Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS212396.roa
File:                     AS212396.roa (raw, json)
Hash identifier:          oDB2p/2F/Ub9or7cVDWkDhKiZdAdSPjlmd4OIIWMBb8=
Subject key identifier:   4E:F6:65:E4:C2:41:49:7F:34:B3:C5:8F:CE:C0:51:C6:41:4A:00:A5
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       046B60212B65D7ED004BEE56C1AD3B3D7B0A1AF6
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS212396.roa
Signing time:             Wed 01 Jan 2025 08:53:49 +0000
ROA not before:           Wed 01 Jan 2025 08:48:49 +0000
ROA not after:            Wed 31 Dec 2025 08:53:49 +0000
asID:                     212396
IP address blocks:        109.106.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 07:05:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:6b:60:21:2b:65:d7:ed:00:4b:ee:56:c1:ad:3b:3d:7b:0a:1a:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan  1 08:48:49 2025 GMT
            Not After : Dec 31 08:53:49 2025 GMT
        Subject: CN=4EF665E4C241497F34B3C58FCEC051C6414A00A5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:19:ed:19:9e:89:6c:70:6b:49:e2:2c:30:16:
                    6b:09:0b:44:bc:bc:e8:8e:97:5a:f2:ae:7d:da:6b:
                    8a:cb:3e:78:d8:1d:d9:46:b6:17:81:15:d4:a6:31:
                    e4:f6:1a:f4:81:e8:dc:90:30:b5:09:7e:bb:14:11:
                    3e:f5:1b:c2:57:52:18:8f:e5:66:8d:b6:6e:8e:98:
                    b7:fd:76:12:83:2d:ac:fa:b3:74:03:69:1c:8d:f0:
                    21:66:08:a7:a2:15:15:bc:77:13:a1:a5:ea:15:21:
                    e5:d1:74:99:f5:92:42:d3:7f:16:c8:c9:33:42:65:
                    f5:4b:9c:3d:7f:e2:42:91:fc:f0:b0:ac:f2:b1:6f:
                    c5:99:7a:86:1d:0d:3a:f2:d5:81:bc:59:79:c4:0d:
                    4a:05:67:7e:6d:e1:59:23:7b:e3:07:69:9c:60:07:
                    86:bb:22:38:75:7f:e9:78:71:16:af:47:66:6c:a7:
                    11:a8:bb:d8:b8:c9:40:2a:ba:b6:db:7e:e5:92:c4:
                    48:42:df:f1:ac:cb:cb:eb:7a:e7:48:2d:ed:e9:ff:
                    63:3b:32:f6:ed:db:16:a7:84:45:3a:a3:fc:11:d5:
                    04:c6:b3:85:eb:08:12:9d:58:84:69:c4:c2:52:b6:
                    30:26:bb:0d:7c:c4:d3:e5:88:6d:75:e1:83:55:cf:
                    b5:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:F6:65:E4:C2:41:49:7F:34:B3:C5:8F:CE:C0:51:C6:41:4A:00:A5
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS212396.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.106.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:80:16:37:37:82:77:4b:bf:5b:0b:3e:61:f4:1f:8a:e4:45:
         2d:51:d3:e9:b4:35:86:e4:d9:35:61:d4:70:fc:fe:06:28:fb:
         2c:1f:a6:2a:09:be:50:7d:93:15:d0:d9:f3:57:7d:68:e7:ce:
         e4:32:26:80:44:c8:8c:48:6d:ae:ef:b6:b2:96:74:7a:a6:00:
         1d:49:29:c2:24:9e:23:5b:ab:d9:90:62:7f:5a:39:7c:e1:69:
         7c:cb:b7:f0:ed:71:3e:fa:af:67:b6:6a:59:3e:53:9c:14:76:
         c6:aa:d4:86:e1:1d:34:83:c8:58:1a:04:42:63:c3:65:d9:65:
         a3:86:53:cf:bb:f6:62:6d:ce:f9:15:23:be:43:0b:ca:cc:8d:
         85:50:6d:4c:f5:07:68:4a:b3:6a:ea:eb:a3:3a:6a:69:5c:d6:
         8a:0c:12:f7:54:43:7f:fc:19:51:20:fc:21:a2:70:f1:23:14:
         c5:48:90:cd:47:ec:d8:11:ba:d2:10:a4:7f:b7:c9:81:10:97:
         bc:3f:e8:b4:ff:ee:6b:21:4b:a1:9d:50:e6:36:04:74:d9:85:
         fb:eb:07:4a:de:ee:db:22:d2:84:6c:d9:dc:e8:6a:6d:f1:ac:
         85:ea:6c:90:aa:0f:f1:0f:84:a9:95:c4:ad:a1:23:b8:54:a6:
         03:ac:75:b2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUBGtgIStl1+0AS+5Wwa07PXsKGvYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAxMDEwODQ4NDlaFw0yNTEyMzEwODUzNDlaMDMxMTAvBgNV
BAMTKDRFRjY2NUU0QzI0MTQ5N0YzNEIzQzU4RkNFQzA1MUM2NDE0QTAwQTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdGe0ZnolscGtJ4iwwFmsJC0S8
vOiOl1ryrn3aa4rLPnjYHdlGtheBFdSmMeT2GvSB6NyQMLUJfrsUET71G8JXUhiP
5WaNtm6OmLf9dhKDLaz6s3QDaRyN8CFmCKeiFRW8dxOhpeoVIeXRdJn1kkLTfxbI
yTNCZfVLnD1/4kKR/PCwrPKxb8WZeoYdDTry1YG8WXnEDUoFZ35t4Vkje+MHaZxg
B4a7Ijh1f+l4cRavR2ZspxGou9i4yUAqurbbfuWSxEhC3/Gsy8vreudILe3p/2M7
Mvbt2xanhEU6o/wR1QTGs4XrCBKdWIRpxMJStjAmuw18xNPliG114YNVz7VtAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUTvZl5MJBSX80s8WPzsBRxkFKAKUwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjEyMzk2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbWoB
MA0GCSqGSIb3DQEBCwUAA4IBAQBCgBY3N4J3S79bCz5h9B+K5EUtUdPptDWG5Nk1
YdRw/P4GKPssH6YqCb5QfZMV0NnzV31o587kMiaARMiMSG2u77aylnR6pgAdSSnC
JJ4jW6vZkGJ/Wjl84Wl8y7fw7XE++q9ntmpZPlOcFHbGqtSG4R00g8hYGgRCY8Nl
2WWjhlPPu/Zibc75FSO+QwvKzI2FUG1M9QdoSrNq6uujOmppXNaKDBL3VEN//BlR
IPwhonDxIxTFSJDNR+zYEbrSEKR/t8mBEJe8P+i0/+5rIUuhnVDmNgR02YX76wdK
3u7bItKEbNnc6Gpt8ayF6myQqg/xD4SplcStoSO4VKYDrHWy
-----END CERTIFICATE-----