Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS397540.roa
File:                     AS397540.roa (raw, json)
Hash identifier:          E5tZeUvMkczUV/C02bbwJ8Bgu8x3iKA4bd0PANxXpKk=
Subject key identifier:   93:72:51:6D:F3:60:E4:87:D4:F6:4B:82:20:6E:34:4D:69:16:86:20
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6C22CD0F284EEDBDE9E93110CF65F63E75EB87D9
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS397540.roa
Signing time:             Wed 31 Jan 2024 08:05:11 +0000
ROA not before:           Wed 31 Jan 2024 08:00:11 +0000
ROA not after:            Wed 29 Jan 2025 08:05:11 +0000
asID:                     397540
IP address blocks:        181.215.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:22:cd:0f:28:4e:ed:bd:e9:e9:31:10:cf:65:f6:3e:75:eb:87:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:11 2024 GMT
            Not After : Jan 29 08:05:11 2025 GMT
        Subject: CN=9372516DF360E487D4F64B82206E344D69168620
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ed:80:d9:78:08:35:74:bf:84:29:10:aa:02:
                    2d:d1:44:b7:e6:60:5f:b8:93:fd:74:de:2b:35:54:
                    5a:d4:ba:c5:84:1a:31:c1:18:bf:42:8e:ad:76:7f:
                    14:97:32:cb:8e:65:c4:65:d6:76:e3:43:4e:20:b3:
                    4f:f7:6d:3e:8f:55:e5:0b:af:9e:26:66:d4:a1:5e:
                    40:14:ee:8c:7b:b6:92:34:1e:9b:a0:e5:d7:2a:cf:
                    3d:f8:10:9c:c8:33:cc:b4:c5:36:62:1e:89:72:a9:
                    a4:0e:21:44:d3:f6:58:c1:14:eb:65:9f:05:02:a1:
                    58:be:67:f7:b3:cd:3b:42:9f:16:e0:4a:03:8c:af:
                    54:82:2b:65:50:a6:67:04:d6:c5:b8:b6:0c:e6:9a:
                    c8:14:96:c6:76:b1:cf:89:1c:e7:f6:65:dc:f0:51:
                    95:0f:fb:0e:85:e3:d0:6a:79:a1:7b:75:74:35:73:
                    ca:53:dc:22:c5:ab:3d:cb:02:08:eb:aa:26:37:8b:
                    dd:d6:18:b5:33:ef:6d:00:da:2f:20:77:0f:f5:6a:
                    c3:4e:9a:e5:7e:3b:30:34:eb:55:88:40:b1:f8:f3:
                    b6:05:f4:9d:37:c9:1c:a6:5d:3a:62:a9:32:55:40:
                    21:43:76:2a:54:21:6b:4f:98:2e:fb:b8:f5:7c:2f:
                    9d:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:72:51:6D:F3:60:E4:87:D4:F6:4B:82:20:6E:34:4D:69:16:86:20
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS397540.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:80:9e:08:2d:22:94:d7:e4:96:7c:90:84:e3:62:bb:65:7a:
         8e:08:65:5b:e6:73:68:81:4f:7f:20:91:cf:31:cd:7f:d0:b5:
         a8:42:0b:6e:0b:18:7d:5a:f1:cd:33:f2:07:67:de:19:a2:9b:
         f1:ac:cd:5e:4e:54:59:7f:49:51:39:0e:8c:75:eb:8d:e2:86:
         fd:44:05:a4:53:05:0e:36:fe:b0:78:c9:a3:5d:0e:7e:94:d7:
         a0:ac:93:0a:bd:5c:3b:40:6b:0c:2f:33:0c:49:56:d8:02:01:
         a9:7c:ba:59:97:72:0e:58:42:e9:9d:7a:b1:34:74:c2:86:78:
         61:de:a5:af:23:6d:3b:e1:45:d2:00:65:b9:f7:9d:a3:85:da:
         42:94:89:da:f6:38:22:2c:e6:62:46:36:11:a4:92:4b:eb:bf:
         31:d5:50:4f:7d:f6:65:92:94:5e:e1:ed:a8:f7:92:26:f0:ab:
         b6:e1:4a:dd:c2:11:9f:36:b3:40:33:e0:a4:a4:ab:1a:59:0a:
         70:2c:43:c0:19:f9:3a:66:5b:c8:e8:78:ca:9b:cf:4e:a9:e7:
         60:11:0f:c6:84:13:0d:86:85:d3:b5:c7:c7:75:7a:1e:45:38:
         97:97:62:d4:16:a8:97:1d:72:68:36:2e:84:6f:6b:3d:26:cf:
         6b:1e:0a:ff
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUbCLNDyhO7b3p6TEQz2X2PnXrh9kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMTFaFw0yNTAxMjkwODA1MTFaMDMxMTAvBgNV
BAMTKDkzNzI1MTZERjM2MEU0ODdENEY2NEI4MjIwNkUzNDRENjkxNjg2MjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC47YDZeAg1dL+EKRCqAi3RRLfm
YF+4k/103is1VFrUusWEGjHBGL9Cjq12fxSXMsuOZcRl1nbjQ04gs0/3bT6PVeUL
r54mZtShXkAU7ox7tpI0Hpug5dcqzz34EJzIM8y0xTZiHolyqaQOIUTT9ljBFOtl
nwUCoVi+Z/ezzTtCnxbgSgOMr1SCK2VQpmcE1sW4tgzmmsgUlsZ2sc+JHOf2Zdzw
UZUP+w6F49BqeaF7dXQ1c8pT3CLFqz3LAgjrqiY3i93WGLUz720A2i8gdw/1asNO
muV+OzA061WIQLH487YF9J03yRymXTpiqTJVQCFDdipUIWtPmC77uPV8L51PAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUk3JRbfNg5IfU9kuCIG40TWkWhiAwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzk3NTQwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdc0
MA0GCSqGSIb3DQEBCwUAA4IBAQBKgJ4ILSKU1+SWfJCE42K7ZXqOCGVb5nNogU9/
IJHPMc1/0LWoQgtuCxh9WvHNM/IHZ94ZopvxrM1eTlRZf0lROQ6MdeuN4ob9RAWk
UwUONv6weMmjXQ5+lNegrJMKvVw7QGsMLzMMSVbYAgGpfLpZl3IOWELpnXqxNHTC
hnhh3qWvI2074UXSAGW5952jhdpClIna9jgiLOZiRjYRpJJL678x1VBPffZlkpRe
4e2o95Im8Ku24UrdwhGfNrNAM+CkpKsaWQpwLEPAGfk6ZlvI6HjKm89OqedgEQ/G
hBMNhoXTtcfHdXoeRTiXl2LUFqiXHXJoNi6Eb2s9Js9rHgr/
-----END CERTIFICATE-----