Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS272696.roa
File:                     AS272696.roa (raw, json)
Hash identifier:          NWL0Nf+n+AZSN+nJiFCHTYmRl2munhuFBDHJjZk4FrY=
Subject key identifier:   26:1D:F4:5F:D8:2E:FF:F0:91:6B:91:2D:D8:C2:3E:03:66:17:38:46
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       420C9C32FC44AB8EDEB0CBF5DF3CC4D88852D60C
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS272696.roa
Signing time:             Thu 05 Dec 2024 17:10:37 +0000
ROA not before:           Thu 05 Dec 2024 17:05:37 +0000
ROA not after:            Thu 04 Dec 2025 17:10:37 +0000
asID:                     272696
IP address blocks:        181.215.4.0/24 maxlen: 24
                          191.96.156.0/24 maxlen: 24
                          191.101.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:0c:9c:32:fc:44:ab:8e:de:b0:cb:f5:df:3c:c4:d8:88:52:d6:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Dec  5 17:05:37 2024 GMT
            Not After : Dec  4 17:10:37 2025 GMT
        Subject: CN=261DF45FD82EFFF0916B912DD8C23E0366173846
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:d5:53:19:24:f9:07:c6:0c:c0:77:a5:d5:81:
                    2d:f2:24:19:1a:b7:91:0c:23:d6:ac:53:e3:bd:d3:
                    eb:19:29:44:ad:ea:ac:84:bc:1b:02:08:4f:2b:ef:
                    12:fc:0c:b6:5d:c2:ab:50:4a:6a:51:67:97:ae:f5:
                    66:cc:07:21:87:27:d9:ff:0e:28:07:d9:0e:09:0e:
                    82:49:92:85:d6:44:6f:5c:07:c2:de:11:30:53:46:
                    8f:49:d6:fd:a4:fc:9c:1e:78:5c:49:3c:d3:01:55:
                    bc:51:cc:22:27:fb:29:2a:87:16:32:4f:64:29:d4:
                    33:7b:c5:2d:7c:31:6b:68:a0:c2:b5:e7:c5:6f:10:
                    ab:f9:07:b4:49:3b:a4:71:d8:71:6a:ea:a7:b2:24:
                    b6:26:07:b2:a1:3e:e1:15:63:93:8f:e9:81:53:d9:
                    5c:0e:e9:7f:a0:3e:9c:20:83:a5:2e:db:c0:56:f7:
                    49:a2:0b:ec:71:ef:e0:2f:b2:09:dd:f2:4c:e9:7c:
                    a5:a4:4f:2a:ba:bd:5f:eb:88:c0:de:f7:66:a8:e2:
                    33:36:05:e4:c7:35:5d:a4:ad:ea:05:6d:04:54:5c:
                    68:1a:0c:de:58:36:1c:87:e5:99:0e:f1:e8:17:46:
                    a5:99:d5:a4:3a:59:bd:ff:09:e5:99:a6:07:c7:86:
                    69:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:1D:F4:5F:D8:2E:FF:F0:91:6B:91:2D:D8:C2:3E:03:66:17:38:46
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS272696.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.4.0/24
                  191.96.156.0/24
                  191.101.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:7f:c1:c5:6f:e3:ed:f0:d1:29:0d:f9:10:66:6d:b2:78:2f:
         95:cd:15:55:18:de:1c:c5:d3:65:8b:e1:b1:7d:42:f1:6a:3c:
         ba:c3:06:44:3f:f5:9f:b9:9f:83:fb:f3:5c:3c:88:ae:91:17:
         ad:6a:ff:ce:f0:2b:55:71:b6:b2:1a:8d:d5:af:c8:b2:9b:cf:
         cd:33:e9:63:65:c2:c0:6a:24:a8:dd:0b:15:8a:61:ba:f2:94:
         37:b8:b0:f0:b4:e4:7c:a3:88:6a:03:40:e4:19:6e:0d:0d:51:
         83:3d:4d:83:6a:5d:e0:29:a3:f8:e0:83:51:1d:9b:d3:25:e1:
         04:99:da:94:8e:36:86:64:60:04:1e:3d:f5:fb:d7:63:58:fd:
         8c:f5:bc:ba:93:b3:ea:2b:78:30:88:07:37:8e:de:fd:03:ee:
         c7:28:ad:40:71:fe:37:0a:2f:5d:51:ad:22:87:7b:10:85:b1:
         68:f9:74:70:bc:a4:ae:cd:bc:7b:63:70:e3:ac:2c:bb:8e:bd:
         5e:71:bb:e3:8f:28:4c:c0:c1:dc:19:71:69:dc:6b:1c:3a:c0:
         f7:f4:0a:b3:5a:df:ef:4a:1d:dc:22:ab:cb:de:39:85:b8:2b:
         0a:93:9c:67:6b:ca:71:36:ec:82:45:d4:d5:b4:fe:0f:f4:e0:
         03:b1:c1:b4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUQgycMvxEq47esMv13zzE2IhS1gwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDEyMDUxNzA1MzdaFw0yNTEyMDQxNzEwMzdaMDMxMTAvBgNV
BAMTKDI2MURGNDVGRDgyRUZGRjA5MTZCOTEyREQ4QzIzRTAzNjYxNzM4NDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCd1VMZJPkHxgzAd6XVgS3yJBka
t5EMI9asU+O90+sZKUSt6qyEvBsCCE8r7xL8DLZdwqtQSmpRZ5eu9WbMByGHJ9n/
DigH2Q4JDoJJkoXWRG9cB8LeETBTRo9J1v2k/JweeFxJPNMBVbxRzCIn+ykqhxYy
T2Qp1DN7xS18MWtooMK158VvEKv5B7RJO6Rx2HFq6qeyJLYmB7KhPuEVY5OP6YFT
2VwO6X+gPpwgg6Uu28BW90miC+xx7+Avsgnd8kzpfKWkTyq6vV/riMDe92ao4jM2
BeTHNV2kreoFbQRUXGgaDN5YNhyH5ZkO8egXRqWZ1aQ6Wb3/CeWZpgfHhmnbAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUJh30X9gu//CRa5Et2MI+A2YXOEYwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjcyNjk2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAtdcE
AwQAv2CcAwQAv2WjMA0GCSqGSIb3DQEBCwUAA4IBAQACf8HFb+Pt8NEpDfkQZm2y
eC+VzRVVGN4cxdNli+GxfULxajy6wwZEP/WfuZ+D+/NcPIiukRetav/O8CtVcbay
Go3Vr8iym8/NM+ljZcLAaiSo3QsVimG68pQ3uLDwtOR8o4hqA0DkGW4NDVGDPU2D
al3gKaP44INRHZvTJeEEmdqUjjaGZGAEHj31+9djWP2M9by6k7PqK3gwiAc3jt79
A+7HKK1Acf43Ci9dUa0ih3sQhbFo+XRwvKSuzbx7Y3DjrCy7jr1ecbvjjyhMwMHc
GXFp3GscOsD39AqzWt/vSh3cIqvL3jmFuCsKk5xna8pxNuyCRdTVtP4P9OADscG0
-----END CERTIFICATE-----