Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214481.roa
File:                     AS214481.roa (raw, json)
Hash identifier:          N973GSDN+xoDmRW7smFM8ddpSCoseU0Ob5FNEz0R2Ns=
Subject key identifier:   79:9C:60:7A:A6:A4:2D:BB:D0:D1:2C:D1:71:13:45:10:CE:EE:83:F9
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       710AEA5409D4EAE7CCFA7E7CC05E796696EB7EFE
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214481.roa
Signing time:             Tue 15 Jul 2025 19:54:13 +0000
ROA not before:           Tue 15 Jul 2025 19:49:13 +0000
ROA not after:            Tue 14 Jul 2026 19:54:13 +0000
asID:                     214481
IP address blocks:        191.96.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:0a:ea:54:09:d4:ea:e7:cc:fa:7e:7c:c0:5e:79:66:96:eb:7e:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul 15 19:49:13 2025 GMT
            Not After : Jul 14 19:54:13 2026 GMT
        Subject: CN=799C607AA6A42DBBD0D12CD171134510CEEE83F9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:c7:d6:e9:c0:81:d3:9d:6a:2f:9b:d9:27:e4:
                    93:6c:0e:e1:75:0e:37:4a:7a:0d:8f:3a:fa:39:f7:
                    90:4a:94:77:6a:de:2b:30:51:d4:cc:49:cb:35:a0:
                    9b:49:bb:d7:96:60:d0:8c:6d:6f:92:9f:6d:2c:a5:
                    1e:a6:b5:9c:35:6f:12:77:34:9d:e4:0a:17:02:db:
                    37:50:8d:d7:96:b0:c6:52:df:dc:4b:94:db:d3:56:
                    a1:9a:9e:a0:62:e9:46:f2:2a:5d:c5:7f:c0:c7:3b:
                    31:8f:84:66:61:fc:f6:84:72:43:c3:de:43:bb:94:
                    e8:c7:be:89:7a:0e:70:f0:16:fc:2b:e7:bf:17:aa:
                    d1:55:38:2c:3a:52:60:f4:83:ba:c9:6d:76:27:90:
                    4e:54:1b:47:c3:3b:2b:16:c9:d5:a2:96:e4:25:e0:
                    d8:f2:c4:91:6b:a6:b6:0e:f4:12:f9:f2:01:f4:f2:
                    c1:0a:f2:1d:a8:a0:73:be:dd:d4:ae:03:5b:08:cf:
                    83:2f:01:86:19:fa:87:90:ff:8b:c2:5f:74:c7:80:
                    01:21:9a:21:88:e9:4a:2e:5f:32:fb:69:88:5d:23:
                    b4:9d:8b:3c:a0:95:2e:2e:8f:19:49:b9:87:b1:a4:
                    03:c7:47:0a:61:0c:37:52:cb:bc:aa:8a:60:64:8c:
                    40:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:9C:60:7A:A6:A4:2D:BB:D0:D1:2C:D1:71:13:45:10:CE:EE:83:F9
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214481.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:02:1a:48:01:0b:87:84:87:22:1f:2e:a0:ee:76:59:0c:52:
         02:63:db:62:1f:64:b5:f2:a1:8f:79:33:e8:05:bb:76:c8:1a:
         e8:17:e3:d3:c3:76:c5:14:24:3d:b5:2a:3a:25:8f:cc:40:a9:
         28:a6:da:f0:39:0d:07:c9:24:92:cb:7f:a7:fe:79:8f:69:84:
         13:c0:86:31:5b:97:c4:d0:6f:b7:f4:92:41:7b:3f:6f:8e:ea:
         d7:6c:40:3b:c3:79:88:43:91:a3:97:c3:fd:fc:ed:77:aa:ae:
         6f:d2:cd:97:e1:f5:31:9e:7e:0b:6b:38:56:14:df:a3:cb:b9:
         73:17:ec:85:40:ad:23:57:84:cd:de:cd:82:18:5d:72:da:ea:
         30:45:8e:83:da:c6:37:07:9f:08:83:d2:9f:6d:82:1f:70:e4:
         97:90:f8:a0:ef:a7:8e:ea:04:68:9b:3b:8b:02:89:9d:9d:31:
         7e:e2:cf:fa:65:e3:0d:07:15:2b:fc:70:88:ed:e4:31:04:e7:
         5a:a5:d7:77:4d:3c:13:93:33:eb:cf:31:ac:db:34:97:eb:86:
         db:8b:78:52:e2:70:d3:37:96:6d:fd:64:3e:98:b1:2e:b6:b7:
         80:88:9c:17:c6:2e:09:db:91:f7:6d:03:3d:78:a2:da:89:5f:
         6a:a9:57:53
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUcQrqVAnU6ufM+n58wF55Zpbrfv4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA3MTUxOTQ5MTNaFw0yNjA3MTQxOTU0MTNaMDMxMTAvBgNV
BAMTKDc5OUM2MDdBQTZBNDJEQkJEMEQxMkNEMTcxMTM0NTEwQ0VFRTgzRjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtx9bpwIHTnWovm9kn5JNsDuF1
DjdKeg2POvo595BKlHdq3iswUdTMScs1oJtJu9eWYNCMbW+Sn20spR6mtZw1bxJ3
NJ3kChcC2zdQjdeWsMZS39xLlNvTVqGanqBi6UbyKl3Ff8DHOzGPhGZh/PaEckPD
3kO7lOjHvol6DnDwFvwr578XqtFVOCw6UmD0g7rJbXYnkE5UG0fDOysWydWiluQl
4NjyxJFrprYO9BL58gH08sEK8h2ooHO+3dSuA1sIz4MvAYYZ+oeQ/4vCX3THgAEh
miGI6UouXzL7aYhdI7SdizyglS4ujxlJuYexpAPHRwphDDdSy7yqimBkjECRAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUeZxgeqakLbvQ0SzRcRNFEM7ug/kwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE0NDgxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2AL
MA0GCSqGSIb3DQEBCwUAA4IBAQBKAhpIAQuHhIciHy6g7nZZDFICY9tiH2S18qGP
eTPoBbt2yBroF+PTw3bFFCQ9tSo6JY/MQKkoptrwOQ0HySSSy3+n/nmPaYQTwIYx
W5fE0G+39JJBez9vjurXbEA7w3mIQ5Gjl8P9/O13qq5v0s2X4fUxnn4LazhWFN+j
y7lzF+yFQK0jV4TN3s2CGF1y2uowRY6D2sY3B58Ig9KfbYIfcOSXkPig76eO6gRo
mzuLAomdnTF+4s/6ZeMNBxUr/HCI7eQxBOdapdd3TTwTkzPrzzGs2zSX64bbi3hS
4nDTN5Zt/WQ+mLEutreAiJwXxi4J25H3bQM9eKLaiV9qqVdT
-----END CERTIFICATE-----