Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211620.roa
File:                     AS211620.roa (raw, json)
Hash identifier:          RgQiRWMKwBDI7ec/jQkEPHSeHZN4yM6mgCXXcbtxhqc=
Subject key identifier:   7F:EA:9E:0B:33:95:79:FC:66:18:52:93:3F:D6:B7:EE:56:8F:E1:A3
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7979084227E712FC212EF3AA9117CF21675E1C9B
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211620.roa
Signing time:             Sun 15 Dec 2024 16:44:58 +0000
ROA not before:           Sun 15 Dec 2024 16:39:58 +0000
ROA not after:            Sun 14 Dec 2025 16:44:58 +0000
asID:                     211620
IP address blocks:        191.96.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 07:05:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:79:08:42:27:e7:12:fc:21:2e:f3:aa:91:17:cf:21:67:5e:1c:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Dec 15 16:39:58 2024 GMT
            Not After : Dec 14 16:44:58 2025 GMT
        Subject: CN=7FEA9E0B339579FC661852933FD6B7EE568FE1A3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:70:c6:69:0b:86:f7:82:4c:0b:d3:0a:be:39:
                    05:70:9f:21:b4:c0:99:6e:a8:20:73:4c:e8:44:57:
                    7c:0f:0a:14:db:1b:52:93:c2:81:1e:89:f5:81:32:
                    0d:0f:54:ac:04:ff:61:e0:e4:57:f9:2e:46:17:e8:
                    43:c3:02:44:3c:4c:d7:59:2c:5e:bd:35:19:f9:e9:
                    bc:2e:c6:26:de:c9:57:41:06:95:5e:96:b2:5d:f1:
                    86:f6:65:f5:49:45:62:99:80:75:c9:ca:a1:33:3a:
                    88:ce:88:52:6d:f2:c2:b8:de:55:0c:5b:b5:4b:b9:
                    86:88:f4:23:49:01:49:63:d6:14:98:0b:5d:fc:e3:
                    d9:0e:35:08:5b:38:ff:8d:51:c6:c8:cb:47:34:cc:
                    4a:38:58:05:08:2a:7f:41:16:d3:bc:af:ef:d0:3b:
                    d5:62:30:7c:c0:ba:e7:88:3f:56:89:b6:67:45:e8:
                    9d:d1:d7:6f:e8:8d:3f:ad:29:6d:77:81:2f:b0:1d:
                    1e:97:b0:44:87:1d:b7:7e:ec:09:7c:9d:d7:c4:37:
                    54:75:39:73:53:e8:e2:05:3f:9d:39:51:5c:1c:23:
                    e3:fb:43:a0:a3:c8:ed:fc:b1:8e:02:aa:03:47:e4:
                    17:9e:83:44:05:29:5a:b3:e1:4f:a8:21:b3:60:f9:
                    ac:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:EA:9E:0B:33:95:79:FC:66:18:52:93:3F:D6:B7:EE:56:8F:E1:A3
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211620.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:2f:d4:af:c6:ff:4b:57:63:c1:7e:17:24:c7:d8:ab:7d:03:
         eb:b5:bf:df:10:a4:50:52:19:76:83:6b:cf:6b:b8:33:fb:bf:
         1e:21:bc:3f:60:97:ad:58:27:0a:e9:6e:2e:41:d0:33:41:25:
         07:20:01:87:0f:f9:11:e9:ff:92:a0:b0:f8:8a:12:b6:60:52:
         2d:be:30:eb:00:48:d9:f3:d9:d8:45:0b:b3:35:16:1d:3d:ee:
         9c:65:7c:89:eb:12:a1:d6:d6:3a:2e:10:9b:c9:ef:f2:e5:af:
         f3:1d:5c:ce:3d:cb:d9:43:3b:2c:9d:88:57:14:37:52:0b:cb:
         9b:7e:35:db:df:23:64:28:a7:11:ad:d1:44:ef:76:e1:54:c1:
         e9:19:c6:85:44:bf:c8:95:37:ba:19:20:ee:5e:72:b8:ef:f5:
         e1:ae:89:cd:d2:08:d6:09:6a:2c:e5:30:c0:09:83:c8:da:66:
         ce:07:2a:41:7b:b0:2b:3e:20:e0:9c:be:4e:9a:04:aa:c7:71:
         5b:86:2a:e4:3c:bf:34:5d:45:10:2c:d3:a0:51:35:ff:df:c0:
         11:4f:fc:bb:71:62:09:35:02:63:02:df:9b:b6:84:01:67:2b:
         a8:0c:12:7b:4f:14:6a:4e:7e:11:31:bf:38:62:50:a3:12:5b:
         e6:6b:66:d0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUeXkIQifnEvwhLvOqkRfPIWdeHJswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDEyMTUxNjM5NThaFw0yNTEyMTQxNjQ0NThaMDMxMTAvBgNV
BAMTKDdGRUE5RTBCMzM5NTc5RkM2NjE4NTI5MzNGRDZCN0VFNTY4RkUxQTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBcMZpC4b3gkwL0wq+OQVwnyG0
wJluqCBzTOhEV3wPChTbG1KTwoEeifWBMg0PVKwE/2Hg5Ff5LkYX6EPDAkQ8TNdZ
LF69NRn56bwuxibeyVdBBpVelrJd8Yb2ZfVJRWKZgHXJyqEzOojOiFJt8sK43lUM
W7VLuYaI9CNJAUlj1hSYC13849kONQhbOP+NUcbIy0c0zEo4WAUIKn9BFtO8r+/Q
O9ViMHzAuueIP1aJtmdF6J3R12/ojT+tKW13gS+wHR6XsESHHbd+7Al8ndfEN1R1
OXNT6OIFP505UVwcI+P7Q6CjyO38sY4CqgNH5Beeg0QFKVqz4U+oIbNg+awNAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUf+qeCzOVefxmGFKTP9a37laP4aMwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjExNjIwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2Cd
MA0GCSqGSIb3DQEBCwUAA4IBAQBgL9Svxv9LV2PBfhckx9irfQPrtb/fEKRQUhl2
g2vPa7gz+78eIbw/YJetWCcK6W4uQdAzQSUHIAGHD/kR6f+SoLD4ihK2YFItvjDr
AEjZ89nYRQuzNRYdPe6cZXyJ6xKh1tY6LhCbye/y5a/zHVzOPcvZQzssnYhXFDdS
C8ubfjXb3yNkKKcRrdFE73bhVMHpGcaFRL/IlTe6GSDuXnK47/XhronN0gjWCWos
5TDACYPI2mbOBypBe7ArPiDgnL5OmgSqx3FbhirkPL80XUUQLNOgUTX/38ART/y7
cWIJNQJjAt+btoQBZyuoDBJ7TxRqTn4RMb84YlCjElvma2bQ
-----END CERTIFICATE-----