Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215353.roa
File:                     AS215353.roa (raw, json)
Hash identifier:          FliFGbpoqMoKvlMYyGOp9q+BI3iruz8/JDZ+q6e1hiw=
Subject key identifier:   11:41:69:0F:81:C6:3F:30:BE:38:48:C5:54:E3:25:11:25:E7:08:99
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1AE783216DC5838816BEC9527C7AD71876086678
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215353.roa
Signing time:             Tue 24 Jun 2025 17:54:11 +0000
ROA not before:           Tue 24 Jun 2025 17:49:11 +0000
ROA not after:            Tue 23 Jun 2026 17:54:11 +0000
asID:                     215353
IP address blocks:        181.215.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 01:56:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:e7:83:21:6d:c5:83:88:16:be:c9:52:7c:7a:d7:18:76:08:66:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 24 17:49:11 2025 GMT
            Not After : Jun 23 17:54:11 2026 GMT
        Subject: CN=1141690F81C63F30BE3848C554E3251125E70899
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:46:37:2e:61:ef:f8:3d:bf:e8:00:98:ca:24:
                    8f:fa:a0:51:4a:26:30:96:b0:12:a7:b2:c4:d3:f1:
                    f3:19:9e:c7:6d:57:d7:b4:94:80:c1:12:8a:7a:d6:
                    85:fd:8a:6e:16:0c:13:b2:0a:22:ca:57:14:d4:41:
                    8a:a9:80:23:ad:d3:09:cf:6c:ac:72:73:46:8b:e4:
                    10:40:e8:e2:66:ff:e8:e2:36:50:e3:cb:c1:e7:fd:
                    95:f5:a8:53:17:a7:f1:17:7f:bd:e5:20:ed:41:06:
                    6d:5e:33:d9:92:35:9f:d4:98:ef:74:4c:d7:17:96:
                    a4:9a:cb:66:eb:c6:cf:74:f2:7d:51:17:01:16:ad:
                    8f:af:ed:83:96:6b:0a:31:5f:a5:27:25:bf:d6:5a:
                    06:8c:d0:8f:4b:9e:21:1e:b4:17:fe:32:1c:71:b7:
                    2a:c8:79:6a:b6:8e:4f:5a:bd:03:42:a3:7b:19:8f:
                    64:40:5e:18:a2:0d:10:57:48:f3:51:52:26:ea:7e:
                    92:ad:31:26:18:9f:f9:2f:a2:d6:75:cd:13:91:8d:
                    c7:fe:f7:8b:0a:30:03:d0:48:dc:f7:ad:df:93:29:
                    94:f5:a8:5d:b2:d2:28:76:34:cf:95:83:30:87:d2:
                    a6:3b:df:de:c9:3b:6b:7e:bd:5d:2d:8f:3f:02:bd:
                    be:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:41:69:0F:81:C6:3F:30:BE:38:48:C5:54:E3:25:11:25:E7:08:99
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215353.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:94:e5:16:e7:a1:7b:59:0e:89:fd:0a:f7:2b:aa:a4:58:0a:
         af:aa:a3:48:c5:5b:8b:a4:c1:84:19:65:42:4f:42:b8:d6:27:
         b5:b0:f1:27:7c:f2:94:3b:75:c0:a5:55:3b:6a:68:8a:81:b2:
         a3:fc:4a:ef:7d:90:43:4f:f4:be:06:6d:5a:bd:45:98:12:b2:
         65:3b:d1:23:55:22:35:86:e6:1b:9d:d2:d5:6c:33:3d:2b:5f:
         43:d0:aa:0c:66:f1:34:d6:72:fa:6a:21:80:20:d5:2e:06:45:
         00:4b:13:55:28:b3:d9:fa:17:68:00:ae:bb:ff:93:ea:ed:a9:
         9a:31:e0:64:28:3c:48:a6:48:7b:7b:81:50:7a:47:f1:4c:67:
         bb:43:9b:9c:6e:30:50:12:67:9c:d0:7c:8d:3c:a3:1f:6a:d6:
         b7:41:01:5f:3c:98:20:79:f5:2f:2a:53:98:2e:8f:31:10:1b:
         d4:20:71:69:81:9d:04:23:b7:9c:46:bc:80:aa:38:85:38:5e:
         e6:5b:ec:01:46:9c:84:88:cc:a2:bb:14:70:d3:df:18:ab:96:
         8d:5e:ee:a9:14:0a:0d:b5:86:b9:b6:a0:7a:ff:6b:1e:03:23:
         5d:a0:0d:3d:93:57:16:39:14:50:8d:32:5d:85:26:f6:b4:cc:
         94:13:df:38
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUGueDIW3Fg4gWvslSfHrXGHYIZngwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MjQxNzQ5MTFaFw0yNjA2MjMxNzU0MTFaMDMxMTAvBgNV
BAMTKDExNDE2OTBGODFDNjNGMzBCRTM4NDhDNTU0RTMyNTExMjVFNzA4OTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+RjcuYe/4Pb/oAJjKJI/6oFFK
JjCWsBKnssTT8fMZnsdtV9e0lIDBEop61oX9im4WDBOyCiLKVxTUQYqpgCOt0wnP
bKxyc0aL5BBA6OJm/+jiNlDjy8Hn/ZX1qFMXp/EXf73lIO1BBm1eM9mSNZ/UmO90
TNcXlqSay2brxs908n1RFwEWrY+v7YOWawoxX6UnJb/WWgaM0I9LniEetBf+Mhxx
tyrIeWq2jk9avQNCo3sZj2RAXhiiDRBXSPNRUibqfpKtMSYYn/kvotZ1zRORjcf+
94sKMAPQSNz3rd+TKZT1qF2y0ih2NM+VgzCH0qY7397JO2t+vV0tjz8Cvb7fAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUEUFpD4HGPzC+OEjFVOMlESXnCJkwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE1MzUzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdc8
MA0GCSqGSIb3DQEBCwUAA4IBAQB4lOUW56F7WQ6J/Qr3K6qkWAqvqqNIxVuLpMGE
GWVCT0K41ie1sPEnfPKUO3XApVU7amiKgbKj/ErvfZBDT/S+Bm1avUWYErJlO9Ej
VSI1huYbndLVbDM9K19D0KoMZvE01nL6aiGAINUuBkUASxNVKLPZ+hdoAK67/5Pq
7amaMeBkKDxIpkh7e4FQekfxTGe7Q5ucbjBQEmec0HyNPKMfata3QQFfPJggefUv
KlOYLo8xEBvUIHFpgZ0EI7ecRryAqjiFOF7mW+wBRpyEiMyiuxRw098Yq5aNXu6p
FAoNtYa5tqB6/2seAyNdoA09k1cWORRQjTJdhSb2tMyUE984
-----END CERTIFICATE-----