Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS48274.roa
File:                     AS48274.roa (raw, json)
Hash identifier:          3KM6YZh52vKHqrqjr7FqKNRXJQozbSXXBGYsU4pNg70=
Subject key identifier:   09:F0:D7:74:22:72:5A:22:51:A8:A4:C1:F4:67:A8:A1:D4:6F:00:B1
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       78172E22DCA9F46E8B03189E52AFF69543BE1E4F
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS48274.roa
Signing time:             Wed 27 Mar 2024 10:51:36 +0000
ROA not before:           Wed 27 Mar 2024 10:46:36 +0000
ROA not after:            Wed 26 Mar 2025 10:51:36 +0000
asID:                     48274
IP address blocks:        181.214.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 04:39:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:17:2e:22:dc:a9:f4:6e:8b:03:18:9e:52:af:f6:95:43:be:1e:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 27 10:46:36 2024 GMT
            Not After : Mar 26 10:51:36 2025 GMT
        Subject: CN=09F0D77422725A2251A8A4C1F467A8A1D46F00B1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:68:40:96:b5:be:57:88:80:e5:43:5b:78:ed:
                    2f:be:b0:1c:8f:d2:98:4a:e5:56:b6:18:31:39:40:
                    08:7d:10:82:3d:f3:2e:cb:07:6c:09:fb:0a:59:cd:
                    0b:c4:bd:a5:0b:2d:6a:8f:ba:7d:46:bd:b1:de:b8:
                    af:39:23:f9:4e:ab:c3:54:f1:4a:ac:0e:ce:81:8f:
                    e9:08:1c:04:f4:1f:df:63:76:39:b3:da:76:50:30:
                    96:d8:07:38:9e:89:d0:d3:42:92:6a:75:6d:6c:fc:
                    22:8c:62:b2:e1:71:41:59:eb:06:f5:19:a5:c9:b8:
                    82:b9:56:e7:e9:8a:d9:db:36:ee:6d:53:c9:54:cc:
                    33:97:ff:91:20:5f:2f:c9:92:fe:7c:e3:f5:5a:f9:
                    52:cf:e5:a4:af:31:82:5f:2a:5a:50:e8:98:84:76:
                    c5:1a:d0:06:aa:c0:e1:16:ec:74:b6:86:a3:50:e4:
                    50:41:4f:7a:0a:02:8a:27:ff:db:b2:8f:b1:01:c7:
                    ed:db:b8:c7:98:60:b0:8b:76:0c:78:d1:02:d9:b9:
                    75:bc:7f:d2:b6:a0:59:2f:85:d1:1b:56:46:da:8d:
                    64:7e:54:83:11:3c:ad:de:ed:0d:f9:d6:ef:6f:ea:
                    40:49:c4:d6:79:a8:0f:59:b6:2b:ae:97:a0:b5:7d:
                    40:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:F0:D7:74:22:72:5A:22:51:A8:A4:C1:F4:67:A8:A1:D4:6F:00:B1
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS48274.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:da:34:b7:b0:39:78:04:de:a8:e4:68:bb:67:5e:c2:8b:39:
         dd:9e:91:9e:7d:e8:4b:68:bb:8c:dd:e1:14:c6:e6:08:72:ba:
         9b:21:0a:89:3b:36:90:03:d2:74:c4:ef:53:bf:10:f0:6a:2b:
         9d:d8:ff:41:c1:ec:16:e6:e7:df:58:fd:8e:64:74:7f:7b:06:
         ce:84:a4:53:ed:c1:a1:60:3e:3b:c1:61:54:db:b7:65:90:b1:
         2d:5d:39:26:6e:08:40:f2:b3:93:31:ea:16:7b:ef:93:f8:91:
         5d:cc:0a:27:fc:72:19:cd:bf:0f:ba:be:7b:bd:0f:18:93:6d:
         f7:97:bc:b9:95:c1:e4:a8:b9:30:02:cf:35:69:06:de:94:79:
         d2:a3:89:75:68:d8:f5:93:3d:1f:ca:62:21:5f:ba:98:87:6d:
         db:3f:15:9f:dc:30:b2:b4:90:5d:c5:f4:ef:fa:cd:00:fd:e2:
         2a:66:e7:88:b9:e2:14:a0:3a:2f:05:98:54:c4:35:f8:01:aa:
         d9:a3:08:a9:89:67:92:61:52:9a:22:40:6f:b8:c1:72:f2:79:
         12:0e:6d:29:23:c7:ad:e5:1a:d4:05:13:fe:65:f2:34:8b:ff:
         0e:8b:eb:80:12:bb:b0:f5:aa:de:a3:f9:e1:ef:56:53:3a:80:
         23:1c:ca:ce
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUeBcuItyp9G6LAxieUq/2lUO+Hk8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAzMjcxMDQ2MzZaFw0yNTAzMjYxMDUxMzZaMDMxMTAvBgNV
BAMTKDA5RjBENzc0MjI3MjVBMjI1MUE4QTRDMUY0NjdBOEExRDQ2RjAwQjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfaECWtb5XiIDlQ1t47S++sByP
0phK5Va2GDE5QAh9EII98y7LB2wJ+wpZzQvEvaULLWqPun1GvbHeuK85I/lOq8NU
8UqsDs6Bj+kIHAT0H99jdjmz2nZQMJbYBzieidDTQpJqdW1s/CKMYrLhcUFZ6wb1
GaXJuIK5VufpitnbNu5tU8lUzDOX/5EgXy/Jkv584/Va+VLP5aSvMYJfKlpQ6JiE
dsUa0AaqwOEW7HS2hqNQ5FBBT3oKAoon/9uyj7EBx+3buMeYYLCLdgx40QLZuXW8
f9K2oFkvhdEbVkbajWR+VIMRPK3e7Q351u9v6kBJxNZ5qA9Ztiuul6C1fUCxAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUCfDXdCJyWiJRqKTB9GeoodRvALEwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDgyNzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC11rkw
DQYJKoZIhvcNAQELBQADggEBAJ/aNLewOXgE3qjkaLtnXsKLOd2ekZ596Etou4zd
4RTG5ghyupshCok7NpAD0nTE71O/EPBqK53Y/0HB7Bbm599Y/Y5kdH97Bs6EpFPt
waFgPjvBYVTbt2WQsS1dOSZuCEDys5Mx6hZ775P4kV3MCif8chnNvw+6vnu9DxiT
bfeXvLmVweSouTACzzVpBt6UedKjiXVo2PWTPR/KYiFfupiHbds/FZ/cMLK0kF3F
9O/6zQD94ipm54i54hSgOi8FmFTENfgBqtmjCKmJZ5JhUpoiQG+4wXLyeRIObSkj
x63lGtQFE/5l8jSL/w6L64ASu7D1qt6j+eHvVlM6gCMcys4=
-----END CERTIFICATE-----