Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS273602.roa
File:                     AS273602.roa (raw, json)
Hash identifier:          Ah71ThrVMVjnYW4aSgbq3YZN3Ac8QYVH5i83YOEzTXU=
Subject key identifier:   05:1E:ED:BA:D7:E6:40:56:32:23:F6:73:9C:AB:9D:7D:54:5A:71:EB
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6CCC80D08B8714EBC769F2545EF5D5AC5739C1C5
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS273602.roa
Signing time:             Wed 13 Dec 2023 13:25:46 +0000
ROA not before:           Wed 13 Dec 2023 13:20:46 +0000
ROA not after:            Wed 11 Dec 2024 13:25:46 +0000
asID:                     273602
IP address blocks:        179.61.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:cc:80:d0:8b:87:14:eb:c7:69:f2:54:5e:f5:d5:ac:57:39:c1:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Dec 13 13:20:46 2023 GMT
            Not After : Dec 11 13:25:46 2024 GMT
        Subject: CN=051EEDBAD7E640563223F6739CAB9D7D545A71EB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:4b:f9:6b:2b:64:0b:5f:62:88:62:ee:6d:fc:
                    a1:a7:54:79:0c:fb:88:f4:8f:c0:e8:51:bd:34:7b:
                    b9:5a:b6:88:ea:65:7a:d1:82:15:28:7f:45:9e:52:
                    10:f2:1a:bc:5a:42:35:03:9e:bc:f1:46:22:00:a3:
                    47:e0:ea:54:74:f7:3a:bd:03:ee:fe:a5:49:00:0c:
                    5e:cd:b1:b5:42:bc:cc:06:be:e8:fc:92:e3:8c:25:
                    f0:36:3a:1b:d7:c2:f4:fd:07:a8:0d:4c:6c:42:57:
                    9b:84:14:85:4f:d6:75:1e:b8:77:93:47:c2:2c:e9:
                    9b:87:e9:a3:a0:9a:a4:f4:1d:46:2b:8d:b8:b4:c7:
                    58:13:a4:b3:b9:1f:72:31:02:a2:12:0e:b2:99:cd:
                    ea:9d:a5:d1:42:eb:69:c3:80:87:90:0b:81:e6:4e:
                    7b:06:38:82:ea:77:ba:b3:26:98:86:54:8d:6b:8e:
                    46:2d:20:fe:6d:5b:a5:4b:2b:1c:d8:79:d8:ff:a7:
                    02:cb:c2:54:a8:b3:6e:1b:c0:f8:1f:bf:04:fa:28:
                    de:a9:99:2c:f6:ef:2f:15:69:1f:8b:7b:b9:e3:ad:
                    cb:c4:c8:40:83:14:85:27:6c:e9:9d:b4:ce:5c:42:
                    67:bd:3e:d2:38:bc:60:90:ed:40:4e:d1:5f:d1:8d:
                    ec:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:1E:ED:BA:D7:E6:40:56:32:23:F6:73:9C:AB:9D:7D:54:5A:71:EB
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS273602.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:29:a2:e3:fc:69:33:4e:80:83:81:fa:89:cd:c5:08:a3:24:
         e3:48:ab:57:78:a4:1d:9b:cb:16:65:6b:74:e9:5d:86:88:a4:
         98:83:63:59:83:46:e7:f1:c4:4e:04:43:a0:c1:e7:e0:96:27:
         33:95:78:04:8d:cb:d9:c7:bf:62:16:db:08:9b:94:33:f8:17:
         f8:08:62:80:4c:53:6c:ee:77:e7:07:00:5c:19:f8:ad:d9:3f:
         0e:dd:b7:34:4b:81:55:7f:30:4f:b2:a3:c1:94:0d:be:7f:26:
         72:ab:9b:79:f0:f6:d7:cf:13:db:80:96:50:02:87:5b:7e:6e:
         22:02:a7:9a:83:05:bf:6f:4d:e2:2a:ed:28:13:08:d8:c2:87:
         b7:a8:d7:8a:ec:81:32:47:4d:6a:a0:39:a1:60:ac:e3:37:9a:
         ad:ad:d8:ce:40:4a:05:9b:d0:05:29:40:73:96:b3:b3:64:61:
         bf:3a:c2:2c:d5:f4:87:18:21:0f:bd:82:5f:eb:5f:b4:97:ac:
         53:21:0a:6b:0d:b4:b3:c8:9d:20:91:75:2d:69:76:c4:fd:b3:
         3c:2e:47:4e:9a:94:ae:80:00:77:bf:64:60:3c:79:79:b3:f9:
         7b:4f:31:cd:89:00:af:df:84:32:ea:f7:0e:62:95:0e:9b:c4:
         08:f0:7d:07
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUbMyA0IuHFOvHafJUXvXVrFc5wcUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzEyMTMxMzIwNDZaFw0yNDEyMTExMzI1NDZaMDMxMTAvBgNV
BAMTKDA1MUVFREJBRDdFNjQwNTYzMjIzRjY3MzlDQUI5RDdENTQ1QTcxRUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfS/lrK2QLX2KIYu5t/KGnVHkM
+4j0j8DoUb00e7latojqZXrRghUof0WeUhDyGrxaQjUDnrzxRiIAo0fg6lR09zq9
A+7+pUkADF7NsbVCvMwGvuj8kuOMJfA2OhvXwvT9B6gNTGxCV5uEFIVP1nUeuHeT
R8Is6ZuH6aOgmqT0HUYrjbi0x1gTpLO5H3IxAqISDrKZzeqdpdFC62nDgIeQC4Hm
TnsGOILqd7qzJpiGVI1rjkYtIP5tW6VLKxzYedj/pwLLwlSos24bwPgfvwT6KN6p
mSz27y8VaR+Le7njrcvEyECDFIUnbOmdtM5cQme9PtI4vGCQ7UBO0V/Rjey5AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUBR7tutfmQFYyI/ZznKudfVRaceswHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjczNjAyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsz3z
MA0GCSqGSIb3DQEBCwUAA4IBAQABKaLj/GkzToCDgfqJzcUIoyTjSKtXeKQdm8sW
ZWt06V2GiKSYg2NZg0bn8cROBEOgwefgliczlXgEjcvZx79iFtsIm5Qz+Bf4CGKA
TFNs7nfnBwBcGfit2T8O3bc0S4FVfzBPsqPBlA2+fyZyq5t58PbXzxPbgJZQAodb
fm4iAqeagwW/b03iKu0oEwjYwoe3qNeK7IEyR01qoDmhYKzjN5qtrdjOQEoFm9AF
KUBzlrOzZGG/OsIs1fSHGCEPvYJf61+0l6xTIQprDbSzyJ0gkXUtaXbE/bM8LkdO
mpSugAB3v2RgPHl5s/l7TzHNiQCv34Qy6vcOYpUOm8QI8H0H
-----END CERTIFICATE-----