Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS273113.roa
File:                     AS273113.roa (raw, json)
Hash identifier:          H97J8EgTXR5r38Q+gU+d5vRfz2CQwjZ8VJgdBt2/6yQ=
Subject key identifier:   30:23:37:2A:11:90:B6:F1:9D:2C:F3:0F:8E:33:24:47:BF:74:75:E8
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       59582A57E045053DA59F7A4027B8683D67885A83
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS273113.roa
Signing time:             Wed 10 Jan 2024 12:54:26 +0000
ROA not before:           Wed 10 Jan 2024 12:49:26 +0000
ROA not after:            Wed 08 Jan 2025 12:54:26 +0000
asID:                     273113
IP address blocks:        191.96.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:58:2a:57:e0:45:05:3d:a5:9f:7a:40:27:b8:68:3d:67:88:5a:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 10 12:49:26 2024 GMT
            Not After : Jan  8 12:54:26 2025 GMT
        Subject: CN=3023372A1190B6F19D2CF30F8E332447BF7475E8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:5c:9a:45:73:6c:46:f0:0d:be:bd:18:4a:d9:
                    0c:68:00:0f:21:45:ea:0e:5f:83:bc:4f:e0:10:74:
                    4e:8c:58:c7:67:8f:66:db:cf:87:ed:32:8a:72:10:
                    be:d6:47:aa:8d:ea:25:51:c7:52:50:ec:45:08:9d:
                    55:f1:a5:69:d5:97:f6:e0:37:09:85:79:11:91:5c:
                    46:4c:40:24:9c:72:c8:79:e7:06:19:3d:2f:3f:8d:
                    92:04:c7:ac:61:90:7d:5e:e0:57:b4:b3:af:56:09:
                    1d:ac:db:7e:35:db:5b:15:39:bf:8a:f5:93:4c:9b:
                    a9:1f:af:a6:70:ca:e2:11:51:00:1d:2f:85:c4:35:
                    1c:a5:4d:fa:ab:be:b7:f2:0f:96:bd:70:24:23:dd:
                    64:41:a9:d4:d6:21:3c:72:be:a8:c6:49:fe:a4:72:
                    ca:9d:46:22:3a:da:3a:8f:13:a8:23:b9:68:70:5e:
                    9f:ca:9e:31:6a:d1:79:f2:0a:1a:05:df:41:dd:72:
                    d3:52:56:17:95:04:02:a9:13:19:0d:67:9c:3d:97:
                    20:4d:16:bf:30:6f:59:ba:a9:e4:2a:90:c2:5d:0b:
                    21:8c:a7:b2:10:3a:cb:c0:64:ca:ef:e1:4a:0d:5b:
                    90:db:27:1f:6a:63:76:d5:fe:6f:fa:ee:5c:c6:69:
                    89:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:23:37:2A:11:90:B6:F1:9D:2C:F3:0F:8E:33:24:47:BF:74:75:E8
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS273113.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:f1:0f:b9:fc:a0:ae:ae:6f:f8:c7:a3:e2:c9:2e:f5:1f:e0:
         6f:25:22:6b:69:61:d8:89:f9:56:76:89:e4:75:2a:c5:fd:25:
         46:b1:e9:59:87:11:2a:00:86:fc:48:ce:18:62:74:d5:6d:8e:
         f3:d7:f0:32:ff:35:63:87:75:6a:e3:2f:19:47:a9:a2:ac:fe:
         7d:55:6e:13:de:e1:80:a9:4a:4a:67:08:f6:18:68:2f:65:82:
         77:b1:15:da:04:b4:2f:24:b2:ac:77:9b:9e:ae:97:28:7c:cf:
         fc:98:7b:f0:c4:10:9a:67:ff:de:9c:7c:b9:80:cf:9b:0a:a3:
         18:70:ad:a7:4f:ec:15:05:43:a3:fd:0d:d1:53:bf:6f:d6:02:
         7f:7f:df:18:db:2f:fe:1b:89:6a:b7:a2:b0:43:25:3a:7b:ea:
         60:11:27:f1:90:e2:53:3e:5a:8d:74:85:84:9b:c5:52:68:34:
         c5:4d:06:41:50:17:a1:0e:05:a7:aa:93:01:95:53:1e:1a:83:
         f3:9d:5b:fb:84:a3:e8:68:4b:15:d5:03:cd:6d:7d:fb:8d:47:
         f8:99:61:c1:e2:21:26:91:83:c8:68:8a:2e:49:1e:3f:d7:56:
         c3:4d:5e:12:22:da:53:48:dd:79:b8:f1:a0:53:c1:4e:c6:13:
         48:4e:55:88
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUWVgqV+BFBT2ln3pAJ7hoPWeIWoMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMTAxMjQ5MjZaFw0yNTAxMDgxMjU0MjZaMDMxMTAvBgNV
BAMTKDMwMjMzNzJBMTE5MEI2RjE5RDJDRjMwRjhFMzMyNDQ3QkY3NDc1RTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlXJpFc2xG8A2+vRhK2QxoAA8h
ReoOX4O8T+AQdE6MWMdnj2bbz4ftMopyEL7WR6qN6iVRx1JQ7EUInVXxpWnVl/bg
NwmFeRGRXEZMQCSccsh55wYZPS8/jZIEx6xhkH1e4Fe0s69WCR2s234121sVOb+K
9ZNMm6kfr6ZwyuIRUQAdL4XENRylTfqrvrfyD5a9cCQj3WRBqdTWITxyvqjGSf6k
csqdRiI62jqPE6gjuWhwXp/KnjFq0XnyChoF30HdctNSVheVBAKpExkNZ5w9lyBN
Fr8wb1m6qeQqkMJdCyGMp7IQOsvAZMrv4UoNW5DbJx9qY3bV/m/67lzGaYltAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUMCM3KhGQtvGdLPMPjjMkR790degwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjczMTEzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2Ck
MA0GCSqGSIb3DQEBCwUAA4IBAQCp8Q+5/KCurm/4x6PiyS71H+BvJSJraWHYiflW
donkdSrF/SVGselZhxEqAIb8SM4YYnTVbY7z1/Ay/zVjh3Vq4y8ZR6mirP59VW4T
3uGAqUpKZwj2GGgvZYJ3sRXaBLQvJLKsd5uerpcofM/8mHvwxBCaZ//enHy5gM+b
CqMYcK2nT+wVBUOj/Q3RU79v1gJ/f98Y2y/+G4lqt6KwQyU6e+pgESfxkOJTPlqN
dIWEm8VSaDTFTQZBUBehDgWnqpMBlVMeGoPznVv7hKPoaEsV1QPNbX37jUf4mWHB
4iEmkYPIaIouSR4/11bDTV4SItpTSN15uPGgU8FOxhNITlWI
-----END CERTIFICATE-----