Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS272470.roa
File:                     AS272470.roa (raw, json)
Hash identifier:          JGJMKBa/mEzDfJc9xqT6Zow0F8PbiwrbKW9wfFD+8UA=
Subject key identifier:   3B:7D:0F:C4:1D:C7:84:0B:24:6C:16:A4:83:BD:FF:7C:A9:69:1E:32
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5AE56EEC3B29BD536441B5C9EFBC42F7ECFAE3C6
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS272470.roa
Signing time:             Tue 07 Jan 2025 14:42:35 +0000
ROA not before:           Tue 07 Jan 2025 14:37:35 +0000
ROA not after:            Tue 06 Jan 2026 14:42:35 +0000
asID:                     272470
IP address blocks:        181.215.22.0/24 maxlen: 24
                          191.101.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:e5:6e:ec:3b:29:bd:53:64:41:b5:c9:ef:bc:42:f7:ec:fa:e3:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan  7 14:37:35 2025 GMT
            Not After : Jan  6 14:42:35 2026 GMT
        Subject: CN=3B7D0FC41DC7840B246C16A483BDFF7CA9691E32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:76:d3:0c:c6:07:3a:a1:13:81:b5:a2:18:7e:
                    a2:30:af:29:aa:71:09:05:d2:ce:46:be:78:3d:64:
                    2a:85:7c:e6:c5:4c:9b:cb:ca:d1:75:ac:ec:9b:61:
                    25:a1:8a:bd:67:7d:82:13:20:78:d2:48:c3:a8:b8:
                    4f:3b:d8:43:25:3b:05:88:d8:81:1b:7e:13:07:58:
                    80:8a:59:4e:5b:04:86:10:26:fe:c5:48:03:47:28:
                    f2:8e:0e:4c:46:d2:a3:14:0f:85:33:2c:67:24:a6:
                    ec:da:74:fa:dc:34:22:d3:03:29:26:85:c0:19:18:
                    c2:46:c5:3b:5b:34:0b:ad:c1:99:44:f1:2a:b6:63:
                    7c:c5:18:03:4d:de:43:ad:9b:95:3a:6f:20:47:4b:
                    e2:24:61:03:66:8b:c4:0d:be:51:91:9d:5d:eb:2c:
                    45:6b:a5:43:74:f1:5f:a7:9d:5e:ec:66:4c:64:3a:
                    4b:fa:62:1b:2b:a5:54:b7:69:a6:65:fe:bb:ab:54:
                    9c:ce:3e:fc:4c:8f:58:52:b2:02:b5:c7:e8:e7:dd:
                    4c:c0:c3:70:75:f1:c3:20:d5:ce:bf:f9:5a:3f:f0:
                    80:36:c5:53:45:f3:92:d3:be:47:c0:99:98:82:86:
                    fb:0c:92:0a:42:38:aa:44:fc:62:23:04:5b:38:07:
                    5e:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:7D:0F:C4:1D:C7:84:0B:24:6C:16:A4:83:BD:FF:7C:A9:69:1E:32
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS272470.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.22.0/24
                  191.101.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:2f:9f:04:91:c7:32:3d:60:fe:b5:4e:f7:e1:a0:56:c9:39:
         fb:71:74:a0:85:b7:f6:19:6b:46:ba:f8:46:d4:b0:59:e5:11:
         b0:70:7e:9d:cb:70:35:e3:5b:94:05:38:eb:2d:77:5b:f5:a4:
         b7:d3:30:05:04:e8:af:a2:81:50:6b:f2:fd:bd:28:38:7f:84:
         a1:c4:77:28:66:e3:c0:eb:50:ee:49:dc:e2:4f:67:de:e8:3b:
         d4:6a:31:f8:2a:aa:e1:d3:49:da:dc:7f:2a:e5:65:42:0a:37:
         4d:db:4e:8b:a7:02:c6:20:e9:4a:7c:20:0a:dc:0e:77:c0:1b:
         63:76:e5:41:d6:0e:ce:c7:01:10:e2:1b:2e:85:a7:34:5e:14:
         36:48:b4:bb:05:f2:9c:c7:63:4c:1a:0c:c8:cb:03:f5:82:91:
         dc:89:44:07:d5:bc:6f:3d:6d:53:10:05:bd:6e:10:63:cb:21:
         7a:66:c5:f1:f8:a5:e3:ab:a9:68:8e:29:23:0c:94:9c:df:3e:
         27:4e:3d:cc:3e:c6:2a:06:5a:83:fa:42:a6:82:f7:38:c2:97:
         38:e0:fd:49:76:50:8f:10:a0:38:f9:67:be:22:2a:35:aa:99:
         b7:24:a0:1d:c6:c4:54:28:7e:61:98:d2:fb:9a:1f:a0:5d:59:
         6b:08:64:e4
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUWuVu7DspvVNkQbXJ77xC9+z648YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAxMDcxNDM3MzVaFw0yNjAxMDYxNDQyMzVaMDMxMTAvBgNV
BAMTKDNCN0QwRkM0MURDNzg0MEIyNDZDMTZBNDgzQkRGRjdDQTk2OTFFMzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDndtMMxgc6oROBtaIYfqIwrymq
cQkF0s5Gvng9ZCqFfObFTJvLytF1rOybYSWhir1nfYITIHjSSMOouE872EMlOwWI
2IEbfhMHWICKWU5bBIYQJv7FSANHKPKODkxG0qMUD4UzLGckpuzadPrcNCLTAykm
hcAZGMJGxTtbNAutwZlE8Sq2Y3zFGANN3kOtm5U6byBHS+IkYQNmi8QNvlGRnV3r
LEVrpUN08V+nnV7sZkxkOkv6YhsrpVS3aaZl/rurVJzOPvxMj1hSsgK1x+jn3UzA
w3B18cMg1c6/+Vo/8IA2xVNF85LTvkfAmZiChvsMkgpCOKpE/GIjBFs4B161AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUO30PxB3HhAskbBakg73/fKlpHjIwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjcyNDcwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAtdcW
AwQAv2WHMA0GCSqGSIb3DQEBCwUAA4IBAQANL58EkccyPWD+tU734aBWyTn7cXSg
hbf2GWtGuvhG1LBZ5RGwcH6dy3A141uUBTjrLXdb9aS30zAFBOivooFQa/L9vSg4
f4ShxHcoZuPA61DuSdziT2fe6DvUajH4Kqrh00na3H8q5WVCCjdN206LpwLGIOlK
fCAK3A53wBtjduVB1g7OxwEQ4hsuhac0XhQ2SLS7BfKcx2NMGgzIywP1gpHciUQH
1bxvPW1TEAW9bhBjyyF6ZsXx+KXjq6lojikjDJSc3z4nTj3MPsYqBlqD+kKmgvc4
wpc44P1JdlCPEKA4+We+Iio1qpm3JKAdxsRUKH5hmNL7mh+gXVlrCGTk
-----END CERTIFICATE-----