Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS9280.roa
File:                     AS9280.roa (raw, json)
Hash identifier:          UCB30eBrehB/jP543csHMXnQCO4qE/nEhWyAGkbu4IQ=
Subject key identifier:   BD:25:B2:85:1C:41:1E:59:73:1D:D8:73:A4:93:A5:2F:47:C7:B6:FD
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       43AE3A26E1CE6C1C324A5C8B090BAC4B895531F4
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS9280.roa
Signing time:             Wed 31 Jan 2024 08:05:10 +0000
ROA not before:           Wed 31 Jan 2024 08:00:10 +0000
ROA not after:            Wed 29 Jan 2025 08:05:10 +0000
asID:                     9280
IP address blocks:        191.96.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:ae:3a:26:e1:ce:6c:1c:32:4a:5c:8b:09:0b:ac:4b:89:55:31:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:10 2024 GMT
            Not After : Jan 29 08:05:10 2025 GMT
        Subject: CN=BD25B2851C411E59731DD873A493A52F47C7B6FD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:e1:de:99:da:1a:4b:16:a1:5b:d8:ec:b3:8a:
                    27:35:39:db:01:68:71:fa:9d:da:32:34:30:81:55:
                    d9:5a:16:b8:13:73:f6:54:48:7e:c8:74:7a:b7:9e:
                    23:67:ce:ed:f0:8c:63:56:64:73:49:bc:18:50:e1:
                    17:37:df:07:7b:52:b2:9b:fc:0e:48:1c:f5:fd:70:
                    f5:44:24:77:02:54:32:d6:04:16:88:a5:8e:5e:a2:
                    52:78:15:22:ca:5c:ef:b5:21:51:f8:d6:3c:00:39:
                    d5:f3:87:ae:6d:06:85:02:c0:8b:2a:a3:c5:a0:36:
                    4a:e6:b1:38:86:fa:c7:96:e1:d5:6f:d1:2f:6c:90:
                    8f:d1:f4:13:e2:8c:93:9f:43:69:e9:c6:90:f6:af:
                    78:4d:fb:f2:cb:f5:9e:12:8d:f1:e2:6a:71:39:1b:
                    63:75:04:bd:35:19:6f:90:38:85:59:b7:f4:c3:d1:
                    d6:44:99:16:ff:7d:06:95:af:3e:b7:18:35:1a:e5:
                    ef:2d:19:2c:df:de:50:0d:62:30:ab:90:e8:38:b9:
                    a0:27:67:48:85:4a:bf:0e:10:d2:59:56:d3:88:bd:
                    65:da:cc:45:eb:1f:25:be:b8:c6:97:70:a5:b5:e2:
                    1b:83:52:13:97:ae:11:45:78:6b:c0:3c:f4:63:26:
                    1b:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:25:B2:85:1C:41:1E:59:73:1D:D8:73:A4:93:A5:2F:47:C7:B6:FD
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS9280.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:f5:8a:49:79:b6:39:43:d8:65:5c:bc:14:c1:12:6f:9b:f0:
         ef:70:7c:cd:c4:1c:28:e7:ad:aa:6e:ba:49:f3:92:0f:04:22:
         74:a0:22:db:d7:05:6b:df:e9:b4:89:b2:b4:ad:25:bb:64:c8:
         1d:16:fb:f4:f4:9e:d2:70:2a:52:a7:7e:59:1d:cd:c1:d9:2b:
         60:35:fc:65:af:a7:0d:fe:f5:75:2c:c4:ed:80:6e:f7:80:b7:
         c0:90:0c:7d:b2:47:ea:4c:6f:a4:8f:56:12:7f:af:96:07:93:
         53:f0:66:10:7c:af:2a:55:f6:c8:15:83:8f:95:ed:17:8f:43:
         8f:db:67:bf:3c:eb:e2:c2:ad:7a:3d:b3:ca:b4:42:21:1f:9e:
         2b:3f:37:28:02:3d:60:1e:67:75:e9:d9:26:6a:42:df:57:6e:
         ec:d9:8a:88:85:a8:d0:aa:a7:4b:f4:12:02:fd:e6:84:98:3a:
         d1:ce:37:f1:ae:cc:e9:f8:6d:a1:cf:5a:6b:52:16:00:dd:11:
         00:73:64:19:8e:5e:5d:a2:63:11:eb:94:d0:9e:b3:9a:52:5e:
         fa:82:ba:18:8c:ad:ba:a8:48:ea:ee:ca:b7:fe:bc:d1:b9:55:
         50:b9:56:d1:53:ae:30:bd:7a:39:a3:55:bf:a5:6a:61:b0:96:
         98:a2:68:b8
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUQ646JuHObBwySlyLCQusS4lVMfQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMTBaFw0yNTAxMjkwODA1MTBaMDMxMTAvBgNV
BAMTKEJEMjVCMjg1MUM0MTFFNTk3MzFERDg3M0E0OTNBNTJGNDdDN0I2RkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC54d6Z2hpLFqFb2Oyziic1OdsB
aHH6ndoyNDCBVdlaFrgTc/ZUSH7IdHq3niNnzu3wjGNWZHNJvBhQ4Rc33wd7UrKb
/A5IHPX9cPVEJHcCVDLWBBaIpY5eolJ4FSLKXO+1IVH41jwAOdXzh65tBoUCwIsq
o8WgNkrmsTiG+seW4dVv0S9skI/R9BPijJOfQ2npxpD2r3hN+/LL9Z4SjfHianE5
G2N1BL01GW+QOIVZt/TD0dZEmRb/fQaVrz63GDUa5e8tGSzf3lANYjCrkOg4uaAn
Z0iFSr8OENJZVtOIvWXazEXrHyW+uMaXcKW14huDUhOXrhFFeGvAPPRjJhvjAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUvSWyhRxBHllzHdhzpJOlL0fHtv0wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTOTI4MC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAL9g1jAN
BgkqhkiG9w0BAQsFAAOCAQEALvWKSXm2OUPYZVy8FMESb5vw73B8zcQcKOetqm66
SfOSDwQidKAi29cFa9/ptImytK0lu2TIHRb79PSe0nAqUqd+WR3NwdkrYDX8Za+n
Df71dSzE7YBu94C3wJAMfbJH6kxvpI9WEn+vlgeTU/BmEHyvKlX2yBWDj5XtF49D
j9tnvzzr4sKtej2zyrRCIR+eKz83KAI9YB5ndenZJmpC31du7NmKiIWo0KqnS/QS
Av3mhJg60c438a7M6fhtoc9aa1IWAN0RAHNkGY5eXaJjEeuU0J6zmlJe+oK6GIyt
uqhI6u7Kt/680blVULlW0VOuML16OaNVv6VqYbCWmKJouA==
-----END CERTIFICATE-----