Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS211975.roa
File:                     AS211975.roa (raw, json)
Hash identifier:          wPknNvACGLLJc9eK5YLHq+8Se170qU/NCL/NtoXgQAs=
Subject key identifier:   35:5B:45:F9:E1:C9:F4:9B:AB:A8:8F:1D:60:8E:BC:38:E7:5F:26:63
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       4661157299DC510EAC3DEB9C3154EC61684C4A9F
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS211975.roa
Signing time:             Sat 06 Apr 2024 11:09:30 +0000
ROA not before:           Sat 06 Apr 2024 11:04:30 +0000
ROA not after:            Sat 05 Apr 2025 11:09:30 +0000
asID:                     211975
IP address blocks:        140.233.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:61:15:72:99:dc:51:0e:ac:3d:eb:9c:31:54:ec:61:68:4c:4a:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr  6 11:04:30 2024 GMT
            Not After : Apr  5 11:09:30 2025 GMT
        Subject: CN=355B45F9E1C9F49BABA88F1D608EBC38E75F2663
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:a3:d3:94:e1:c3:dc:57:cf:47:54:81:db:d1:
                    b0:98:ea:70:52:55:32:cc:98:d0:43:85:3a:aa:bc:
                    ed:6a:04:67:6a:b6:b2:41:1a:d6:29:1d:15:cf:2a:
                    d0:14:9d:32:a7:a3:61:45:f9:0c:9b:f5:19:db:5e:
                    56:2f:ec:ef:df:28:f0:85:de:7a:ed:9d:c4:cb:05:
                    0e:dc:14:72:62:8e:fc:f8:87:f1:c4:3b:bd:8b:85:
                    80:b1:84:3a:7b:08:64:4e:f8:7b:d3:aa:73:27:05:
                    a3:32:0a:5a:ee:5b:c3:fa:4d:32:fe:5a:a4:55:84:
                    1b:63:f2:9d:75:11:4b:54:a8:9f:d8:59:ad:98:97:
                    7b:01:a6:74:80:80:41:bd:cb:d6:fd:b5:24:bc:7e:
                    e2:40:0f:63:6f:47:e6:d4:de:1d:f8:40:98:0e:d8:
                    39:43:9d:b4:51:c1:bd:0a:49:ed:1f:ca:47:12:7f:
                    f1:bb:cf:5b:d1:5f:eb:06:d8:ca:6e:33:b7:94:59:
                    a0:c2:48:5d:70:32:a8:48:f5:c4:03:1c:f5:24:e9:
                    63:e7:e6:65:50:7b:bb:a3:0e:f0:1f:f3:79:e6:0f:
                    5c:16:15:ff:51:4c:3d:96:8e:5f:fe:17:ce:d0:e0:
                    7d:5b:b2:55:ca:fe:69:b1:90:0e:5a:79:b4:36:be:
                    3f:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:5B:45:F9:E1:C9:F4:9B:AB:A8:8F:1D:60:8E:BC:38:E7:5F:26:63
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS211975.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.233.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:77:ca:80:d9:ac:9b:31:08:93:70:0c:d9:d1:1c:75:b9:11:
         6d:42:a6:0b:27:9e:1f:0b:10:73:27:f2:db:f6:b9:09:28:38:
         ba:42:7c:6c:17:47:2a:6c:ea:b0:68:72:fb:7c:ca:49:b5:b2:
         47:8b:1e:77:6f:b0:a4:91:73:33:59:7b:f2:fa:c0:64:70:d5:
         cc:15:67:e8:bf:dc:19:84:29:9c:8f:70:81:cd:e3:8c:4e:4b:
         b9:d2:7f:bb:18:32:99:9e:89:cc:46:d5:82:ee:d5:c3:67:fd:
         dd:a3:91:c3:78:26:e1:eb:62:8f:e5:aa:dc:d3:c9:9b:a7:68:
         5a:6b:ce:1f:4c:69:e1:3b:d9:04:c5:5b:00:58:ed:28:83:a6:
         c0:24:e4:41:90:76:56:ae:c8:40:d3:bd:4e:c8:c0:b8:f7:58:
         f0:46:d3:d9:3d:f5:81:c9:a6:be:dc:ff:d9:4a:64:c5:ec:a2:
         86:0c:77:b7:d0:7e:04:6a:d1:ce:ab:21:11:31:50:98:f4:7b:
         fd:06:44:ab:be:ad:52:82:83:3a:15:33:51:cb:02:b1:9a:63:
         cc:2a:74:6b:bf:ae:7f:9a:45:32:51:49:db:5d:ff:35:db:b6:
         ab:a3:29:e8:cd:51:32:39:e3:cb:83:8a:21:95:21:e0:95:3a:
         00:f8:85:cd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURmEVcpncUQ6sPeucMVTsYWhMSp8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA0MDYxMTA0MzBaFw0yNTA0MDUxMTA5MzBaMDMxMTAvBgNV
BAMTKDM1NUI0NUY5RTFDOUY0OUJBQkE4OEYxRDYwOEVCQzM4RTc1RjI2NjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDo9OU4cPcV89HVIHb0bCY6nBS
VTLMmNBDhTqqvO1qBGdqtrJBGtYpHRXPKtAUnTKno2FF+Qyb9RnbXlYv7O/fKPCF
3nrtncTLBQ7cFHJijvz4h/HEO72LhYCxhDp7CGRO+HvTqnMnBaMyClruW8P6TTL+
WqRVhBtj8p11EUtUqJ/YWa2Yl3sBpnSAgEG9y9b9tSS8fuJAD2NvR+bU3h34QJgO
2DlDnbRRwb0KSe0fykcSf/G7z1vRX+sG2MpuM7eUWaDCSF1wMqhI9cQDHPUk6WPn
5mVQe7ujDvAf83nmD1wWFf9RTD2Wjl/+F87Q4H1bslXK/mmxkA5aebQ2vj+HAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUNVtF+eHJ9JurqI8dYI68OOdfJmMwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjExOTc1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjOmk
MA0GCSqGSIb3DQEBCwUAA4IBAQAwd8qA2aybMQiTcAzZ0Rx1uRFtQqYLJ54fCxBz
J/Lb9rkJKDi6QnxsF0cqbOqwaHL7fMpJtbJHix53b7CkkXMzWXvy+sBkcNXMFWfo
v9wZhCmcj3CBzeOMTku50n+7GDKZnonMRtWC7tXDZ/3do5HDeCbh62KP5arc08mb
p2haa84fTGnhO9kExVsAWO0og6bAJORBkHZWrshA071OyMC491jwRtPZPfWByaa+
3P/ZSmTF7KKGDHe30H4EatHOqyERMVCY9Hv9BkSrvq1SgoM6FTNRywKxmmPMKnRr
v65/mkUyUUnbXf8127aroynozVEyOePLg4ohlSHglToA+IXN
-----END CERTIFICATE-----