Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS212396.roa
File:                     AS212396.roa (raw, json)
Hash identifier:          rXD+4K6eqG5iEHVuaCacj4TPtTd1B/ucpa1z47u2ARw=
Subject key identifier:   CE:73:03:B3:96:44:D8:E0:68:BA:00:88:D2:AE:3D:5E:C7:19:B2:FB
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       2FA8C6DD6B451FC4097E4A972B7A488C5A7F68E3
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS212396.roa
Signing time:             Wed 31 Jan 2024 08:05:11 +0000
ROA not before:           Wed 31 Jan 2024 08:00:11 +0000
ROA not after:            Wed 29 Jan 2025 08:05:11 +0000
asID:                     212396
IP address blocks:        109.106.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:a8:c6:dd:6b:45:1f:c4:09:7e:4a:97:2b:7a:48:8c:5a:7f:68:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:11 2024 GMT
            Not After : Jan 29 08:05:11 2025 GMT
        Subject: CN=CE7303B39644D8E068BA0088D2AE3D5EC719B2FB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:7c:74:b9:ce:a2:21:b1:db:73:43:ad:3d:97:
                    e4:b4:21:5b:05:d8:0c:ca:1f:97:07:e7:b0:0d:39:
                    c8:1c:d7:b2:06:46:4e:47:d3:c7:16:01:1b:ea:6e:
                    77:2a:f1:d5:d0:8e:3a:f7:5a:52:eb:1c:a7:61:fb:
                    64:83:b1:be:2b:25:b5:ae:e3:ab:c8:cb:81:c5:00:
                    3e:d1:9f:37:38:7f:de:2b:90:9c:23:ed:f0:a2:b3:
                    ef:5d:d6:08:8d:48:5c:65:47:e5:1a:bb:d3:26:29:
                    40:60:ad:e6:a6:5a:f2:48:cc:d5:c9:0d:04:dc:f0:
                    6c:4e:a7:33:9d:fa:96:b1:d0:dc:99:59:63:9a:a6:
                    18:4d:70:ce:8b:0d:5a:2e:03:41:fa:cc:e1:bd:9b:
                    bd:50:e9:40:b1:2a:23:3f:09:ef:63:09:59:e3:8f:
                    5c:f0:e1:9b:90:f2:c5:c8:4f:ba:42:f1:aa:09:0e:
                    b7:e8:9b:9e:0c:ab:8e:ce:d6:b7:c5:61:a4:b1:dd:
                    07:2b:99:0c:e2:db:2a:06:a9:09:c0:35:20:0e:ec:
                    0c:ee:9b:13:7f:28:dc:84:bb:54:7a:b4:de:9f:60:
                    c8:2e:17:ed:a4:a9:3a:9c:44:f0:b7:51:52:14:38:
                    a7:3e:db:b5:b3:ca:23:75:1a:a8:8d:44:b0:4d:c0:
                    ff:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:73:03:B3:96:44:D8:E0:68:BA:00:88:D2:AE:3D:5E:C7:19:B2:FB
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS212396.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.106.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:72:c1:f7:29:58:0a:7e:4c:cf:24:fa:88:14:be:e6:01:51:
         dd:f2:05:72:92:5d:c1:fe:67:4f:f4:f8:36:d9:2e:0d:46:c3:
         f0:c6:f1:bb:c6:ab:91:20:64:d2:e1:1c:a1:7c:03:6c:4f:87:
         b5:f2:18:0a:b2:9a:81:ed:0d:00:c4:7a:b1:2b:f3:2e:53:2c:
         9c:55:b4:bd:0d:ff:4a:84:03:de:e9:9e:e7:bf:2f:1c:28:44:
         c9:2e:cf:53:89:b7:53:30:a7:25:ec:b2:81:09:80:aa:67:70:
         a3:c4:aa:48:78:7e:a2:26:11:11:02:26:23:05:f4:36:83:30:
         12:5f:82:61:47:82:d8:a0:52:71:4e:36:b8:77:54:8c:d9:61:
         43:11:38:2c:d0:8e:57:2c:1e:c3:76:cc:a6:a5:75:09:e9:ed:
         4d:25:9c:4f:cb:3f:ac:85:5e:76:29:b6:6b:8e:2f:b8:3b:fd:
         ad:ae:72:b5:1d:93:ff:61:9a:dc:99:81:e5:b9:61:0e:4b:55:
         61:2e:88:e5:4e:8a:39:9c:86:f4:e4:4f:ff:09:bf:91:f9:aa:
         ac:26:8e:63:d7:83:1d:99:a2:38:0b:56:26:b6:33:09:42:3e:
         64:65:8e:97:03:c3:fe:f6:20:62:69:aa:d1:b9:65:43:e3:76:
         2b:6f:5a:fe
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUL6jG3WtFH8QJfkqXK3pIjFp/aOMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMTFaFw0yNTAxMjkwODA1MTFaMDMxMTAvBgNV
BAMTKENFNzMwM0IzOTY0NEQ4RTA2OEJBMDA4OEQyQUUzRDVFQzcxOUIyRkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdfHS5zqIhsdtzQ609l+S0IVsF
2AzKH5cH57ANOcgc17IGRk5H08cWARvqbncq8dXQjjr3WlLrHKdh+2SDsb4rJbWu
46vIy4HFAD7Rnzc4f94rkJwj7fCis+9d1giNSFxlR+Uau9MmKUBgreamWvJIzNXJ
DQTc8GxOpzOd+pax0NyZWWOaphhNcM6LDVouA0H6zOG9m71Q6UCxKiM/Ce9jCVnj
j1zw4ZuQ8sXIT7pC8aoJDrfom54Mq47O1rfFYaSx3QcrmQzi2yoGqQnANSAO7Azu
mxN/KNyEu1R6tN6fYMguF+2kqTqcRPC3UVIUOKc+27WzyiN1GqiNRLBNwP+/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUznMDs5ZE2OBougCI0q49XscZsvswHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjEyMzk2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbWoB
MA0GCSqGSIb3DQEBCwUAA4IBAQAQcsH3KVgKfkzPJPqIFL7mAVHd8gVykl3B/mdP
9Pg22S4NRsPwxvG7xquRIGTS4RyhfANsT4e18hgKspqB7Q0AxHqxK/MuUyycVbS9
Df9KhAPe6Z7nvy8cKETJLs9TibdTMKcl7LKBCYCqZ3CjxKpIeH6iJhERAiYjBfQ2
gzASX4JhR4LYoFJxTja4d1SM2WFDETgs0I5XLB7DdsympXUJ6e1NJZxPyz+shV52
KbZrji+4O/2trnK1HZP/YZrcmYHluWEOS1VhLojlToo5nIb05E//Cb+R+aqsJo5j
14MdmaI4C1YmtjMJQj5kZY6XA8P+9iBiaarRuWVD43Yrb1r+
-----END CERTIFICATE-----