Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS212335.roa
File:                     AS212335.roa (raw, json)
Hash identifier:          Wf06K4vtT2TrkaULr6CJAaWlptNRt5QgdTf5zp9kKao=
Subject key identifier:   07:85:39:79:D7:67:4A:4A:A1:04:23:D0:AE:5E:0A:1C:CF:1F:5C:B4
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       6E3A9FA94F344B0065FA9112803CDA978BE41F1E
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS212335.roa
Signing time:             Fri 28 Jun 2024 10:08:28 +0000
ROA not before:           Fri 28 Jun 2024 10:03:28 +0000
ROA not after:            Fri 27 Jun 2025 10:08:28 +0000
asID:                     212335
IP address blocks:        146.103.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:3a:9f:a9:4f:34:4b:00:65:fa:91:12:80:3c:da:97:8b:e4:1f:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun 28 10:03:28 2024 GMT
            Not After : Jun 27 10:08:28 2025 GMT
        Subject: CN=07853979D7674A4AA10423D0AE5E0A1CCF1F5CB4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:86:ff:b7:bb:9e:0c:d0:26:03:08:06:4a:c3:
                    18:bc:db:c8:32:8b:9d:f6:0e:4f:b0:42:17:d1:23:
                    1d:bc:c2:ea:35:2f:7f:3b:4c:e6:61:d3:e2:3b:0d:
                    6b:f0:9e:66:47:13:89:b4:25:2e:cb:97:26:d1:d1:
                    b2:2f:18:f3:17:35:b5:ab:c4:7c:64:e2:b8:e2:1a:
                    6b:4e:08:b9:b6:aa:9e:20:06:ae:d8:2d:ca:71:cd:
                    f3:d0:fe:33:6b:d3:94:a3:3a:c6:e6:0e:ea:f6:66:
                    f6:63:62:25:f5:9e:33:18:2d:69:fe:0a:ba:c9:41:
                    02:6b:35:0b:14:d6:30:08:6b:22:4c:3a:87:3c:60:
                    00:64:12:5d:e2:35:73:73:7b:29:db:83:4e:91:b1:
                    01:79:2f:18:6e:10:60:df:06:28:79:2b:a2:ab:34:
                    f0:7b:39:a7:aa:0c:14:70:a8:2f:cd:47:80:98:58:
                    4b:8a:dd:4b:5e:4b:8c:a6:00:08:7d:4a:fa:8f:ef:
                    0c:14:04:68:7b:07:1a:ff:1c:2c:51:57:2d:7d:17:
                    75:73:bf:5c:a6:1e:fd:49:53:fa:e5:a9:c9:b0:7b:
                    0e:df:80:62:c9:c8:47:15:28:f3:29:b3:dc:41:da:
                    bf:59:60:8c:55:07:27:e5:46:70:cc:9e:75:64:18:
                    00:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:85:39:79:D7:67:4A:4A:A1:04:23:D0:AE:5E:0A:1C:CF:1F:5C:B4
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS212335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:2e:34:b4:1f:81:e9:0f:f2:66:7d:d2:6f:03:f7:ed:f5:c5:
         55:39:32:10:73:78:98:0e:35:7b:a5:52:85:9c:a0:e3:1f:dc:
         d4:1b:85:09:a8:9e:15:f5:f2:61:52:c8:9d:5b:4b:df:71:8c:
         db:88:21:a0:0b:38:11:57:f7:48:96:09:b1:b3:6e:44:dd:de:
         a2:1e:88:89:a6:59:1b:d7:44:35:2e:32:ce:95:46:86:df:28:
         6d:15:df:2e:18:7c:9a:9f:6b:08:dc:90:c6:f0:b5:f4:50:f9:
         6f:d8:dd:fc:20:ed:c9:77:63:cd:38:2c:75:7a:72:cd:f2:03:
         d0:71:dc:7f:2f:54:19:15:a8:2a:46:9a:c3:e2:73:4f:6f:14:
         68:c5:48:26:44:bb:37:1c:da:94:dc:d5:21:a3:2c:3f:30:50:
         ec:8b:85:bf:fe:aa:79:09:5d:05:e3:a0:a7:e2:b0:9b:df:75:
         9b:a7:4c:f4:f4:f2:35:2a:96:ad:79:ae:4f:cc:9f:26:08:16:
         90:b2:fc:49:d6:e3:12:4e:f9:46:eb:76:d6:8b:7d:0f:ed:97:
         df:67:c5:05:0a:68:bd:9e:fe:a7:d3:5c:89:e0:e3:ed:32:2e:
         0b:b0:cf:db:50:39:cf:1d:ea:04:8f:2a:4b:4d:30:36:73:8b:
         8b:11:14:fd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUbjqfqU80SwBl+pESgDzal4vkHx4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA2MjgxMDAzMjhaFw0yNTA2MjcxMDA4MjhaMDMxMTAvBgNV
BAMTKDA3ODUzOTc5RDc2NzRBNEFBMTA0MjNEMEFFNUUwQTFDQ0YxRjVDQjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCchv+3u54M0CYDCAZKwxi828gy
i532Dk+wQhfRIx28wuo1L387TOZh0+I7DWvwnmZHE4m0JS7LlybR0bIvGPMXNbWr
xHxk4rjiGmtOCLm2qp4gBq7YLcpxzfPQ/jNr05SjOsbmDur2ZvZjYiX1njMYLWn+
CrrJQQJrNQsU1jAIayJMOoc8YABkEl3iNXNzeynbg06RsQF5LxhuEGDfBih5K6Kr
NPB7OaeqDBRwqC/NR4CYWEuK3UteS4ymAAh9SvqP7wwUBGh7Bxr/HCxRVy19F3Vz
v1ymHv1JU/rlqcmwew7fgGLJyEcVKPMps9xB2r9ZYIxVByflRnDMnnVkGABZAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUB4U5eddnSkqhBCPQrl4KHM8fXLQwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjEyMzM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkmc9
MA0GCSqGSIb3DQEBCwUAA4IBAQB+LjS0H4HpD/JmfdJvA/ft9cVVOTIQc3iYDjV7
pVKFnKDjH9zUG4UJqJ4V9fJhUsidW0vfcYzbiCGgCzgRV/dIlgmxs25E3d6iHoiJ
plkb10Q1LjLOlUaG3yhtFd8uGHyan2sI3JDG8LX0UPlv2N38IO3Jd2PNOCx1enLN
8gPQcdx/L1QZFagqRprD4nNPbxRoxUgmRLs3HNqU3NUhoyw/MFDsi4W//qp5CV0F
46Cn4rCb33Wbp0z09PI1Kpatea5PzJ8mCBaQsvxJ1uMSTvlG63bWi30P7ZffZ8UF
Cmi9nv6n01yJ4OPtMi4LsM/bUDnPHeoEjypLTTA2c4uLERT9
-----END CERTIFICATE-----