Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS63073.roa
File:                     AS63073.roa (raw, json)
Hash identifier:          HTp3bfWq7ur8V2cyt1jZaoD2uAheXfRJleLB0KMAKX8=
Subject key identifier:   BC:05:55:F3:A4:3D:F8:D3:FF:7C:90:3D:71:D2:06:3D:10:42:FC:90
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       0240975F530DBF714C3A7BF6B582432759CFE131
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS63073.roa
Signing time:             Wed 31 Jan 2024 08:05:10 +0000
ROA not before:           Wed 31 Jan 2024 08:00:10 +0000
ROA not after:            Wed 29 Jan 2025 08:05:10 +0000
asID:                     63073
IP address blocks:        181.215.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:40:97:5f:53:0d:bf:71:4c:3a:7b:f6:b5:82:43:27:59:cf:e1:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:10 2024 GMT
            Not After : Jan 29 08:05:10 2025 GMT
        Subject: CN=BC0555F3A43DF8D3FF7C903D71D2063D1042FC90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:5f:57:bc:b7:00:aa:be:18:81:67:f8:93:4b:
                    c6:20:bd:d1:64:44:3d:97:a0:13:c2:ec:0c:8a:22:
                    ef:db:ce:09:17:45:67:1e:75:fc:eb:23:07:1b:b1:
                    c7:12:e0:7f:73:74:18:6f:db:de:3d:02:1b:da:db:
                    c5:ea:2b:c1:1f:dd:3b:dd:5e:f3:f1:c8:ca:51:59:
                    e2:0c:8e:5e:1c:ad:ed:24:29:d2:4a:79:b1:74:c6:
                    51:e5:63:80:1e:cd:ca:fd:08:c5:35:07:d8:ae:95:
                    f0:7b:ff:81:34:fd:fb:c9:0a:bf:b2:6f:76:c1:0b:
                    46:fb:5a:61:38:41:04:3d:ed:14:5e:c2:e4:34:da:
                    da:7a:da:cc:38:6a:09:c1:c1:87:cb:cd:48:81:30:
                    ee:f5:a2:b3:d0:ad:4f:8e:98:42:0d:4f:a1:92:04:
                    a8:87:42:7b:8b:e0:c5:9e:f0:87:a9:50:50:d5:09:
                    09:a1:9c:45:5f:ee:86:c1:51:35:c8:87:fa:8b:a6:
                    5d:cd:85:68:9c:1a:d5:88:0f:77:21:01:c3:30:f9:
                    19:74:d8:a2:1c:3d:bb:56:be:e8:c8:7f:94:dd:6d:
                    f6:99:6a:4f:fb:4f:cf:64:20:ba:d4:fc:cb:93:fa:
                    f1:1d:9c:3f:51:06:bd:80:6a:f4:30:f3:34:0b:17:
                    92:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:05:55:F3:A4:3D:F8:D3:FF:7C:90:3D:71:D2:06:3D:10:42:FC:90
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS63073.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:d2:d2:bd:cc:b3:19:cf:72:f0:0e:43:1e:03:50:3e:a6:81:
         1f:51:06:35:52:3f:9b:d6:13:be:47:31:a7:d7:ae:d0:cd:f1:
         4a:5d:bc:99:b5:65:6b:81:6a:b3:84:88:a4:79:55:80:1b:fa:
         94:c2:16:06:80:e8:31:54:53:cc:fc:bc:0f:be:b3:58:24:ac:
         4d:41:ea:38:5a:e6:f7:00:a7:25:af:27:ee:f9:fe:cb:7b:c0:
         9e:c7:a0:9d:0d:dc:05:e3:87:48:71:52:42:86:2d:12:1f:dd:
         50:85:01:d0:96:a5:fa:ff:dd:b6:f0:76:3a:f8:87:6a:5c:ab:
         04:04:8a:73:73:92:b2:e4:74:78:6c:e1:c9:4d:45:b2:b0:a5:
         4b:8b:43:38:db:bd:b2:f8:f7:a5:6e:7e:2d:b8:ac:9b:e7:b1:
         70:07:dd:1c:f6:71:9d:d0:80:2e:4b:b4:1d:2a:24:bc:29:4f:
         08:ff:81:4d:71:e5:5d:84:73:90:ec:91:f8:1a:79:20:37:db:
         80:e3:8b:3f:3b:bf:55:45:4a:bb:d1:1a:dd:12:00:dd:7b:94:
         5c:06:d2:dc:6f:0e:ee:13:e2:e5:53:17:75:30:98:47:32:f3:
         b1:6e:b3:08:e1:49:4d:85:79:0f:98:61:69:15:71:01:c9:ab:
         da:f8:0c:7a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUAkCXX1MNv3FMOnv2tYJDJ1nP4TEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMTBaFw0yNTAxMjkwODA1MTBaMDMxMTAvBgNV
BAMTKEJDMDU1NUYzQTQzREY4RDNGRjdDOTAzRDcxRDIwNjNEMTA0MkZDOTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/X1e8twCqvhiBZ/iTS8YgvdFk
RD2XoBPC7AyKIu/bzgkXRWcedfzrIwcbsccS4H9zdBhv2949Ahva28XqK8Ef3Tvd
XvPxyMpRWeIMjl4cre0kKdJKebF0xlHlY4Aezcr9CMU1B9iulfB7/4E0/fvJCr+y
b3bBC0b7WmE4QQQ97RRewuQ02tp62sw4agnBwYfLzUiBMO71orPQrU+OmEINT6GS
BKiHQnuL4MWe8IepUFDVCQmhnEVf7obBUTXIh/qLpl3NhWicGtWID3chAcMw+Rl0
2KIcPbtWvujIf5TdbfaZak/7T89kILrU/MuT+vEdnD9RBr2AavQw8zQLF5J7AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUvAVV86Q9+NP/fJA9cdIGPRBC/JAwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNjMwNzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC116Yw
DQYJKoZIhvcNAQELBQADggEBAKbS0r3MsxnPcvAOQx4DUD6mgR9RBjVSP5vWE75H
MafXrtDN8UpdvJm1ZWuBarOEiKR5VYAb+pTCFgaA6DFUU8z8vA++s1gkrE1B6jha
5vcApyWvJ+75/st7wJ7HoJ0N3AXjh0hxUkKGLRIf3VCFAdCWpfr/3bbwdjr4h2pc
qwQEinNzkrLkdHhs4clNRbKwpUuLQzjbvbL496Vufi24rJvnsXAH3Rz2cZ3QgC5L
tB0qJLwpTwj/gU1x5V2Ec5DskfgaeSA324Djiz87v1VFSrvRGt0SAN17lFwG0txv
Du4T4uVTF3UwmEcy87FuswjhSU2FeQ+YYWkVcQHJq9r4DHo=
-----END CERTIFICATE-----