Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211432.roa
File:                     AS211432.roa (raw, json)
Hash identifier:          BtWiM6qBljP5E+2RrJEO7jbQGXeuHcj+iU87TYeu59Y=
Subject key identifier:   41:0D:25:CC:76:6B:58:80:1D:9C:D8:F8:8F:08:EF:DA:6F:13:92:81
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       53E618E4DE13E83822EC016CD291CD223027155B
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211432.roa
Signing time:             Fri 13 Sep 2024 08:05:20 +0000
ROA not before:           Fri 13 Sep 2024 08:00:20 +0000
ROA not after:            Fri 12 Sep 2025 08:05:20 +0000
asID:                     211432
IP address blocks:        185.170.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 07:05:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:e6:18:e4:de:13:e8:38:22:ec:01:6c:d2:91:cd:22:30:27:15:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Sep 13 08:00:20 2024 GMT
            Not After : Sep 12 08:05:20 2025 GMT
        Subject: CN=410D25CC766B58801D9CD8F88F08EFDA6F139281
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:25:e3:66:85:51:02:19:38:09:1e:b3:d1:26:
                    a2:ef:26:89:b0:12:26:e7:4d:b2:fe:ed:f7:c5:fa:
                    4a:15:d4:b4:41:8d:b3:fe:78:a7:06:06:40:80:5f:
                    8c:02:8f:c3:59:2a:49:8e:e1:eb:4a:5e:62:34:34:
                    ae:ef:ba:d7:86:91:cb:85:f1:ba:d9:63:38:26:51:
                    bf:19:14:ba:f1:fa:86:1c:5f:e5:0e:57:db:60:33:
                    3c:f3:62:16:73:84:3d:eb:b9:87:7a:b5:37:5e:be:
                    88:bd:6e:39:ef:83:bc:89:a2:ea:99:6d:3e:3e:9b:
                    17:9b:10:c4:5a:54:f7:02:5d:c7:a9:83:9b:46:da:
                    e8:25:5c:b1:f4:21:9a:d0:64:9e:56:ee:0f:b4:81:
                    03:d1:e0:e9:3f:12:bb:b9:84:bc:ad:2c:33:fb:77:
                    20:0b:5f:5b:f6:28:0e:fc:a3:bb:c1:22:d0:29:e4:
                    2f:db:cf:21:a8:de:bd:68:9b:7f:d2:56:d6:00:68:
                    3c:4d:9a:ab:1f:db:06:96:3c:fe:2a:0e:14:33:33:
                    96:63:2c:e6:3a:16:ec:2f:4a:e8:b3:cf:d0:db:ac:
                    f0:67:aa:0c:87:52:d1:fa:2b:00:90:de:fd:3a:f7:
                    a1:43:b1:17:b7:11:71:7c:b9:70:d8:9f:92:9a:60:
                    9a:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:0D:25:CC:76:6B:58:80:1D:9C:D8:F8:8F:08:EF:DA:6F:13:92:81
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.170.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:f7:34:c2:84:e1:2d:0c:fd:c5:a1:1d:c1:7b:94:9f:b4:3a:
         d7:30:ba:66:77:53:5f:db:b5:25:6b:b9:3a:9b:0b:e2:85:1a:
         da:9d:74:76:56:f8:b5:25:69:b9:b0:53:1b:cb:30:a1:47:d2:
         bf:c9:cb:6f:9a:6f:ec:ff:84:f2:8a:25:14:6a:b4:7d:e3:12:
         4c:d5:7d:de:c2:43:21:8b:d8:ef:b5:46:23:80:f4:04:f7:c0:
         54:c9:95:04:ab:ff:8f:de:1f:6f:a9:27:7a:83:a7:1c:45:58:
         83:ff:32:f9:07:79:7e:17:77:62:aa:48:e7:ef:7b:b0:3f:c4:
         5c:b2:0a:90:1f:47:6b:76:b2:c0:79:bc:a7:a4:af:9d:00:e5:
         5c:01:a5:4b:d1:93:21:d6:14:eb:ad:af:0b:14:83:5d:03:2d:
         27:8c:66:23:98:58:ae:9d:26:97:97:93:70:e7:a8:54:09:e6:
         21:d7:6d:28:1f:82:7b:e8:da:23:b3:f3:80:f1:99:8c:b7:81:
         05:69:bc:f6:65:49:86:f9:5b:33:1e:6c:94:ee:78:46:07:2e:
         d0:04:69:2c:a3:e9:14:0e:6b:37:c1:13:ad:47:28:a6:04:f7:
         1b:33:d2:22:43:d3:61:a1:86:50:7f:2c:ba:d1:9b:92:70:76:
         bc:34:7f:91
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUU+YY5N4T6Dgi7AFs0pHNIjAnFVswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA5MTMwODAwMjBaFw0yNTA5MTIwODA1MjBaMDMxMTAvBgNV
BAMTKDQxMEQyNUNDNzY2QjU4ODAxRDlDRDhGODhGMDhFRkRBNkYxMzkyODEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKJeNmhVECGTgJHrPRJqLvJomw
EibnTbL+7ffF+koV1LRBjbP+eKcGBkCAX4wCj8NZKkmO4etKXmI0NK7vuteGkcuF
8brZYzgmUb8ZFLrx+oYcX+UOV9tgMzzzYhZzhD3ruYd6tTdevoi9bjnvg7yJouqZ
bT4+mxebEMRaVPcCXcepg5tG2uglXLH0IZrQZJ5W7g+0gQPR4Ok/Eru5hLytLDP7
dyALX1v2KA78o7vBItAp5C/bzyGo3r1om3/SVtYAaDxNmqsf2waWPP4qDhQzM5Zj
LOY6FuwvSuizz9DbrPBnqgyHUtH6KwCQ3v0696FDsRe3EXF8uXDYn5KaYJpbAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUQQ0lzHZrWIAdnNj4jwjv2m8TkoEwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjExNDMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuao4
MA0GCSqGSIb3DQEBCwUAA4IBAQBb9zTChOEtDP3FoR3Be5SftDrXMLpmd1Nf27Ul
a7k6mwvihRranXR2Vvi1JWm5sFMbyzChR9K/yctvmm/s/4TyiiUUarR94xJM1X3e
wkMhi9jvtUYjgPQE98BUyZUEq/+P3h9vqSd6g6ccRViD/zL5B3l+F3diqkjn73uw
P8RcsgqQH0drdrLAebynpK+dAOVcAaVL0ZMh1hTrra8LFINdAy0njGYjmFiunSaX
l5Nw56hUCeYh120oH4J76Nojs/OA8ZmMt4EFabz2ZUmG+VszHmyU7nhGBy7QBGks
o+kUDms3wROtRyimBPcbM9IiQ9NhoYZQfyy60ZuScHa8NH+R
-----END CERTIFICATE-----