Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS210356.roa
File:                     AS210356.roa (raw, json)
Hash identifier:          p+/yey7isT/HN120WBl0L7XF9amb6zTjmNb9fv8pnzs=
Subject key identifier:   D0:12:BC:9D:77:05:BD:24:05:DB:3C:5B:E8:00:16:90:13:71:85:6C
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       14C17B88BAFE91D8276048C67891564657326026
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS210356.roa
Signing time:             Wed 31 Jan 2024 08:05:11 +0000
ROA not before:           Wed 31 Jan 2024 08:00:11 +0000
ROA not after:            Wed 29 Jan 2025 08:05:11 +0000
asID:                     210356
IP address blocks:        181.214.48.0/24 maxlen: 24
                          181.214.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:c1:7b:88:ba:fe:91:d8:27:60:48:c6:78:91:56:46:57:32:60:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:11 2024 GMT
            Not After : Jan 29 08:05:11 2025 GMT
        Subject: CN=D012BC9D7705BD2405DB3C5BE80016901371856C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:72:5c:76:a6:3f:4d:aa:b9:7a:ee:e0:f9:ac:
                    65:f0:94:98:55:c1:72:0a:e2:4c:77:ef:be:9f:b5:
                    d6:3b:00:44:92:56:86:0e:39:de:b6:49:86:0b:3e:
                    ba:67:d3:27:7b:b8:d1:cf:73:cd:ff:c9:fd:fe:08:
                    11:86:e8:56:e5:a6:12:00:9b:9f:fe:43:11:af:ff:
                    8b:ac:01:9d:59:bb:f6:d2:0f:8e:a8:5a:d9:86:49:
                    43:b1:a6:a4:2c:23:0e:e3:8b:8d:4c:d8:5d:00:93:
                    c8:90:d7:83:d0:23:e1:3b:97:47:d7:df:3a:af:c9:
                    9a:f9:a7:f4:b5:41:6e:7a:01:df:3d:bf:14:67:cd:
                    04:3a:7b:03:2b:a0:ac:97:38:42:1a:19:48:0a:77:
                    cc:99:0f:71:2a:0e:11:e6:fb:91:f3:52:d8:c1:36:
                    dc:39:4f:af:9a:a3:31:12:7b:60:97:80:9d:30:0a:
                    c4:c2:8d:e9:f8:54:df:7b:7d:d4:b7:d9:0f:72:d1:
                    96:81:5c:6d:af:44:2e:47:a5:b1:36:a5:29:ad:1e:
                    42:7b:b8:4c:14:8d:4b:1f:c7:4f:44:31:46:b9:f6:
                    b9:c1:b3:00:58:03:6e:f0:41:20:52:ec:6e:3f:02:
                    a1:02:3a:42:b4:62:7a:4e:86:dd:32:9d:39:52:e0:
                    4d:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:12:BC:9D:77:05:BD:24:05:DB:3C:5B:E8:00:16:90:13:71:85:6C
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS210356.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.48.0/24
                  181.214.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:e9:43:e8:07:8a:91:ba:36:b5:48:fa:ac:87:c9:fb:a8:0c:
         f4:03:1f:68:15:0a:ad:ac:5b:a8:38:50:98:cc:e1:a3:a7:ae:
         d0:11:20:8a:82:eb:d1:16:71:d1:7c:de:37:55:4e:4f:0e:45:
         02:b6:a4:92:71:fc:ba:4f:86:d3:db:27:ac:03:6c:91:42:78:
         f3:1e:57:71:5f:47:64:83:fd:52:ea:88:6f:6a:fa:a0:b6:4a:
         fb:23:61:8c:cd:e6:17:58:86:31:13:50:95:33:bb:00:5f:b8:
         bc:ed:09:3d:f5:44:f2:cf:07:1d:f0:3c:fb:90:a5:87:e4:fd:
         f2:46:2e:11:09:53:30:4c:34:c6:a6:a7:42:09:66:73:0f:72:
         f6:11:6b:ae:91:c3:64:8d:3f:7e:3d:aa:8a:18:82:a8:0a:ef:
         25:ca:ed:57:ed:fc:7a:4b:b8:f1:2d:cb:e2:5c:02:65:3b:20:
         90:3c:e1:e7:2c:e9:d4:ee:22:72:c2:29:cb:d4:6c:a2:60:4a:
         63:5a:10:59:05:58:3f:5f:7c:c9:9f:ce:14:b7:bb:fd:ca:f8:
         0e:2c:6b:57:36:91:8b:65:a3:4f:c4:81:3e:f3:4b:48:d2:36:
         51:3f:a0:c6:bb:d1:03:1a:73:32:66:f4:4f:10:3d:19:f3:a2:
         d4:d0:8c:a3
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUFMF7iLr+kdgnYEjGeJFWRlcyYCYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMTFaFw0yNTAxMjkwODA1MTFaMDMxMTAvBgNV
BAMTKEQwMTJCQzlENzcwNUJEMjQwNURCM0M1QkU4MDAxNjkwMTM3MTg1NkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiclx2pj9Nqrl67uD5rGXwlJhV
wXIK4kx3776ftdY7AESSVoYOOd62SYYLPrpn0yd7uNHPc83/yf3+CBGG6FblphIA
m5/+QxGv/4usAZ1Zu/bSD46oWtmGSUOxpqQsIw7ji41M2F0Ak8iQ14PQI+E7l0fX
3zqvyZr5p/S1QW56Ad89vxRnzQQ6ewMroKyXOEIaGUgKd8yZD3EqDhHm+5HzUtjB
Ntw5T6+aozESe2CXgJ0wCsTCjen4VN97fdS32Q9y0ZaBXG2vRC5HpbE2pSmtHkJ7
uEwUjUsfx09EMUa59rnBswBYA27wQSBS7G4/AqECOkK0YnpOht0ynTlS4E03AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU0BK8nXcFvSQF2zxb6AAWkBNxhWwwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjEwMzU2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAtdYw
AwQAtdbdMA0GCSqGSIb3DQEBCwUAA4IBAQA+6UPoB4qRuja1SPqsh8n7qAz0Ax9o
FQqtrFuoOFCYzOGjp67QESCKguvRFnHRfN43VU5PDkUCtqSScfy6T4bT2yesA2yR
QnjzHldxX0dkg/1S6ohvavqgtkr7I2GMzeYXWIYxE1CVM7sAX7i87Qk99UTyzwcd
8Dz7kKWH5P3yRi4RCVMwTDTGpqdCCWZzD3L2EWuukcNkjT9+PaqKGIKoCu8lyu1X
7fx6S7jxLcviXAJlOyCQPOHnLOnU7iJywinL1GyiYEpjWhBZBVg/X3zJn84Ut7v9
yvgOLGtXNpGLZaNPxIE+80tI0jZRP6DGu9EDGnMyZvRPED0Z86LU0Iyj
-----END CERTIFICATE-----