Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS272547.roa
File:                     AS272547.roa (raw, json)
Hash identifier:          7RSNi0R5H1Kw+FLtgMT2ZjjOL9gwytERZYQO6L0GN0U=
Subject key identifier:   87:29:F0:2B:1A:EF:1C:9C:DF:11:03:B7:38:5E:A1:4D:04:91:63:49
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       2F68BDBC17C772CF5416704AA3A5F98D2C949AE6
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS272547.roa
Signing time:             Sat 14 Jun 2025 01:54:09 +0000
ROA not before:           Sat 14 Jun 2025 01:49:09 +0000
ROA not after:            Sat 13 Jun 2026 01:54:09 +0000
asID:                     272547
IP address blocks:        45.158.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:68:bd:bc:17:c7:72:cf:54:16:70:4a:a3:a5:f9:8d:2c:94:9a:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jun 14 01:49:09 2025 GMT
            Not After : Jun 13 01:54:09 2026 GMT
        Subject: CN=8729F02B1AEF1C9CDF1103B7385EA14D04916349
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:a1:dc:aa:fc:c3:bc:e2:89:7e:1a:73:2d:eb:
                    2b:8d:63:20:25:f6:58:41:4a:15:40:d4:e5:cf:b3:
                    5f:15:26:a2:29:a7:a6:7d:05:ce:d2:dc:24:b1:f4:
                    2b:f2:4d:3b:38:39:2c:bd:d7:09:d4:10:02:b4:70:
                    b0:41:e0:f2:74:9c:07:d5:e9:05:dd:28:a5:d3:da:
                    0b:96:10:cf:59:93:6a:ce:c2:54:2d:a9:6d:70:07:
                    17:33:c6:96:f8:8d:56:b2:3f:5c:4d:62:d7:55:20:
                    50:e7:da:a7:22:cb:a7:5e:cd:7e:2d:14:77:b6:a2:
                    b0:ba:ee:03:eb:07:9b:fd:c0:f3:83:d1:90:7a:6c:
                    fc:f7:6b:52:be:05:e0:1f:97:61:c6:71:8b:31:66:
                    f4:e8:16:cd:d0:23:77:89:e1:7f:60:71:07:db:fc:
                    b5:fe:2d:a5:40:9f:47:67:60:3f:9d:08:90:25:56:
                    94:77:fc:a1:bf:b6:6f:22:bc:f2:e2:2f:35:fb:52:
                    29:79:c2:c8:ba:f6:93:47:67:c7:d1:f6:81:00:ab:
                    9c:cf:f1:45:ae:c6:d4:80:ab:37:73:a5:45:49:af:
                    5e:85:49:70:01:71:af:fb:57:f2:b2:ae:43:e8:98:
                    24:58:c8:dd:5b:f3:cf:40:a1:15:83:1c:76:5d:e0:
                    b2:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:29:F0:2B:1A:EF:1C:9C:DF:11:03:B7:38:5E:A1:4D:04:91:63:49
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS272547.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:15:a2:38:08:bd:cb:4b:0d:4a:13:e2:4f:4f:88:b5:c1:f9:
         08:0e:79:33:8a:5f:11:a3:b8:68:f0:28:34:5a:5e:3f:da:72:
         fc:14:0a:c6:0a:e7:4b:6f:1c:72:91:90:09:3c:db:70:e3:04:
         ca:9d:38:be:8f:4c:f5:52:75:73:cc:61:7c:5f:db:05:44:ed:
         2f:09:68:68:b1:93:c0:59:ca:8d:5d:21:a1:a8:ae:f7:6b:fc:
         18:73:9c:98:da:1e:e8:b5:e8:9a:1e:74:4b:1b:44:6c:71:c7:
         3a:d7:af:ff:d9:53:2f:58:97:64:7b:20:d5:fa:0e:b9:a5:2e:
         10:7a:2f:b8:a4:fb:d2:3d:0e:be:5a:44:0e:ee:ab:d9:53:63:
         1a:bf:3d:b6:02:3f:c4:13:f6:63:b8:2f:5d:0d:15:14:6d:f4:
         95:60:fb:28:fe:14:1a:3d:de:6f:4b:d5:4f:c9:d6:99:3c:b9:
         b0:1b:3e:3b:37:4b:59:4e:3a:ab:87:66:93:31:8d:08:a6:44:
         40:f4:a4:d5:4f:19:74:30:d2:47:95:ef:08:8a:01:7c:6e:ba:
         96:20:f6:8b:d4:cc:af:c7:70:3f:ca:c3:bc:4f:95:89:47:34:
         ec:bc:8a:4c:20:2d:f0:41:6e:37:33:c6:ed:20:65:10:44:97:
         6a:cd:a6:e2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUL2i9vBfHcs9UFnBKo6X5jSyUmuYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA2MTQwMTQ5MDlaFw0yNjA2MTMwMTU0MDlaMDMxMTAvBgNV
BAMTKDg3MjlGMDJCMUFFRjFDOUNERjExMDNCNzM4NUVBMTREMDQ5MTYzNDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3odyq/MO84ol+GnMt6yuNYyAl
9lhBShVA1OXPs18VJqIpp6Z9Bc7S3CSx9CvyTTs4OSy91wnUEAK0cLBB4PJ0nAfV
6QXdKKXT2guWEM9Zk2rOwlQtqW1wBxczxpb4jVayP1xNYtdVIFDn2qciy6dezX4t
FHe2orC67gPrB5v9wPOD0ZB6bPz3a1K+BeAfl2HGcYsxZvToFs3QI3eJ4X9gcQfb
/LX+LaVAn0dnYD+dCJAlVpR3/KG/tm8ivPLiLzX7Uil5wsi69pNHZ8fR9oEAq5zP
8UWuxtSAqzdzpUVJr16FSXABca/7V/KyrkPomCRYyN1b889AoRWDHHZd4LIvAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUhynwKxrvHJzfEQO3OF6hTQSRY0kwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjcyNTQ3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ4I
MA0GCSqGSIb3DQEBCwUAA4IBAQBmFaI4CL3LSw1KE+JPT4i1wfkIDnkzil8Ro7ho
8Cg0Wl4/2nL8FArGCudLbxxykZAJPNtw4wTKnTi+j0z1UnVzzGF8X9sFRO0vCWho
sZPAWcqNXSGhqK73a/wYc5yY2h7oteiaHnRLG0Rsccc616//2VMvWJdkeyDV+g65
pS4Qei+4pPvSPQ6+WkQO7qvZU2Mavz22Aj/EE/ZjuC9dDRUUbfSVYPso/hQaPd5v
S9VPydaZPLmwGz47N0tZTjqrh2aTMY0IpkRA9KTVTxl0MNJHle8IigF8brqWIPaL
1Myvx3A/ysO8T5WJRzTsvIpMIC3wQW43M8btIGUQRJdqzabi
-----END CERTIFICATE-----