Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS272649.roa
File:                     AS272649.roa (raw, json)
Hash identifier:          jLsjtAjnxrEuhkykMhNSFrcrIgKPJyGGrn+2Fqk6Kws=
Subject key identifier:   88:83:99:05:7D:D3:72:5B:C6:70:87:E6:25:86:B9:34:14:11:2E:45
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       52883B413B84F4A6830BFF4C46209B263FB5F85A
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS272649.roa
Signing time:             Sun 12 Jan 2025 00:57:16 +0000
ROA not before:           Sun 12 Jan 2025 00:52:16 +0000
ROA not after:            Sun 11 Jan 2026 00:57:16 +0000
asID:                     272649
IP address blocks:        191.96.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 19:35:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:88:3b:41:3b:84:f4:a6:83:0b:ff:4c:46:20:9b:26:3f:b5:f8:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 12 00:52:16 2025 GMT
            Not After : Jan 11 00:57:16 2026 GMT
        Subject: CN=888399057DD3725BC67087E62586B93414112E45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:76:b0:34:4b:3a:49:a3:75:9c:05:2b:9f:8e:
                    a8:c2:90:3c:9e:a6:03:d0:7e:1d:86:5a:00:f9:86:
                    ed:0f:f4:75:34:01:af:7b:5d:ce:dd:e2:b7:bf:8e:
                    65:4d:68:62:d5:f3:9e:2c:ec:9c:a6:08:91:f9:74:
                    5d:11:77:b3:45:9f:ce:4a:f4:27:16:4a:90:5e:b4:
                    66:c3:69:8c:2c:b0:70:e2:16:af:70:39:28:2c:38:
                    95:93:5f:82:a9:29:1e:be:3c:57:55:e5:0e:49:75:
                    74:d7:fa:64:12:1c:ce:a9:88:96:13:83:e4:59:c3:
                    7d:c0:50:71:d7:30:66:17:ff:d9:6b:e2:a2:cd:e1:
                    a5:1d:b7:a1:09:66:64:b3:1d:43:62:65:6e:03:2a:
                    ba:ac:62:97:1e:f8:aa:9e:d2:4e:e9:11:82:76:93:
                    2c:5d:90:a4:09:d5:71:c3:71:d2:b5:60:64:1f:e0:
                    9e:36:16:14:d1:a4:41:5e:ab:d3:cc:88:79:2c:c3:
                    59:af:1f:17:23:86:1a:03:52:71:aa:db:17:23:7f:
                    b7:0e:04:ee:82:18:b7:c8:3e:1d:69:b9:82:97:5d:
                    32:9b:32:a1:86:10:6f:28:9c:a9:4c:a7:f1:8b:5f:
                    b8:17:02:34:f0:24:d9:72:26:ef:72:e8:ac:26:85:
                    3f:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:83:99:05:7D:D3:72:5B:C6:70:87:E6:25:86:B9:34:14:11:2E:45
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS272649.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:bf:22:06:d5:cf:f1:81:96:b0:0c:57:db:58:25:e4:04:70:
         e8:a1:cd:ad:99:cc:f6:5a:2e:b6:f5:43:79:19:a1:7c:ec:63:
         c3:42:de:f2:51:e1:de:80:4f:a3:3a:a1:0e:8a:d3:b3:e4:ee:
         55:f4:da:af:0c:62:67:e5:95:37:db:35:1c:7d:fb:93:37:d5:
         ad:c9:5f:dc:88:85:cb:fe:e5:8b:7b:e1:ac:2e:86:5b:61:fc:
         ad:44:8d:52:f0:f5:94:80:d7:a8:93:d7:f2:d0:85:93:a7:01:
         34:da:02:60:8f:8a:6b:71:5d:08:68:e9:ef:38:d8:ab:a9:20:
         92:99:1c:f0:5d:4b:13:89:10:9e:f9:76:c8:28:12:e3:a9:9f:
         7f:8c:1c:9c:3f:6d:8f:91:97:e9:3f:d9:2a:1d:af:02:8b:f9:
         f4:e6:95:28:b5:dd:d9:06:d2:8d:10:bb:70:8e:2c:3b:d6:97:
         e3:74:0f:9f:d9:c5:f5:5f:f3:c1:bf:ef:4e:1f:86:a3:4f:9b:
         3b:fd:33:ea:d8:9c:d8:1e:6e:d1:61:9c:9a:3a:6f:69:97:69:
         33:2e:d3:58:45:21:f8:74:5a:f6:49:b9:26:ea:b4:d8:e5:3b:
         b4:74:2c:bd:88:ac:c1:0f:03:71:4b:5a:a6:63:8c:e4:04:54:
         bd:16:48:f8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUUog7QTuE9KaDC/9MRiCbJj+1+FowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAxMTIwMDUyMTZaFw0yNjAxMTEwMDU3MTZaMDMxMTAvBgNV
BAMTKDg4ODM5OTA1N0REMzcyNUJDNjcwODdFNjI1ODZCOTM0MTQxMTJFNDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2drA0SzpJo3WcBSufjqjCkDye
pgPQfh2GWgD5hu0P9HU0Aa97Xc7d4re/jmVNaGLV854s7JymCJH5dF0Rd7NFn85K
9CcWSpBetGbDaYwssHDiFq9wOSgsOJWTX4KpKR6+PFdV5Q5JdXTX+mQSHM6piJYT
g+RZw33AUHHXMGYX/9lr4qLN4aUdt6EJZmSzHUNiZW4DKrqsYpce+Kqe0k7pEYJ2
kyxdkKQJ1XHDcdK1YGQf4J42FhTRpEFeq9PMiHksw1mvHxcjhhoDUnGq2xcjf7cO
BO6CGLfIPh1puYKXXTKbMqGGEG8onKlMp/GLX7gXAjTwJNlyJu9y6KwmhT9jAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUiIOZBX3TclvGcIfmJYa5NBQRLkUwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjcyNjQ5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2CJ
MA0GCSqGSIb3DQEBCwUAA4IBAQATvyIG1c/xgZawDFfbWCXkBHDooc2tmcz2Wi62
9UN5GaF87GPDQt7yUeHegE+jOqEOitOz5O5V9NqvDGJn5ZU32zUcffuTN9WtyV/c
iIXL/uWLe+GsLoZbYfytRI1S8PWUgNeok9fy0IWTpwE02gJgj4prcV0IaOnvONir
qSCSmRzwXUsTiRCe+XbIKBLjqZ9/jBycP22PkZfpP9kqHa8Ci/n05pUotd3ZBtKN
ELtwjiw71pfjdA+f2cX1X/PBv+9OH4ajT5s7/TPq2JzYHm7RYZyaOm9pl2kzLtNY
RSH4dFr2Sbkm6rTY5Tu0dCy9iKzBDwNxS1qmY4zkBFS9Fkj4
-----END CERTIFICATE-----