Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS153369.roa
File:                     AS153369.roa (raw, json)
Hash identifier:          H5mdMVg4rE4YPVP1HK2UzOBhRhGqoit3iSqsyzh4jXA=
Subject key identifier:   C6:88:E6:CB:9E:62:55:4D:F5:E7:4F:1F:FC:08:76:89:FA:69:06:45
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       6F2C3E42FE0BA9DB0313D27CAF062FED1F9BA5A6
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS153369.roa
Signing time:             Wed 22 Jan 2025 14:41:28 +0000
ROA not before:           Wed 22 Jan 2025 14:36:28 +0000
ROA not after:            Wed 21 Jan 2026 14:41:28 +0000
asID:                     153369
IP address blocks:        82.27.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:2c:3e:42:fe:0b:a9:db:03:13:d2:7c:af:06:2f:ed:1f:9b:a5:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan 22 14:36:28 2025 GMT
            Not After : Jan 21 14:41:28 2026 GMT
        Subject: CN=C688E6CB9E62554DF5E74F1FFC087689FA690645
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:df:a9:88:ba:f3:56:35:07:84:c4:ed:6a:02:
                    08:0d:7a:4a:79:c3:51:e0:33:15:7b:7f:65:f8:c5:
                    08:8d:f4:aa:2b:78:36:87:9a:e4:ae:9d:f1:9c:eb:
                    c8:ec:8e:03:33:79:2c:1e:1e:7e:d6:12:00:b3:96:
                    5d:8b:e4:5b:07:28:54:bd:4f:ff:34:2a:8d:8c:44:
                    78:39:3f:12:7a:b3:6b:16:7a:32:84:1e:a1:87:c1:
                    7b:7c:34:19:24:47:c9:9f:06:07:9f:4d:80:f7:5f:
                    53:f0:b9:0e:92:e2:ad:f4:77:19:eb:77:6a:c5:da:
                    ab:90:bd:df:90:65:b6:ac:a0:d3:f8:fc:8c:1c:cf:
                    bd:a2:bc:e1:75:be:23:f5:d5:b4:d7:93:9f:45:bd:
                    9f:03:8a:48:64:e9:0a:10:bf:bc:3b:b7:c4:9b:c1:
                    d0:6c:8f:b6:44:d4:c8:af:52:75:52:4e:25:30:9d:
                    94:22:bd:29:0d:c2:42:32:2d:67:06:4d:94:82:87:
                    73:2a:44:7c:d5:e2:83:f5:d5:db:28:19:85:23:4a:
                    14:82:a3:74:a7:ee:ca:35:d6:50:b9:f7:74:4a:b1:
                    b5:2c:12:97:52:f1:2c:06:89:93:37:f5:c6:91:69:
                    3f:57:a6:71:d4:0f:92:2a:28:ab:62:84:2a:db:c9:
                    9a:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:88:E6:CB:9E:62:55:4D:F5:E7:4F:1F:FC:08:76:89:FA:69:06:45
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS153369.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.27.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:34:da:2c:2d:66:be:59:7c:20:a8:19:17:02:c9:6e:ba:c1:
         f6:27:cf:43:0b:18:44:92:b6:d3:84:05:b1:7d:1a:96:54:16:
         75:5d:95:5f:7a:cb:e5:5c:3f:0e:b2:bf:0b:ed:9d:fd:17:3e:
         8d:d3:ab:e8:1c:3e:b2:c7:76:fe:2a:ed:37:cb:da:75:66:6b:
         a0:db:10:ff:19:78:3d:1c:49:b9:8f:f7:7e:6e:9f:0e:40:cb:
         35:30:00:13:3f:fb:83:f2:21:d4:c9:e9:76:c4:b9:50:2f:62:
         e5:69:82:c1:89:51:2e:92:86:48:43:44:86:e8:03:4b:aa:f2:
         62:50:37:e6:fc:95:ea:7e:ae:ef:b1:2c:3e:f6:d1:82:09:ae:
         1f:1e:59:bd:c5:7d:97:c5:e2:cc:5d:8b:be:75:ad:4d:92:2b:
         03:d9:07:f0:8d:18:6f:73:8c:66:56:3d:1f:50:1d:8e:8f:36:
         98:70:25:8e:4e:82:e5:3d:3b:d5:45:43:a1:de:69:25:73:3b:
         0a:de:81:4d:9f:dd:18:0e:0d:e8:87:db:2a:4f:77:f6:a3:29:
         81:8b:93:da:af:ab:93:9c:f8:9d:1d:d3:5d:6d:38:d9:d9:20:
         e5:d3:d9:e1:fb:b4:db:a1:73:23:39:b4:7f:d7:26:e6:b0:6f:
         63:6b:aa:b4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUbyw+Qv4LqdsDE9J8rwYv7R+bpaYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAxMjIxNDM2MjhaFw0yNjAxMjExNDQxMjhaMDMxMTAvBgNV
BAMTKEM2ODhFNkNCOUU2MjU1NERGNUU3NEYxRkZDMDg3Njg5RkE2OTA2NDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCM36mIuvNWNQeExO1qAggNekp5
w1HgMxV7f2X4xQiN9KoreDaHmuSunfGc68jsjgMzeSweHn7WEgCzll2L5FsHKFS9
T/80Ko2MRHg5PxJ6s2sWejKEHqGHwXt8NBkkR8mfBgefTYD3X1PwuQ6S4q30dxnr
d2rF2quQvd+QZbasoNP4/Iwcz72ivOF1viP11bTXk59FvZ8Dikhk6QoQv7w7t8Sb
wdBsj7ZE1MivUnVSTiUwnZQivSkNwkIyLWcGTZSCh3MqRHzV4oP11dsoGYUjShSC
o3Sn7so11lC593RKsbUsEpdS8SwGiZM39caRaT9XpnHUD5IqKKtihCrbyZplAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUxojmy55iVU31508f/Ah2ifppBkUwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTUzMzY5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhsA
MA0GCSqGSIb3DQEBCwUAA4IBAQBmNNosLWa+WXwgqBkXAsluusH2J89DCxhEkrbT
hAWxfRqWVBZ1XZVfesvlXD8Osr8L7Z39Fz6N06voHD6yx3b+Ku03y9p1Zmug2xD/
GXg9HEm5j/d+bp8OQMs1MAATP/uD8iHUyel2xLlQL2LlaYLBiVEukoZIQ0SG6ANL
qvJiUDfm/JXqfq7vsSw+9tGCCa4fHlm9xX2XxeLMXYu+da1NkisD2QfwjRhvc4xm
Vj0fUB2OjzaYcCWOToLlPTvVRUOh3mklczsK3oFNn90YDg3oh9sqT3f2oymBi5Pa
r6uTnPidHdNdbTjZ2SDl09nh+7TboXMjObR/1ybmsG9ja6q0
-----END CERTIFICATE-----