Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS272073.roa
File:                     AS272073.roa (raw, json)
Hash identifier:          AfagM/rC9YaBRx07xCpVbcnkJXusmT7/WE3UulhNdWQ=
Subject key identifier:   66:E9:7E:02:8F:89:25:A4:12:DA:2E:B6:25:D9:57:28:0F:C2:52:43
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       2C9C712023115C65636A11254A86BD5C2F84B5A1
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS272073.roa
Signing time:             Thu 04 Jul 2024 19:11:22 +0000
ROA not before:           Thu 04 Jul 2024 19:06:22 +0000
ROA not after:            Thu 03 Jul 2025 19:11:22 +0000
asID:                     272073
IP address blocks:        191.101.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:9c:71:20:23:11:5c:65:63:6a:11:25:4a:86:bd:5c:2f:84:b5:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul  4 19:06:22 2024 GMT
            Not After : Jul  3 19:11:22 2025 GMT
        Subject: CN=66E97E028F8925A412DA2EB625D957280FC25243
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:ba:f9:78:c6:d5:ab:ea:ba:20:b0:93:24:59:
                    26:9b:64:44:7a:bb:35:8f:09:08:88:60:12:9c:20:
                    ce:d7:5d:de:be:4c:5c:80:4c:79:18:22:2d:47:59:
                    89:0b:ff:c4:2b:18:0f:6f:91:f3:d4:8b:5b:50:09:
                    4b:c9:8e:e9:b3:96:d1:dc:57:33:fd:8a:a0:79:dc:
                    59:4f:cd:71:0f:f5:c3:1f:c4:c8:21:30:88:61:84:
                    f4:39:67:ce:8d:07:6a:78:48:ba:b4:6f:72:54:57:
                    b9:c2:9e:91:b0:4a:bc:f7:e6:a1:16:56:4d:2c:08:
                    dc:46:4c:48:5d:ef:42:cb:0f:3f:b7:1d:65:0a:cd:
                    04:40:de:89:73:cf:a3:5f:91:e4:b8:53:27:96:26:
                    7e:81:e0:12:a4:3b:7b:e6:ad:c6:f8:cf:f8:49:7f:
                    5a:9c:01:ed:10:59:79:79:eb:d5:8f:45:df:aa:a8:
                    84:2c:8c:ea:92:c1:d1:c9:e1:c9:7b:e9:37:71:b0:
                    0c:1f:a8:c2:ae:80:b5:6c:3a:a0:82:ad:03:6a:88:
                    42:a6:d4:f4:9e:ac:32:d3:68:db:f3:60:e4:b5:59:
                    ca:68:c0:b2:f7:2c:9e:23:72:59:f7:ed:bb:12:3e:
                    7a:31:ba:c4:e0:87:07:ef:ff:db:47:09:42:66:b0:
                    e6:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:E9:7E:02:8F:89:25:A4:12:DA:2E:B6:25:D9:57:28:0F:C2:52:43
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS272073.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:13:50:ff:9b:19:54:f3:dc:f8:07:e2:a3:ac:f8:b5:a2:6a:
         43:7c:c2:0a:fa:ab:92:ed:db:43:ee:b9:02:55:aa:22:ad:1f:
         ce:02:58:85:76:f9:80:a6:df:57:b5:ad:b1:8c:99:86:2d:22:
         54:0d:f7:eb:84:f8:ff:5f:4d:60:53:70:97:4f:c5:b1:df:1e:
         44:43:13:da:13:a3:48:36:c8:18:63:1d:e3:79:b4:91:1f:bd:
         cd:fe:6d:34:54:5e:18:35:ef:13:d9:89:4c:3d:47:44:1b:78:
         c3:af:cd:db:7b:45:1b:f6:99:8b:7e:00:1d:7a:9f:d3:45:14:
         a2:70:3b:0c:4c:b2:ef:63:6e:d4:1d:91:40:6c:05:70:08:65:
         f8:6d:79:6d:c6:5a:00:ff:dc:d2:b9:48:03:1e:f3:41:76:69:
         08:11:89:83:f4:d8:48:ca:69:b0:6c:af:ca:eb:da:86:d0:e9:
         83:27:85:23:7d:af:4b:c4:a0:fa:a2:19:09:7a:a2:c4:fc:ea:
         22:95:38:ab:62:c8:be:58:d4:db:b2:82:09:8b:a0:2a:dd:77:
         df:00:f7:e2:5c:cf:a3:eb:08:16:34:b1:1b:f7:99:4c:5f:21:
         29:7b:42:c3:1c:2f:8c:61:61:5a:b8:21:89:3d:fa:5e:75:8b:
         9a:ea:4d:25
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIULJxxICMRXGVjahElSoa9XC+EtaEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA3MDQxOTA2MjJaFw0yNTA3MDMxOTExMjJaMDMxMTAvBgNV
BAMTKDY2RTk3RTAyOEY4OTI1QTQxMkRBMkVCNjI1RDk1NzI4MEZDMjUyNDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkuvl4xtWr6rogsJMkWSabZER6
uzWPCQiIYBKcIM7XXd6+TFyATHkYIi1HWYkL/8QrGA9vkfPUi1tQCUvJjumzltHc
VzP9iqB53FlPzXEP9cMfxMghMIhhhPQ5Z86NB2p4SLq0b3JUV7nCnpGwSrz35qEW
Vk0sCNxGTEhd70LLDz+3HWUKzQRA3olzz6NfkeS4UyeWJn6B4BKkO3vmrcb4z/hJ
f1qcAe0QWXl569WPRd+qqIQsjOqSwdHJ4cl76TdxsAwfqMKugLVsOqCCrQNqiEKm
1PSerDLTaNvzYOS1WcpowLL3LJ4jcln37bsSPnoxusTghwfv/9tHCUJmsOYFAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUZul+Ao+JJaQS2i62JdlXKA/CUkMwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjcyMDczLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2U/
MA0GCSqGSIb3DQEBCwUAA4IBAQAkE1D/mxlU89z4B+KjrPi1ompDfMIK+quS7dtD
7rkCVaoirR/OAliFdvmApt9Xta2xjJmGLSJUDffrhPj/X01gU3CXT8Wx3x5EQxPa
E6NINsgYYx3jebSRH73N/m00VF4YNe8T2YlMPUdEG3jDr83be0Ub9pmLfgAdep/T
RRSicDsMTLLvY27UHZFAbAVwCGX4bXltxloA/9zSuUgDHvNBdmkIEYmD9NhIymmw
bK/K69qG0OmDJ4Ujfa9LxKD6ohkJeqLE/OoilTirYsi+WNTbsoIJi6Aq3XffAPfi
XM+j6wgWNLEb95lMXyEpe0LDHC+MYWFauCGJPfpedYua6k0l
-----END CERTIFICATE-----