Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS211975.roa
File:                     AS211975.roa (raw, json)
Hash identifier:          7geByuiw2mbMIr9A5QD5V0Z21VJrLrJO46btxg+JSP4=
Subject key identifier:   32:5B:9A:B4:1D:D5:2E:9E:1E:EE:B8:38:F3:40:76:18:40:BE:9F:DE
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       0155BDB686516F001C2A8DBC848ABECF55B7B318
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS211975.roa
Signing time:             Thu 14 Nov 2024 11:54:36 +0000
ROA not before:           Thu 14 Nov 2024 11:49:36 +0000
ROA not after:            Thu 13 Nov 2025 11:54:36 +0000
asID:                     211975
IP address blocks:        150.241.130.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:55:bd:b6:86:51:6f:00:1c:2a:8d:bc:84:8a:be:cf:55:b7:b3:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Nov 14 11:49:36 2024 GMT
            Not After : Nov 13 11:54:36 2025 GMT
        Subject: CN=325B9AB41DD52E9E1EEEB838F340761840BE9FDE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:42:5d:4b:21:41:4b:66:9b:fa:55:cf:f9:8e:
                    c1:3f:0f:49:92:ee:1a:79:19:bc:b3:76:7d:1e:29:
                    7f:68:a2:97:9f:cb:fe:f1:d7:64:2b:8d:f1:8f:57:
                    6f:d5:4e:c8:f8:c2:20:d4:04:24:86:c3:ea:1e:fe:
                    c0:17:5b:3c:d1:c5:59:ac:62:88:f8:8d:e4:07:98:
                    a2:bd:e8:b2:74:ee:d7:49:20:68:f0:c6:b6:ba:c1:
                    3a:f9:27:52:ba:96:ed:af:a5:d0:bb:a7:42:ac:fd:
                    f4:69:df:4b:3d:eb:90:ba:4e:d2:7c:8a:f7:c1:7a:
                    76:06:dc:9f:d2:45:08:38:92:70:b9:40:35:90:92:
                    86:d5:b6:06:68:8c:23:e2:89:13:db:13:97:96:d3:
                    35:34:3e:86:84:47:d8:42:89:1b:9c:a9:cd:cd:68:
                    fc:b3:81:7a:07:31:9d:7a:f1:ff:f0:45:2e:a7:49:
                    a4:95:e9:25:5b:df:ef:0e:61:b7:88:24:90:e3:8b:
                    c0:67:a4:31:cd:b3:c6:2c:d9:25:a6:5f:e0:d5:f4:
                    26:84:8a:61:76:3f:6b:6b:3a:8d:53:83:95:a9:12:
                    d2:03:0b:e6:1e:c4:9a:81:df:4a:49:b3:ca:63:f0:
                    ab:c5:5f:41:fb:56:7c:7c:6e:4d:d5:9e:d7:e2:42:
                    9e:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:5B:9A:B4:1D:D5:2E:9E:1E:EE:B8:38:F3:40:76:18:40:BE:9F:DE
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS211975.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.241.130.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5c:13:8e:90:0b:f7:94:f3:d5:08:7c:59:f4:6b:c9:ce:05:63:
         83:26:ae:46:a0:59:59:55:c1:9f:fc:68:a0:91:c0:60:c8:2a:
         39:47:75:00:65:34:40:4c:62:49:c2:4c:7c:11:12:1d:39:34:
         85:74:31:9c:e2:9b:71:0c:8f:00:22:93:49:01:bd:f8:93:b5:
         00:f9:96:d4:2b:4a:9c:62:7c:95:bf:e0:1f:b2:b2:35:48:ff:
         40:f1:bc:fb:d6:3e:81:d4:f2:a9:c1:f7:c9:06:09:84:f7:a3:
         bf:a7:05:55:a6:e6:32:90:f9:b3:8c:54:34:fa:b3:34:d0:7f:
         6b:2d:ba:ab:2d:30:60:1e:75:66:6e:f0:ff:6f:e9:32:68:41:
         5f:56:bd:04:06:41:ee:41:31:88:94:3f:53:bc:c8:52:08:2b:
         dc:17:55:44:af:08:44:f6:5d:08:fc:cb:b9:7f:82:4f:58:57:
         35:02:7c:98:69:85:b2:35:95:1e:d6:db:16:91:9a:8d:6e:78:
         c4:2f:82:43:2e:3e:80:a7:45:fc:a4:72:f0:b1:82:c2:03:38:
         70:59:d9:1f:0f:3a:b7:43:78:e9:8c:87:19:9c:58:b1:a5:ea:
         ac:c4:7a:e4:49:69:1f:30:80:21:b4:1f:dc:8e:d7:ba:24:c1:
         7e:ec:07:13
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUAVW9toZRbwAcKo28hIq+z1W3sxgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDExMTQxMTQ5MzZaFw0yNTExMTMxMTU0MzZaMDMxMTAvBgNV
BAMTKDMyNUI5QUI0MURENTJFOUUxRUVFQjgzOEYzNDA3NjE4NDBCRTlGREUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1Ql1LIUFLZpv6Vc/5jsE/D0mS
7hp5Gbyzdn0eKX9oopefy/7x12QrjfGPV2/VTsj4wiDUBCSGw+oe/sAXWzzRxVms
Yoj4jeQHmKK96LJ07tdJIGjwxra6wTr5J1K6lu2vpdC7p0Ks/fRp30s965C6TtJ8
ivfBenYG3J/SRQg4knC5QDWQkobVtgZojCPiiRPbE5eW0zU0PoaER9hCiRucqc3N
aPyzgXoHMZ168f/wRS6nSaSV6SVb3+8OYbeIJJDji8BnpDHNs8Ys2SWmX+DV9CaE
imF2P2trOo1Tg5WpEtIDC+YexJqB30pJs8pj8KvFX0H7Vnx8bk3VntfiQp4NAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUMluatB3VLp4e7rg480B2GEC+n94wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjExOTc1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBlvGC
MA0GCSqGSIb3DQEBCwUAA4IBAQBcE46QC/eU89UIfFn0a8nOBWODJq5GoFlZVcGf
/GigkcBgyCo5R3UAZTRATGJJwkx8ERIdOTSFdDGc4ptxDI8AIpNJAb34k7UA+ZbU
K0qcYnyVv+AfsrI1SP9A8bz71j6B1PKpwffJBgmE96O/pwVVpuYykPmzjFQ0+rM0
0H9rLbqrLTBgHnVmbvD/b+kyaEFfVr0EBkHuQTGIlD9TvMhSCCvcF1VErwhE9l0I
/Mu5f4JPWFc1AnyYaYWyNZUe1tsWkZqNbnjEL4JDLj6Ap0X8pHLwsYLCAzhwWdkf
Dzq3Q3jpjIcZnFixpeqsxHrkSWkfMIAhtB/cjte6JMF+7AcT
-----END CERTIFICATE-----