Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS271965.roa
File:                     AS271965.roa (raw, json)
Hash identifier:          QAGmSseyXSPPQvXcKuyTS3McbdnqI86hXMREY7NIjJs=
Subject key identifier:   46:4C:B9:B2:4D:66:73:37:A2:47:86:D9:4E:7C:DF:79:69:46:F7:6B
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       05FA3489BEDD2D1AB6D2DD2EAA23EAA048C3C52A
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS271965.roa
Signing time:             Wed 07 May 2025 14:54:07 +0000
ROA not before:           Wed 07 May 2025 14:49:07 +0000
ROA not after:            Wed 06 May 2026 14:54:07 +0000
asID:                     271965
IP address blocks:        191.101.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:fa:34:89:be:dd:2d:1a:b6:d2:dd:2e:aa:23:ea:a0:48:c3:c5:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May  7 14:49:07 2025 GMT
            Not After : May  6 14:54:07 2026 GMT
        Subject: CN=464CB9B24D667337A24786D94E7CDF796946F76B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:2d:66:8d:4a:bd:fe:43:1c:11:6f:51:30:a6:
                    b0:02:b7:7d:be:33:30:1d:cf:aa:2a:9c:71:b7:f8:
                    e2:03:23:8d:13:55:ca:f7:38:50:d3:45:80:9f:96:
                    91:a1:f7:90:13:cc:08:c5:f1:f0:3d:66:9c:94:60:
                    fd:38:51:48:9d:1e:e5:73:83:99:f7:eb:3f:e4:db:
                    56:92:d2:8d:dd:1d:e4:73:c3:3b:a7:bc:c8:cc:d9:
                    00:fd:f0:97:95:f3:d1:f2:68:81:38:d0:69:aa:e2:
                    80:49:26:57:68:b0:f2:69:42:02:4c:aa:c0:5b:82:
                    ef:70:0f:0c:1b:55:98:92:23:bf:28:c6:e9:a2:41:
                    0d:a0:bc:17:b4:bf:12:e0:1c:e4:88:f6:35:c7:00:
                    c2:07:0a:24:3c:d9:85:06:a6:28:54:6f:d6:f8:4e:
                    a8:14:31:db:b3:73:b2:b1:9e:00:ee:dd:cb:c0:3e:
                    c3:11:ed:ff:e8:e1:64:fc:62:8f:0e:13:21:37:9e:
                    4e:f2:96:ce:e5:cf:fd:96:db:8d:8f:58:3a:a3:c3:
                    2e:96:e6:2c:e5:78:ef:b2:79:f1:1a:89:57:04:e0:
                    f3:fe:cf:cf:b6:c9:79:9c:2e:07:50:7f:92:f7:50:
                    bb:32:93:14:89:17:23:35:6f:ea:a9:7f:7c:87:b4:
                    8c:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:4C:B9:B2:4D:66:73:37:A2:47:86:D9:4E:7C:DF:79:69:46:F7:6B
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS271965.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:e7:3a:e1:44:70:37:e6:71:a7:c5:be:7b:25:9a:37:1c:a8:
         68:96:02:a1:5f:04:8a:53:34:48:43:f1:42:51:b7:b8:9d:fc:
         65:67:80:59:f3:9d:4b:c0:bb:1f:0b:61:2d:94:88:26:55:cf:
         8b:93:15:a8:76:7f:91:a6:84:2e:ec:26:db:fb:f4:c9:78:8b:
         28:1c:35:81:ac:2b:c0:b7:1a:ff:63:38:3d:28:1c:f6:37:dc:
         2a:b6:14:03:19:e5:d3:dd:a9:a2:b0:65:f6:34:57:93:2c:84:
         33:e5:4f:1c:bb:8f:c3:ee:a4:fe:09:ae:77:6e:8a:21:2f:c0:
         e6:e5:47:30:87:40:4d:b6:37:ab:03:06:0a:88:87:84:50:67:
         57:3e:fa:ae:00:8a:cd:8a:9d:22:3c:25:57:47:08:67:45:86:
         16:18:dc:ba:20:61:bd:a3:88:4b:4c:23:40:54:6a:b9:6d:74:
         0a:43:c5:aa:d9:3c:71:73:a3:e3:5b:88:07:f8:ec:c6:05:19:
         2f:b5:cd:fa:87:16:c3:bc:5e:74:00:f2:42:e6:97:9d:8d:be:
         e7:bd:70:dd:52:95:a6:1d:64:30:3d:18:18:e4:32:32:4e:84:
         86:cc:25:a4:c0:d2:7c:9c:87:dd:31:58:0a:a1:57:cf:31:2f:
         97:f8:a2:54
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUBfo0ib7dLRq20t0uqiPqoEjDxSowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA1MDcxNDQ5MDdaFw0yNjA1MDYxNDU0MDdaMDMxMTAvBgNV
BAMTKDQ2NENCOUIyNEQ2NjczMzdBMjQ3ODZEOTRFN0NERjc5Njk0NkY3NkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6LWaNSr3+QxwRb1EwprACt32+
MzAdz6oqnHG3+OIDI40TVcr3OFDTRYCflpGh95ATzAjF8fA9ZpyUYP04UUidHuVz
g5n36z/k21aS0o3dHeRzwzunvMjM2QD98JeV89HyaIE40Gmq4oBJJldosPJpQgJM
qsBbgu9wDwwbVZiSI78oxumiQQ2gvBe0vxLgHOSI9jXHAMIHCiQ82YUGpihUb9b4
TqgUMduzc7KxngDu3cvAPsMR7f/o4WT8Yo8OEyE3nk7yls7lz/2W242PWDqjwy6W
5izleO+yefEaiVcE4PP+z8+2yXmcLgdQf5L3ULsykxSJFyM1b+qpf3yHtIyFAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQURky5sk1mczeiR4bZTnzfeWlG92swHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjcxOTY1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2Um
MA0GCSqGSIb3DQEBCwUAA4IBAQBg5zrhRHA35nGnxb57JZo3HKholgKhXwSKUzRI
Q/FCUbe4nfxlZ4BZ851LwLsfC2EtlIgmVc+LkxWodn+RpoQu7Cbb+/TJeIsoHDWB
rCvAtxr/Yzg9KBz2N9wqthQDGeXT3amisGX2NFeTLIQz5U8cu4/D7qT+Ca53booh
L8Dm5Ucwh0BNtjerAwYKiIeEUGdXPvquAIrNip0iPCVXRwhnRYYWGNy6IGG9o4hL
TCNAVGq5bXQKQ8Wq2Txxc6PjW4gH+OzGBRkvtc36hxbDvF50APJC5pedjb7nvXDd
UpWmHWQwPRgY5DIyToSGzCWkwNJ8nIfdMVgKoVfPMS+X+KJU
-----END CERTIFICATE-----