Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS273847.roa
File:                     AS273847.roa (raw, json)
Hash identifier:          tuzrdPEJO50FcG0yItkzNp4BSPuuwbpV7uON2iKdLYA=
Subject key identifier:   EA:56:10:58:C9:E8:D6:DF:43:E1:FD:03:D6:D4:3F:8A:67:0F:14:D0
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       07773BB5D0F6A77D7813E7DB6BF0D8263933510E
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS273847.roa
Signing time:             Sat 14 Dec 2024 00:21:00 +0000
ROA not before:           Sat 14 Dec 2024 00:16:00 +0000
ROA not after:            Sat 13 Dec 2025 00:21:00 +0000
asID:                     273847
IP address blocks:        181.41.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 19:35:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:77:3b:b5:d0:f6:a7:7d:78:13:e7:db:6b:f0:d8:26:39:33:51:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Dec 14 00:16:00 2024 GMT
            Not After : Dec 13 00:21:00 2025 GMT
        Subject: CN=EA561058C9E8D6DF43E1FD03D6D43F8A670F14D0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:fd:31:a7:f8:da:4a:28:b4:0f:f4:28:4b:22:
                    c6:c5:a3:d1:aa:48:30:c6:db:d9:9d:3c:89:58:28:
                    90:b5:37:86:c8:ae:db:82:f0:b2:b4:40:80:99:d0:
                    ed:2c:91:1b:2f:72:cd:52:eb:a2:e2:d0:5e:3f:22:
                    b1:11:5a:a2:fb:78:c5:fe:3e:9e:e6:58:79:d0:d6:
                    8e:8f:ac:e3:78:3f:aa:15:99:b1:0a:75:57:ee:2f:
                    8e:e4:2b:74:2b:0e:f7:76:f4:93:5c:46:f2:80:57:
                    c9:ee:90:98:ef:ae:84:48:92:04:78:be:32:20:13:
                    49:6b:91:b5:a9:84:e5:7c:36:a5:c2:12:ef:29:9b:
                    ac:da:fc:d6:d5:e3:07:0d:60:76:f1:6f:56:3b:13:
                    e2:bc:6d:43:6b:98:9f:48:7c:cc:61:29:ee:c3:28:
                    af:6a:b5:39:ca:a9:2f:8f:00:a7:dd:73:6c:63:98:
                    7e:61:1c:d4:95:7e:47:8f:cd:0d:3d:6c:87:12:ac:
                    2e:a7:ab:59:cc:22:26:af:8b:34:dd:c3:0a:ae:c4:
                    29:42:db:08:56:71:00:50:36:1b:b7:6d:e6:8f:6f:
                    5b:aa:bf:27:b4:52:64:fc:40:9b:97:fa:95:f3:a6:
                    b3:65:a6:cb:47:32:7a:96:c5:ce:b3:83:a2:86:2d:
                    43:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:56:10:58:C9:E8:D6:DF:43:E1:FD:03:D6:D4:3F:8A:67:0F:14:D0
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS273847.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.41.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:f4:0d:3f:82:a3:d3:74:9f:af:8a:a6:ca:24:d3:8c:fe:b5:
         13:d9:0a:a6:f8:96:2b:14:61:9b:12:75:f5:3b:bc:3e:9d:24:
         db:3d:d7:f3:a6:60:c9:3f:b5:94:a5:6b:40:51:dc:eb:d1:20:
         2f:f6:02:50:a0:c4:76:7d:0c:f1:fa:9b:57:e0:d8:d8:7b:3c:
         15:0a:07:e7:13:28:30:c8:89:91:ae:92:b6:2c:73:42:b1:d8:
         e9:65:b1:fc:4e:41:81:3f:1e:7c:3a:8c:75:a9:b3:e5:e9:24:
         d4:cc:cd:28:f0:30:9f:1d:1b:2b:db:d8:97:2d:af:30:f1:4a:
         ee:8e:c8:31:13:68:60:12:e8:e2:62:3c:d9:91:20:91:62:c8:
         02:ab:ba:7c:56:76:c1:d4:02:d8:ee:8e:32:a7:c3:a5:4a:46:
         11:c4:01:5c:e3:be:53:66:98:53:b2:f0:7d:29:0c:43:6f:80:
         8f:30:96:bf:7f:17:ad:09:0c:34:3d:d6:38:4b:cd:4e:57:8d:
         28:26:2d:f6:59:79:70:ac:ff:8a:7f:5a:1d:3e:e1:e4:06:90:
         80:d6:2a:f6:de:7c:2b:be:5a:1d:77:97:d0:ee:2b:da:e1:c0:
         30:eb:40:2a:0d:1b:af:a5:29:8b:99:08:1b:eb:8c:a8:61:ff:
         2f:9a:ff:2d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUB3c7tdD2p314E+fba/DYJjkzUQ4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDEyMTQwMDE2MDBaFw0yNTEyMTMwMDIxMDBaMDMxMTAvBgNV
BAMTKEVBNTYxMDU4QzlFOEQ2REY0M0UxRkQwM0Q2RDQzRjhBNjcwRjE0RDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+/TGn+NpKKLQP9ChLIsbFo9Gq
SDDG29mdPIlYKJC1N4bIrtuC8LK0QICZ0O0skRsvcs1S66Li0F4/IrERWqL7eMX+
Pp7mWHnQ1o6PrON4P6oVmbEKdVfuL47kK3QrDvd29JNcRvKAV8nukJjvroRIkgR4
vjIgE0lrkbWphOV8NqXCEu8pm6za/NbV4wcNYHbxb1Y7E+K8bUNrmJ9IfMxhKe7D
KK9qtTnKqS+PAKfdc2xjmH5hHNSVfkePzQ09bIcSrC6nq1nMIiavizTdwwquxClC
2whWcQBQNhu3beaPb1uqvye0UmT8QJuX+pXzprNlpstHMnqWxc6zg6KGLUO7AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU6lYQWMno1t9D4f0D1tQ/imcPFNAwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjczODQ3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtSnH
MA0GCSqGSIb3DQEBCwUAA4IBAQBJ9A0/gqPTdJ+viqbKJNOM/rUT2Qqm+JYrFGGb
EnX1O7w+nSTbPdfzpmDJP7WUpWtAUdzr0SAv9gJQoMR2fQzx+ptX4NjYezwVCgfn
EygwyImRrpK2LHNCsdjpZbH8TkGBPx58Oox1qbPl6STUzM0o8DCfHRsr29iXLa8w
8UrujsgxE2hgEujiYjzZkSCRYsgCq7p8VnbB1ALY7o4yp8OlSkYRxAFc475TZphT
svB9KQxDb4CPMJa/fxetCQw0PdY4S81OV40oJi32WXlwrP+Kf1odPuHkBpCA1ir2
3nwrvlodd5fQ7iva4cAw60AqDRuvpSmLmQgb64yoYf8vmv8t
-----END CERTIFICATE-----