
                    95:cb:4c:88:7f:2c:2f:60:8f:0e:ef:81:d8:63:54:
                    df:ad:8b:8a:3f:c4:6d:6d:66:ed:69:e1:0c:cb:57:
                    a0:c8:13:b4:4e:3e:1e:03:35:6c:96:14:82:29:50:
                    b9:3c:4a:8f:cb:b2:2a:c9:fd:46:9e:38:50:87:e3:
                    57:f9:be:7d:0b:30:9e:26:d6:83:64:9f:f1:a0:3f:
                    f8:c1:72:eb:5c:c6:7b:3e:ec:9d:18:89:9a:2f:2f:
                    81:c8:69:c3:7e:bd:74:5c:ff:64:ba:01:cf:ed:c8:
                    a9:52:0d:eb:53:31:34:7e:a8:26:09:04:d2:b3:92:
                    95:b6:05:fd:77:f1:ac:e6:3b:a2:9f:57:65:6a:a8:
                    05:32:33:11:76:85:43:1b:eb:af:eb:60:d6:da:3c:
                    2f:f5:d5:aa:b1:b9:96:11:a7:4e:9e:af:32:d7:a6:
                    ae:71:6d:c5:df:bf:8a:ec:26:5d:e1:27:99:06:b7:
                    db:19:25:ca:f9:32:18:cc:55:e8:a3:52:43:03:48:
                    bd:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:09:5D:A7:D4:7A:19:B3:3A:88:9A:E7:53:24:0D:DD:51:54:46:7A
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS271965.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:62:0f:95:f9:3b:8e:54:1b:46:57:bf:ab:ef:e2:a0:99:70:
         1e:68:1d:bb:a9:19:8e:19:55:9e:54:80:d2:d3:21:ae:49:ae:
         ea:5a:5c:42:db:a7:ff:b3:e5:9c:b7:95:2f:c4:a9:f1:12:49:
         de:de:39:07:65:77:5e:a3:64:f9:aa:8c:cf:eb:6d:d4:76:a5:
         33:92:5b:9b:69:7c:01:03:cb:8b:27:a8:1a:ec:ec:47:81:37:
         02:64:50:07:1d:6d:29:1c:6b:78:ea:93:c0:dc:9b:13:43:2c:
         4e:6f:48:64:05:54:cc:de:22:69:6e:92:27:ac:e8:0c:bb:6c:
         37:71:12:75:5f:d6:b2:4c:32:9c:45:b7:7a:2e:45:a7:f9:c9:
         72:fd:d1:a6:54:23:ab:98:37:95:bf:3c:4b:2a:0a:e9:e0:6f:
         5d:c5:b6:9e:3c:93:5b:ae:ad:f9:b9:1f:37:d8:2d:74:21:2a:
         37:08:c3:70:ae:be:e9:5b:67:0c:ca:be:22:d6:2c:25:52:88:
         a0:6f:f2:b1:02:9b:64:18:2d:57:f4:c8:bc:91:2f:c3:1c:b0:
         ac:58:50:fa:8d:e5:b9:5a:99:b4:43:08:aa:f6:d2:d8:65:73:
         1f:c0:ae:57:30:13:33:a6:90:ef:67:f3:f4:50:22:6a:c7:f8:
         ba:c1:c6:0d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUTul3o9jcRAjcH5v1wGnHbMxCpMEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA2MDUxNDAwMThaFw0yNTA2MDQxNDA1MThaMDMxMTAvBgNV
BAMTKEEwMDk1REE3RDQ3QTE5QjMzQTg4OUFFNzUzMjQwRERENTE1NDQ2N0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQdFqh2r0/yoGAiXyGgMz/khOf
PQh4A6Owz0soSL1kcm0wkBpLxPfsmWRwzbeNpAA3kh8NxXQ+B0OSFJXLTIh/LC9g
jw7vgdhjVN+ti4o/xG1tZu1p4QzLV6DIE7ROPh4DNWyWFIIpULk8So/LsirJ/Uae
OFCH41f5vn0LMJ4m1oNkn/GgP/jBcutcxns+7J0YiZovL4HIacN+vXRc/2S6Ac/t
yKlSDetTMTR+qCYJBNKzkpW2Bf138azmO6KfV2VqqAUyMxF2hUMb66/rYNbaPC/1
1aqxuZYRp06erzLXpq5xbcXfv4rsJl3hJ5kGt9sZJcr5MhjMVeijUkMDSL0RAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUoAldp9R6GbM6iJrnUyQN3VFURnowHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjcxOTY1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2Um
MA0GCSqGSIb3DQEBCwUAA4IBAQClYg+V+TuOVBtGV7+r7+KgmXAeaB27qRmOGVWe
VIDS0yGuSa7qWlxC26f/s+Wct5UvxKnxEkne3jkHZXdeo2T5qozP623UdqUzklub
aXwBA8uLJ6ga7OxHgTcCZFAHHW0pHGt46pPA3JsTQyxOb0hkBVTM3iJpbpInrOgM
u2w3cRJ1X9ayTDKcRbd6LkWn+cly/dGmVCOrmDeVvzxLKgrp4G9dxbaePJNbrq35
uR832C10ISo3CMNwrr7pW2cMyr4i1iwlUoigb/KxAptkGC1X9Mi8kS/DHLCsWFD6
jeW5Wpm0Qwiq9tLYZXMfwK5XMBMzppDvZ/P0UCJqx/i6wcYN
-----END CERTIFICATE-----