Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS210574.roa
File:                     AS210574.roa (raw, json)
Hash identifier:          7PdBh8Mxdyr2GkHRVMbfpWpBwqMN3U2Zl59NX95jmWU=
Subject key identifier:   B1:2B:79:AE:7C:C9:04:15:85:8B:BD:28:C3:38:E2:22:85:30:F6:0B
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       302A2970B26745FE1CC4E54C679DC2B842422F28
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS210574.roa
Signing time:             Thu 30 Nov 2023 13:05:07 +0000
ROA not before:           Thu 30 Nov 2023 13:00:07 +0000
ROA not after:            Thu 28 Nov 2024 13:05:07 +0000
asID:                     210574
IP address blocks:        193.111.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:2a:29:70:b2:67:45:fe:1c:c4:e5:4c:67:9d:c2:b8:42:42:2f:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Nov 30 13:00:07 2023 GMT
            Not After : Nov 28 13:05:07 2024 GMT
        Subject: CN=B12B79AE7CC90415858BBD28C338E2228530F60B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:6c:cd:78:a3:81:c0:51:e7:33:f1:33:d4:b4:
                    d6:0a:33:40:ce:4a:15:c7:e1:26:00:dd:51:b3:61:
                    fe:f7:a8:07:0a:dc:76:f6:65:5e:89:5d:db:c0:40:
                    ba:1a:d2:2e:0b:26:46:b4:af:e5:d6:42:12:b6:7e:
                    e0:90:7e:48:a7:aa:a2:04:64:52:70:97:ba:a9:bf:
                    4d:bc:6d:82:45:eb:62:fb:b5:f4:42:39:ea:40:05:
                    95:9f:40:b5:a7:c8:f8:19:0f:65:0a:1a:ca:86:31:
                    a6:4f:06:30:5a:46:fd:a5:b1:a2:33:4e:a9:04:ed:
                    a0:dd:e5:c8:9a:1a:0c:55:d2:b0:ce:d8:8f:0a:81:
                    a5:27:5d:fa:0c:91:a1:17:15:d6:da:fb:07:81:3c:
                    62:34:b4:da:b9:ac:20:a6:2b:92:cd:71:67:78:77:
                    b2:a7:58:dd:a0:43:7c:89:25:56:4f:01:26:b0:ab:
                    e5:59:b9:b5:32:dd:8c:6d:e2:dc:e1:00:8b:cf:6e:
                    9b:53:e3:e5:71:93:a1:e1:70:02:ba:23:91:75:72:
                    2b:53:5c:66:2b:5d:64:bd:81:52:95:9c:f2:65:32:
                    a9:0a:04:c2:b3:aa:96:4c:b8:94:a8:b0:08:6d:25:
                    fc:94:4e:78:a5:b6:af:00:8b:6c:f5:20:7c:67:31:
                    f9:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:2B:79:AE:7C:C9:04:15:85:8B:BD:28:C3:38:E2:22:85:30:F6:0B
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS210574.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:cf:a9:0c:53:cd:a9:97:d9:af:c7:3c:48:07:a3:d0:1e:c1:
         aa:90:13:31:51:28:7f:dd:af:e4:97:ec:16:74:b5:7b:4d:de:
         ae:38:77:29:e3:74:c1:23:50:da:2c:80:ab:bd:bf:6a:84:b6:
         65:38:5c:6e:14:97:4e:8b:fc:6c:82:f1:b1:c6:16:26:27:20:
         6f:2b:6f:04:7d:1e:0c:3e:51:ac:bd:5f:2a:a8:ce:39:c5:b8:
         18:d9:59:53:5d:28:f3:22:2d:c7:2b:bf:aa:41:28:57:e6:c8:
         5e:30:5c:1d:02:8a:d2:dc:ef:ae:bd:9b:80:49:63:83:a8:d1:
         70:96:81:ed:9b:69:8c:e4:4e:75:28:3c:23:51:66:c5:89:07:
         be:ee:8a:ea:04:a5:94:98:6f:c1:9a:e2:19:8c:41:77:27:4f:
         c9:6f:5c:7a:6f:5e:92:ea:ba:a9:b5:87:3b:f6:df:88:49:39:
         16:cf:45:87:ab:c2:0d:b8:61:2e:40:8c:66:55:34:a6:b9:be:
         00:64:bc:bf:97:c8:7b:1a:7b:a0:a9:58:ca:d9:58:10:88:a4:
         88:ab:e5:dc:7a:d2:7d:d7:12:68:c0:90:11:e4:f7:55:e1:e0:
         d7:79:f6:2c:b2:4b:2e:65:9e:70:06:b0:15:2b:5f:e3:d3:19:
         e9:3d:a5:50
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUMCopcLJnRf4cxOVMZ53CuEJCLygwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yMzExMzAxMzAwMDdaFw0yNDExMjgxMzA1MDdaMDMxMTAvBgNV
BAMTKEIxMkI3OUFFN0NDOTA0MTU4NThCQkQyOEMzMzhFMjIyODUzMEY2MEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4bM14o4HAUecz8TPUtNYKM0DO
ShXH4SYA3VGzYf73qAcK3Hb2ZV6JXdvAQLoa0i4LJka0r+XWQhK2fuCQfkinqqIE
ZFJwl7qpv028bYJF62L7tfRCOepABZWfQLWnyPgZD2UKGsqGMaZPBjBaRv2lsaIz
TqkE7aDd5ciaGgxV0rDO2I8KgaUnXfoMkaEXFdba+weBPGI0tNq5rCCmK5LNcWd4
d7KnWN2gQ3yJJVZPASawq+VZubUy3Yxt4tzhAIvPbptT4+Vxk6HhcAK6I5F1citT
XGYrXWS9gVKVnPJlMqkKBMKzqpZMuJSosAhtJfyUTniltq8Ai2z1IHxnMfnhAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUsSt5rnzJBBWFi70owzjiIoUw9gswHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjEwNTc0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW99
MA0GCSqGSIb3DQEBCwUAA4IBAQB/z6kMU82pl9mvxzxIB6PQHsGqkBMxUSh/3a/k
l+wWdLV7Td6uOHcp43TBI1DaLICrvb9qhLZlOFxuFJdOi/xsgvGxxhYmJyBvK28E
fR4MPlGsvV8qqM45xbgY2VlTXSjzIi3HK7+qQShX5sheMFwdAorS3O+uvZuASWOD
qNFwloHtm2mM5E51KDwjUWbFiQe+7orqBKWUmG/BmuIZjEF3J0/Jb1x6b16S6rqp
tYc79t+ISTkWz0WHq8INuGEuQIxmVTSmub4AZLy/l8h7GnugqVjK2VgQiKSIq+Xc
etJ91xJowJAR5PdV4eDXefYssksuZZ5wBrAVK1/j0xnpPaVQ
-----END CERTIFICATE-----