Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS211750.roa
File:                     AS211750.roa (raw, json)
Hash identifier:          MKa5ecme6h2d5Ys1wkogCm/oHpbJpzPtPjV1rtw/ync=
Subject key identifier:   68:84:EA:75:78:C2:AE:81:5A:42:95:44:54:CA:5F:E4:59:6F:AA:EA
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       1F49E81197FCB51F209461E623B2BC73789288B0
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS211750.roa
Signing time:             Wed 14 Aug 2024 17:05:04 +0000
ROA not before:           Wed 14 Aug 2024 17:00:04 +0000
ROA not after:            Wed 13 Aug 2025 17:05:04 +0000
asID:                     211750
IP address blocks:        140.233.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:49:e8:11:97:fc:b5:1f:20:94:61:e6:23:b2:bc:73:78:92:88:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Aug 14 17:00:04 2024 GMT
            Not After : Aug 13 17:05:04 2025 GMT
        Subject: CN=6884EA7578C2AE815A42954454CA5FE4596FAAEA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:e6:b0:de:e5:06:07:a3:74:8b:02:c9:99:59:
                    72:69:4c:22:5e:9c:b2:12:bd:e2:82:eb:98:d0:88:
                    5a:ed:2a:53:c4:55:7d:c6:e3:10:32:1b:45:60:43:
                    d5:18:f0:bd:c0:0e:0a:46:9f:9f:00:89:98:4e:2e:
                    68:be:cc:bb:07:c4:58:c1:6c:ae:b0:d0:b0:11:5f:
                    3b:98:6f:a1:71:49:83:5a:71:d9:6d:79:fa:76:22:
                    4a:fe:de:ef:03:40:a9:8b:63:a0:3a:e6:9e:89:13:
                    b0:98:ac:76:0c:ca:8d:23:be:17:c1:17:ec:a4:70:
                    e2:29:9c:3d:b6:b0:53:6a:01:c0:a8:28:6c:26:9b:
                    bd:c7:3e:39:c2:10:c1:89:c2:f1:aa:51:0e:82:53:
                    3d:6d:d0:de:6a:ea:89:e3:58:f9:13:6c:16:0b:3d:
                    a8:b9:0d:90:b4:d0:07:c6:79:8d:25:d2:66:cf:a3:
                    94:dc:94:e2:66:f7:99:e5:50:97:87:f4:56:7e:e7:
                    dc:43:99:33:0c:d7:b6:83:50:0f:76:92:f3:4b:cf:
                    6d:8c:69:55:ba:98:d4:16:85:77:b8:5e:a7:2b:b8:
                    2e:1f:1a:8e:64:86:12:68:7a:57:39:8f:4d:69:e0:
                    9d:a3:81:96:d3:1a:25:7a:3b:15:47:94:1f:a0:42:
                    3f:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:84:EA:75:78:C2:AE:81:5A:42:95:44:54:CA:5F:E4:59:6F:AA:EA
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS211750.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.233.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:04:2f:07:bb:e6:dd:a9:33:89:9b:b2:53:01:c0:0b:8a:d2:
         96:1c:ad:05:64:fb:9f:ad:38:04:5f:5b:41:94:60:03:6b:64:
         8d:0a:ab:5c:fc:4b:75:28:06:d6:bf:eb:f4:00:07:f0:fb:ca:
         b2:78:ca:df:78:c2:79:73:d2:16:16:d7:ad:d9:cf:f0:d2:3b:
         8e:52:da:0e:a1:61:57:0a:3e:f0:40:46:0d:ae:15:ed:46:96:
         2d:08:11:a2:59:55:76:0a:e7:d2:09:1b:c6:45:46:f2:03:84:
         c1:77:89:a1:ee:ba:64:77:2f:82:76:51:65:29:17:22:6b:dc:
         d5:e6:6e:e8:68:ee:6d:38:01:99:65:61:65:16:36:7d:8a:b2:
         97:13:9a:36:b4:fa:c9:39:6f:e5:67:61:b7:ce:d2:52:d9:cc:
         78:f2:55:e9:2b:7b:db:69:8c:6f:72:9e:5f:55:b9:c4:37:31:
         9e:2e:ca:a3:13:26:87:98:61:5e:c2:36:15:8e:62:9b:47:27:
         a2:eb:56:5e:68:52:bf:87:3b:a7:fb:a5:97:0a:2c:fd:dd:33:
         58:a4:94:bb:67:03:b7:0c:88:05:ee:2a:57:d2:7a:13:ad:58:
         a3:58:6c:89:ee:1a:5c:3d:60:cb:67:ed:2a:f0:ea:05:05:dc:
         ee:e9:58:86
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUH0noEZf8tR8glGHmI7K8c3iSiLAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA4MTQxNzAwMDRaFw0yNTA4MTMxNzA1MDRaMDMxMTAvBgNV
BAMTKDY4ODRFQTc1NzhDMkFFODE1QTQyOTU0NDU0Q0E1RkU0NTk2RkFBRUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCm5rDe5QYHo3SLAsmZWXJpTCJe
nLISveKC65jQiFrtKlPEVX3G4xAyG0VgQ9UY8L3ADgpGn58AiZhOLmi+zLsHxFjB
bK6w0LARXzuYb6FxSYNacdltefp2Ikr+3u8DQKmLY6A65p6JE7CYrHYMyo0jvhfB
F+ykcOIpnD22sFNqAcCoKGwmm73HPjnCEMGJwvGqUQ6CUz1t0N5q6onjWPkTbBYL
Pai5DZC00AfGeY0l0mbPo5TclOJm95nlUJeH9FZ+59xDmTMM17aDUA92kvNLz22M
aVW6mNQWhXe4XqcruC4fGo5khhJoelc5j01p4J2jgZbTGiV6OxVHlB+gQj+JAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUaITqdXjCroFaQpVEVMpf5FlvquowHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjExNzUwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjOmk
MA0GCSqGSIb3DQEBCwUAA4IBAQC1BC8Hu+bdqTOJm7JTAcALitKWHK0FZPufrTgE
X1tBlGADa2SNCqtc/Et1KAbWv+v0AAfw+8qyeMrfeMJ5c9IWFtet2c/w0juOUtoO
oWFXCj7wQEYNrhXtRpYtCBGiWVV2CufSCRvGRUbyA4TBd4mh7rpkdy+CdlFlKRci
a9zV5m7oaO5tOAGZZWFlFjZ9irKXE5o2tPrJOW/lZ2G3ztJS2cx48lXpK3vbaYxv
cp5fVbnENzGeLsqjEyaHmGFewjYVjmKbRyei61ZeaFK/hzun+6WXCiz93TNYpJS7
ZwO3DIgF7ipX0noTrVijWGyJ7hpcPWDLZ+0q8OoFBdzu6ViG
-----END CERTIFICATE-----