Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS272470.roa
File:                     AS272470.roa (raw, json)
Hash identifier:          QU80nfWXGicLuYse2XgF+rvKX9I6+9nJk/MuAfNgQ0E=
Subject key identifier:   39:18:0C:AE:B7:B9:FE:51:F1:59:BC:58:AB:F0:03:5C:AD:FD:0F:8F
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       46D531E7582697C50C6462B50E4BF4D3C95EAC08
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS272470.roa
Signing time:             Wed 31 Jan 2024 08:05:09 +0000
ROA not before:           Wed 31 Jan 2024 08:00:09 +0000
ROA not after:            Wed 29 Jan 2025 08:05:09 +0000
asID:                     272470
IP address blocks:        191.101.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:d5:31:e7:58:26:97:c5:0c:64:62:b5:0e:4b:f4:d3:c9:5e:ac:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:09 2024 GMT
            Not After : Jan 29 08:05:09 2025 GMT
        Subject: CN=39180CAEB7B9FE51F159BC58ABF0035CADFD0F8F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:4c:fa:82:8e:96:49:aa:44:22:69:f8:ec:5c:
                    e3:2f:9a:17:33:78:35:f5:61:c2:68:c0:66:45:e4:
                    24:c0:5b:69:75:7a:e8:6e:18:61:d5:b8:4b:67:98:
                    26:07:46:15:af:b9:81:c1:f9:af:b5:a0:d3:64:34:
                    d1:36:a4:44:e6:c6:59:7f:43:e6:a1:0f:79:71:36:
                    05:1f:1e:44:eb:2f:d5:66:d1:df:cb:b6:bd:1b:f1:
                    9f:05:c9:c6:be:00:b5:ab:18:4c:1e:a0:b0:47:ed:
                    b1:e1:31:78:74:eb:93:7e:97:6a:b4:99:3d:78:9c:
                    2c:4a:79:22:56:c0:8b:43:6d:0e:33:a4:97:f7:0f:
                    3a:bf:d9:0e:ad:4c:5d:47:3c:18:80:4f:ae:22:f9:
                    e3:88:b2:52:5d:06:90:c2:18:42:7e:8b:d9:9d:42:
                    d0:b0:96:c4:3d:01:c6:52:35:99:f3:3a:84:28:56:
                    05:86:ff:70:e7:fe:ea:84:15:6f:c0:5a:90:29:4d:
                    d8:8b:45:39:c4:10:f6:db:4f:74:91:db:68:7c:35:
                    34:e5:d0:f9:b0:84:5d:ca:c0:59:bb:c7:33:d3:77:
                    eb:1b:68:37:d7:b1:91:b6:cb:cf:59:76:d9:57:a1:
                    9b:37:89:4c:16:0a:49:0c:96:6a:80:fb:89:43:6a:
                    15:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:18:0C:AE:B7:B9:FE:51:F1:59:BC:58:AB:F0:03:5C:AD:FD:0F:8F
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS272470.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:81:91:c7:dd:b6:4b:82:d6:35:7d:ae:5a:f6:08:21:97:3e:
         b9:5e:3f:24:d2:4c:46:68:6a:8d:d8:ff:19:58:58:bd:0b:a9:
         97:97:9e:22:a9:d8:93:3f:00:83:a4:4a:11:3e:eb:4e:3a:6c:
         3f:e2:05:f8:e7:da:b2:84:4b:63:fe:d1:cb:db:df:47:28:72:
         5d:5d:1d:0d:e1:fc:0f:76:e3:c8:3c:7d:8a:9f:01:54:69:33:
         73:42:97:54:7d:4a:6a:a6:a2:42:32:43:5e:e7:ec:6a:82:af:
         5f:61:70:63:d5:2a:ec:01:ae:f4:50:39:68:29:87:1e:7c:9f:
         64:7e:95:fe:d2:83:62:23:bf:7a:ba:b0:39:ff:a5:3b:fb:16:
         85:14:98:d8:19:ef:4c:6e:1e:37:dd:66:68:91:f3:f7:84:63:
         0c:5f:5b:07:46:46:8d:a3:60:7f:37:57:44:ca:5c:23:ad:3f:
         45:17:73:76:c4:61:05:f0:4c:a2:b9:d0:16:f9:4a:87:c6:c5:
         8a:3f:11:8c:7a:a7:d2:5b:6e:40:7f:9e:14:40:24:39:59:c1:
         79:d8:ef:70:fb:4c:16:37:c1:ec:a6:ae:39:38:22:45:b2:48:
         49:ba:f0:f4:1c:a3:2d:b5:e5:c7:33:71:a7:19:52:42:74:d5:
         2d:8e:7e:f9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURtUx51gml8UMZGK1Dkv008lerAgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMDlaFw0yNTAxMjkwODA1MDlaMDMxMTAvBgNV
BAMTKDM5MTgwQ0FFQjdCOUZFNTFGMTU5QkM1OEFCRjAwMzVDQURGRDBGOEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWTPqCjpZJqkQiafjsXOMvmhcz
eDX1YcJowGZF5CTAW2l1euhuGGHVuEtnmCYHRhWvuYHB+a+1oNNkNNE2pETmxll/
Q+ahD3lxNgUfHkTrL9Vm0d/Ltr0b8Z8Fyca+ALWrGEweoLBH7bHhMXh065N+l2q0
mT14nCxKeSJWwItDbQ4zpJf3Dzq/2Q6tTF1HPBiAT64i+eOIslJdBpDCGEJ+i9md
QtCwlsQ9AcZSNZnzOoQoVgWG/3Dn/uqEFW/AWpApTdiLRTnEEPbbT3SR22h8NTTl
0PmwhF3KwFm7xzPTd+sbaDfXsZG2y89ZdtlXoZs3iUwWCkkMlmqA+4lDahXHAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUORgMrre5/lHxWbxYq/ADXK39D48wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjcyNDcwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2WH
MA0GCSqGSIb3DQEBCwUAA4IBAQAugZHH3bZLgtY1fa5a9gghlz65Xj8k0kxGaGqN
2P8ZWFi9C6mXl54iqdiTPwCDpEoRPutOOmw/4gX459qyhEtj/tHL299HKHJdXR0N
4fwPduPIPH2KnwFUaTNzQpdUfUpqpqJCMkNe5+xqgq9fYXBj1SrsAa70UDloKYce
fJ9kfpX+0oNiI796urA5/6U7+xaFFJjYGe9Mbh433WZokfP3hGMMX1sHRkaNo2B/
N1dEylwjrT9FF3N2xGEF8EyiudAW+UqHxsWKPxGMeqfSW25Af54UQCQ5WcF52O9w
+0wWN8Hspq45OCJFskhJuvD0HKMtteXHM3GnGVJCdNUtjn75
-----END CERTIFICATE-----