Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS271978.roa
File:                     AS271978.roa (raw, json)
Hash identifier:          DVTbJnDyz8g7LLWuYbeg1fMAvIXc14uKQGPin24invk=
Subject key identifier:   90:7F:89:A5:91:49:B6:77:91:EB:CB:1E:AF:97:BF:66:A5:1E:82:36
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       25F7892D89E0308BB3A18B33B02C2098B7347644
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS271978.roa
Signing time:             Wed 01 Jan 2025 08:53:49 +0000
ROA not before:           Wed 01 Jan 2025 08:48:49 +0000
ROA not after:            Wed 31 Dec 2025 08:53:49 +0000
asID:                     271978
IP address blocks:        181.215.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:f7:89:2d:89:e0:30:8b:b3:a1:8b:33:b0:2c:20:98:b7:34:76:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan  1 08:48:49 2025 GMT
            Not After : Dec 31 08:53:49 2025 GMT
        Subject: CN=907F89A59149B67791EBCB1EAF97BF66A51E8236
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:f7:39:98:92:3a:92:c2:8a:4f:4e:77:a5:18:
                    b4:f6:ea:87:8c:d4:43:63:35:77:4a:eb:66:e6:45:
                    8e:16:72:43:c1:49:1e:c3:98:9b:73:0e:c1:94:bc:
                    4b:d7:39:b0:3c:e5:f6:39:0c:e2:0c:a6:5c:23:91:
                    38:bc:1d:1d:21:46:d4:cc:7f:7b:b3:a7:10:cf:56:
                    d9:5d:60:b2:11:ad:84:e5:ac:87:18:6b:3c:cd:9d:
                    08:2b:59:0e:f7:97:78:b7:a1:c6:f8:03:bd:43:97:
                    34:76:2d:79:28:62:4c:fe:1a:13:a0:af:1c:77:fe:
                    e9:a3:73:cd:91:40:ae:82:46:8b:6d:3a:27:14:57:
                    9d:46:b4:f8:82:3f:2c:60:20:b7:2d:a2:ce:8e:84:
                    09:10:9b:7e:54:de:51:f7:9d:8a:8f:2b:dd:b8:55:
                    5e:2f:21:62:8c:77:cb:45:88:40:13:d2:cb:15:6e:
                    a2:93:28:c4:71:f5:40:1e:81:ac:5a:c8:9f:a7:d5:
                    a6:c7:1b:5f:7e:fc:e4:3b:fd:c9:47:d8:e8:7d:57:
                    d6:58:1f:61:7e:43:c1:0a:1a:56:11:2a:58:be:95:
                    c2:ee:ad:8a:5c:34:0e:12:9e:cd:13:df:44:a4:f3:
                    57:09:eb:d7:44:4b:a6:ea:c8:a6:6d:12:df:09:f6:
                    c5:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:7F:89:A5:91:49:B6:77:91:EB:CB:1E:AF:97:BF:66:A5:1E:82:36
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS271978.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:61:8a:df:b7:29:09:d1:c2:f3:0b:b3:db:11:69:c5:c5:4b:
         13:b5:68:3b:b9:95:53:47:8d:be:0f:fa:df:d7:22:06:ef:13:
         fe:f4:e8:82:39:a5:99:61:b6:1d:b5:99:bf:74:13:8c:cf:58:
         2f:df:0e:18:bf:05:76:42:f2:d3:6c:75:99:1b:3e:90:cc:4e:
         57:fd:91:b3:f0:b7:f2:ce:c8:b8:7d:a5:d2:7b:ef:9c:ef:eb:
         43:17:96:16:1b:e0:83:d8:5e:20:72:42:50:38:d2:62:a9:d2:
         a5:e4:19:0e:56:b6:a5:55:6c:2a:1a:13:bf:af:f3:30:1e:aa:
         d3:99:ef:a1:c0:6c:c7:01:69:a8:2a:67:c1:a4:27:2c:5c:50:
         7f:3f:21:39:77:69:41:60:04:1a:4c:ba:50:79:40:17:0b:72:
         3a:53:55:6b:7f:d6:ab:09:3a:31:bb:16:2a:65:52:47:0d:48:
         10:8e:03:01:62:82:4b:02:8e:a2:0e:5e:9d:88:f6:d5:29:7a:
         02:7d:03:96:d4:35:80:0f:39:e8:60:8a:af:e8:db:01:dc:01:
         20:ca:b9:4d:84:22:6c:47:db:b6:92:12:9c:90:75:c7:99:1b:
         a0:ca:6f:6a:4c:33:f0:1b:7d:e0:02:23:55:2a:96:26:eb:67:
         11:3b:5c:80
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUJfeJLYngMIuzoYszsCwgmLc0dkQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAxMDEwODQ4NDlaFw0yNTEyMzEwODUzNDlaMDMxMTAvBgNV
BAMTKDkwN0Y4OUE1OTE0OUI2Nzc5MUVCQ0IxRUFGOTdCRjY2QTUxRTgyMzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCl9zmYkjqSwopPTnelGLT26oeM
1ENjNXdK62bmRY4WckPBSR7DmJtzDsGUvEvXObA85fY5DOIMplwjkTi8HR0hRtTM
f3uzpxDPVtldYLIRrYTlrIcYazzNnQgrWQ73l3i3ocb4A71DlzR2LXkoYkz+GhOg
rxx3/umjc82RQK6CRottOicUV51GtPiCPyxgILctos6OhAkQm35U3lH3nYqPK924
VV4vIWKMd8tFiEAT0ssVbqKTKMRx9UAegaxayJ+n1abHG19+/OQ7/clH2Oh9V9ZY
H2F+Q8EKGlYRKli+lcLurYpcNA4Sns0T30Sk81cJ69dES6bqyKZtEt8J9sWRAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUkH+JpZFJtneR68ser5e/ZqUegjYwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjcxOTc4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdfx
MA0GCSqGSIb3DQEBCwUAA4IBAQClYYrftykJ0cLzC7PbEWnFxUsTtWg7uZVTR42+
D/rf1yIG7xP+9OiCOaWZYbYdtZm/dBOMz1gv3w4YvwV2QvLTbHWZGz6QzE5X/ZGz
8Lfyzsi4faXSe++c7+tDF5YWG+CD2F4gckJQONJiqdKl5BkOVralVWwqGhO/r/Mw
HqrTme+hwGzHAWmoKmfBpCcsXFB/PyE5d2lBYAQaTLpQeUAXC3I6U1Vrf9arCTox
uxYqZVJHDUgQjgMBYoJLAo6iDl6diPbVKXoCfQOW1DWADznoYIqv6NsB3AEgyrlN
hCJsR9u2khKckHXHmRugym9qTDPwG33gAiNVKpYm62cRO1yA
-----END CERTIFICATE-----