Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211810.roa
File:                     AS211810.roa (raw, json)
Hash identifier:          OfWWJHtO2D7X0WqFr5dbpMZCD5viZwDOT+6S3nJLJFM=
Subject key identifier:   72:FB:7B:72:D8:5E:E4:32:72:6D:32:75:09:50:4D:24:22:F9:C7:1B
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6D070106BDA7FD5A7308B29B62CED3450572DC2D
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211810.roa
Signing time:             Thu 23 Jan 2025 14:53:52 +0000
ROA not before:           Thu 23 Jan 2025 14:48:52 +0000
ROA not after:            Thu 22 Jan 2026 14:53:52 +0000
asID:                     211810
IP address blocks:        181.215.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 07:05:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:07:01:06:bd:a7:fd:5a:73:08:b2:9b:62:ce:d3:45:05:72:dc:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 23 14:48:52 2025 GMT
            Not After : Jan 22 14:53:52 2026 GMT
        Subject: CN=72FB7B72D85EE432726D327509504D2422F9C71B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:98:30:ba:cc:b2:7e:93:c7:fb:ee:2f:07:ae:
                    27:0e:53:b8:a0:72:ba:4d:4b:09:9d:dd:a4:1e:c2:
                    26:0f:39:e0:bb:af:86:1e:ea:ee:48:43:ee:b7:95:
                    03:58:6e:e0:fe:15:2e:5e:58:8c:f2:c8:5a:25:91:
                    56:f3:63:59:1b:5b:5b:5f:47:99:98:2f:77:a0:8d:
                    0b:54:ee:20:23:c9:bf:fb:83:42:fe:94:36:e7:c2:
                    f3:22:3f:04:3f:ea:b4:8d:f2:02:9b:e3:53:66:a1:
                    35:6d:9d:92:5a:ed:6b:f6:4e:96:8c:ae:ed:4f:ca:
                    cf:97:8a:0c:01:dd:a3:67:6a:37:34:51:92:e8:4c:
                    b0:7f:07:eb:64:51:88:5d:5b:fe:a8:58:db:08:af:
                    7a:e7:54:9a:74:25:dc:86:9a:87:8c:e2:a6:c8:62:
                    ff:7f:4c:be:ce:08:b8:a0:ff:da:c9:06:22:65:5c:
                    2d:13:29:29:c5:04:4a:55:4c:b8:db:93:7a:26:90:
                    9d:81:36:61:4a:4b:13:e2:c9:47:82:68:40:ac:d0:
                    eb:67:98:7c:99:91:7d:93:42:5a:70:d7:c4:b1:e3:
                    49:ba:6b:1f:ff:47:9c:9d:0d:77:b4:d5:44:ef:7e:
                    8f:28:f6:3a:3d:a9:97:a7:8e:f8:be:ee:e3:f7:83:
                    b0:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:FB:7B:72:D8:5E:E4:32:72:6D:32:75:09:50:4D:24:22:F9:C7:1B
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211810.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:d7:13:a2:6d:6e:8f:a1:96:f3:f9:e2:b4:02:a3:da:30:c3:
         5a:50:16:d9:af:71:b8:8d:b4:4f:2b:95:e3:19:98:bb:27:b4:
         f7:ba:eb:60:c6:85:d6:05:e7:e4:72:a5:21:ec:0c:c3:d3:e4:
         c9:42:da:3d:98:eb:4b:99:50:2c:8d:55:dc:33:8e:d1:cb:36:
         0b:43:0f:70:a2:82:54:f6:d7:73:ac:55:bc:2f:8b:f3:c0:be:
         08:34:20:15:fc:3e:b1:5d:63:0b:48:6a:63:8a:c7:b9:c9:f3:
         35:6e:ef:5a:a3:5b:64:6a:08:20:0d:33:11:2c:45:7d:28:8d:
         a3:85:93:8d:94:1e:88:17:70:cd:5d:fc:f3:c7:97:79:5d:9b:
         c3:98:18:c0:be:25:46:8b:e0:f0:52:da:a4:79:e1:b6:6b:8c:
         65:42:88:e7:60:f0:b1:b0:63:7f:d1:74:b9:a9:5e:95:ce:a3:
         79:ec:23:14:68:26:5c:f4:a2:6c:10:23:6a:70:d9:70:9a:09:
         87:b7:83:3a:45:a7:b5:70:18:4f:42:40:e1:ce:9c:43:af:bc:
         42:98:96:97:90:31:ea:45:2b:2e:45:f4:b4:c2:eb:8f:61:dd:
         fb:99:52:d4:cf:46:99:20:44:45:71:d3:de:4e:c3:25:31:09:
         0f:4f:ac:56
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUbQcBBr2n/VpzCLKbYs7TRQVy3C0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAxMjMxNDQ4NTJaFw0yNjAxMjIxNDUzNTJaMDMxMTAvBgNV
BAMTKDcyRkI3QjcyRDg1RUU0MzI3MjZEMzI3NTA5NTA0RDI0MjJGOUM3MUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFmDC6zLJ+k8f77i8HricOU7ig
crpNSwmd3aQewiYPOeC7r4Ye6u5IQ+63lQNYbuD+FS5eWIzyyFolkVbzY1kbW1tf
R5mYL3egjQtU7iAjyb/7g0L+lDbnwvMiPwQ/6rSN8gKb41NmoTVtnZJa7Wv2TpaM
ru1Pys+XigwB3aNnajc0UZLoTLB/B+tkUYhdW/6oWNsIr3rnVJp0JdyGmoeM4qbI
Yv9/TL7OCLig/9rJBiJlXC0TKSnFBEpVTLjbk3omkJ2BNmFKSxPiyUeCaECs0Otn
mHyZkX2TQlpw18Sx40m6ax//R5ydDXe01UTvfo8o9jo9qZenjvi+7uP3g7CJAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUcvt7cthe5DJybTJ1CVBNJCL5xxswHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjExODEwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdcg
MA0GCSqGSIb3DQEBCwUAA4IBAQBa1xOibW6PoZbz+eK0AqPaMMNaUBbZr3G4jbRP
K5XjGZi7J7T3uutgxoXWBefkcqUh7AzD0+TJQto9mOtLmVAsjVXcM47RyzYLQw9w
ooJU9tdzrFW8L4vzwL4INCAV/D6xXWMLSGpjise5yfM1bu9ao1tkagggDTMRLEV9
KI2jhZONlB6IF3DNXfzzx5d5XZvDmBjAviVGi+DwUtqkeeG2a4xlQojnYPCxsGN/
0XS5qV6VzqN57CMUaCZc9KJsECNqcNlwmgmHt4M6Rae1cBhPQkDhzpxDr7xCmJaX
kDHqRSsuRfS0wuuPYd37mVLUz0aZIERFcdPeTsMlMQkPT6xW
-----END CERTIFICATE-----