Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS399709.roa
File:                     AS399709.roa (raw, json)
Hash identifier:          LDz6uC2hKcs3KpkyyIxmZwXSAz9w7bgrMdU6xSIZvQ4=
Subject key identifier:   B7:28:09:91:1B:50:43:96:D1:90:FC:69:BE:64:F7:F0:CD:5A:2F:5B
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       2977C5674D3CE05D3E7F839B33E0DD598BD3FF92
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS399709.roa
Signing time:             Wed 31 Jan 2024 08:05:11 +0000
ROA not before:           Wed 31 Jan 2024 08:00:11 +0000
ROA not after:            Wed 29 Jan 2025 08:05:11 +0000
asID:                     399709
IP address blocks:        181.215.237.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:77:c5:67:4d:3c:e0:5d:3e:7f:83:9b:33:e0:dd:59:8b:d3:ff:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:11 2024 GMT
            Not After : Jan 29 08:05:11 2025 GMT
        Subject: CN=B72809911B504396D190FC69BE64F7F0CD5A2F5B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:fa:76:e5:61:b8:ee:31:4f:61:a6:8e:38:fd:
                    5a:59:b8:da:d6:4b:60:38:bf:c1:58:6e:5f:95:8e:
                    ea:6e:1a:98:72:ac:8e:5c:c0:7c:2a:d8:ed:8b:f1:
                    cd:a4:39:39:65:d7:76:42:50:8e:7a:4a:fd:35:d8:
                    b7:0e:26:51:d5:03:03:19:ff:48:e8:da:cc:fe:a3:
                    c8:26:54:fd:30:c8:06:c9:dd:af:a3:e9:e5:bb:c4:
                    1b:84:2c:5d:4a:b7:2d:23:a6:f4:da:14:e4:d5:8c:
                    fe:ba:cc:7b:61:ee:3a:ad:15:dd:7f:7e:ca:bb:88:
                    eb:83:66:81:8a:73:7c:d2:51:1b:54:6d:ad:3c:b5:
                    25:88:35:5a:61:6c:db:23:68:45:a9:bc:34:13:54:
                    f6:c9:55:50:4c:11:94:9e:84:0f:52:4c:00:03:14:
                    b0:11:18:ca:30:95:e3:0e:3b:26:3e:97:1c:5d:88:
                    50:aa:93:a0:b7:19:2b:07:c1:78:1e:e7:45:81:e1:
                    f6:a2:9e:ed:75:e5:26:a6:3b:b9:f0:a3:dd:60:49:
                    30:e2:08:8b:64:95:5d:0a:66:25:1d:f7:9f:31:90:
                    12:2f:7b:24:f7:f6:34:bb:f0:66:55:88:72:e0:65:
                    59:23:b1:bd:f3:c9:0b:ec:6a:1b:04:37:8c:0a:0f:
                    54:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:28:09:91:1B:50:43:96:D1:90:FC:69:BE:64:F7:F0:CD:5A:2F:5B
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS399709.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:a7:fd:15:e8:bc:a7:a2:8e:ff:da:d0:e4:0c:ef:a7:09:d4:
         44:fc:97:3f:aa:ba:1d:d4:73:87:b3:67:11:20:e1:74:f9:0c:
         2c:de:58:46:0a:62:fb:87:b7:08:54:be:e9:32:d1:da:27:41:
         ec:19:33:16:38:e5:41:b2:12:60:1b:09:90:ff:2e:13:02:b4:
         38:36:61:4c:bc:c6:94:c2:2d:ca:85:0e:73:42:9c:e5:2b:b9:
         c1:20:e6:35:85:ec:00:d6:37:fc:bd:47:ff:73:83:1f:cd:d4:
         d7:ae:eb:9d:38:9c:c6:cc:18:61:c2:58:6e:b4:ca:b3:04:7b:
         a1:00:0b:95:e6:f4:92:08:03:b3:91:41:a3:a0:86:42:17:d0:
         02:5e:ab:da:dc:74:f9:0d:aa:f6:4a:9c:7c:d3:19:ec:91:8f:
         32:8e:05:86:7b:1c:c9:b0:b3:43:cb:28:ee:bc:56:a9:84:26:
         b3:01:b4:c2:d5:57:11:f6:41:c3:43:84:43:15:9f:9d:11:50:
         ef:90:05:4c:d0:02:bf:2e:79:2c:25:e6:86:04:3f:2e:9f:0f:
         dc:83:1d:f8:cb:e4:93:fb:91:8d:9d:b5:72:10:56:27:42:29:
         ed:0e:35:73:63:0b:8b:8b:ac:7a:06:fe:68:bf:6d:84:cc:de:
         55:2a:dc:2f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUKXfFZ0084F0+f4ObM+DdWYvT/5IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMTFaFw0yNTAxMjkwODA1MTFaMDMxMTAvBgNV
BAMTKEI3MjgwOTkxMUI1MDQzOTZEMTkwRkM2OUJFNjRGN0YwQ0Q1QTJGNUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc+nblYbjuMU9hpo44/VpZuNrW
S2A4v8FYbl+VjupuGphyrI5cwHwq2O2L8c2kOTll13ZCUI56Sv012LcOJlHVAwMZ
/0jo2sz+o8gmVP0wyAbJ3a+j6eW7xBuELF1Kty0jpvTaFOTVjP66zHth7jqtFd1/
fsq7iOuDZoGKc3zSURtUba08tSWINVphbNsjaEWpvDQTVPbJVVBMEZSehA9STAAD
FLARGMowleMOOyY+lxxdiFCqk6C3GSsHwXge50WB4fainu115SamO7nwo91gSTDi
CItklV0KZiUd958xkBIveyT39jS78GZViHLgZVkjsb3zyQvsahsEN4wKD1RpAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUtygJkRtQQ5bRkPxpvmT38M1aL1swHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzk5NzA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdft
MA0GCSqGSIb3DQEBCwUAA4IBAQCup/0V6Lynoo7/2tDkDO+nCdRE/Jc/qrod1HOH
s2cRIOF0+Qws3lhGCmL7h7cIVL7pMtHaJ0HsGTMWOOVBshJgGwmQ/y4TArQ4NmFM
vMaUwi3KhQ5zQpzlK7nBIOY1hewA1jf8vUf/c4MfzdTXruudOJzGzBhhwlhutMqz
BHuhAAuV5vSSCAOzkUGjoIZCF9ACXqva3HT5Dar2Spx80xnskY8yjgWGexzJsLND
yyjuvFaphCazAbTC1VcR9kHDQ4RDFZ+dEVDvkAVM0AK/LnksJeaGBD8unw/cgx34
y+ST+5GNnbVyEFYnQintDjVzYwuLi6x6Bv5ov22EzN5VKtwv
-----END CERTIFICATE-----