Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS210846.roa
File:                     AS210846.roa (raw, json)
Hash identifier:          CVfLxhqtX00bCJPo2Qgm0HCu01SUdTbqcMtxX9iYjSM=
Subject key identifier:   35:26:7B:B8:D2:84:28:C6:B4:FB:64:48:82:8F:E6:5A:0A:28:7B:7D
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       138ABB185C6867114BAD985E1EAA328629112688
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS210846.roa
Signing time:             Wed 31 Jan 2024 08:05:10 +0000
ROA not before:           Wed 31 Jan 2024 08:00:10 +0000
ROA not after:            Wed 29 Jan 2025 08:05:10 +0000
asID:                     210846
IP address blocks:        45.133.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:8a:bb:18:5c:68:67:11:4b:ad:98:5e:1e:aa:32:86:29:11:26:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:10 2024 GMT
            Not After : Jan 29 08:05:10 2025 GMT
        Subject: CN=35267BB8D28428C6B4FB6448828FE65A0A287B7D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:31:44:8f:0c:e6:37:26:92:ae:cf:ea:90:da:
                    95:56:f6:04:c0:33:9c:4c:70:7b:66:56:46:68:7b:
                    e4:bb:7e:5a:8f:d1:a3:8b:9d:20:06:8d:ab:55:d4:
                    c2:ff:c7:ce:2f:27:3d:d5:fc:58:a4:9f:52:43:f8:
                    ce:85:69:6a:96:ff:73:eb:4f:ea:5a:36:08:06:d1:
                    6e:24:e1:ad:7a:9c:03:1a:0e:a9:57:ca:d4:81:c4:
                    e1:9f:87:55:54:0b:ab:62:7c:20:5e:a6:22:13:f4:
                    46:fd:70:84:59:5e:01:ca:80:0e:23:1d:8c:0d:25:
                    fe:2f:81:52:4c:81:af:ef:7a:65:d1:28:5a:73:39:
                    51:33:38:cc:51:37:08:18:d1:ce:b1:87:7a:ad:35:
                    bd:b0:58:84:04:a6:5d:7e:9a:b0:f2:f2:a8:f7:81:
                    62:2e:3b:fe:cd:c7:96:c1:04:c1:ba:b5:75:a4:13:
                    8a:4a:a6:cc:15:75:b3:aa:01:4b:42:a3:09:e1:17:
                    2a:6b:d8:14:a8:ce:c2:1b:d7:cb:f9:1f:f6:74:08:
                    95:7a:0d:23:52:38:42:ce:dd:ec:8a:e9:3d:68:d1:
                    c0:8e:08:78:b8:24:99:1c:c4:dc:d5:d8:7f:8a:d5:
                    e3:b1:2a:a5:20:34:a8:d9:bc:8e:e5:58:e6:94:80:
                    0a:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:26:7B:B8:D2:84:28:C6:B4:FB:64:48:82:8F:E6:5A:0A:28:7B:7D
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS210846.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:fa:70:f3:43:85:00:0f:a3:5e:70:85:d8:0b:7b:29:e6:83:
         fc:74:20:95:a4:5e:e9:fe:2f:4f:86:5b:da:3a:92:27:5b:d5:
         99:e8:e3:30:02:3c:c0:50:15:d3:e6:5d:bd:c3:4f:5d:38:f5:
         f1:75:d9:d6:b5:78:ef:b6:3f:f6:06:b3:7a:51:0e:5d:83:94:
         30:3e:15:62:48:9c:c7:eb:a0:0e:c1:55:3e:91:7d:94:11:34:
         3b:1a:bc:52:ce:8b:65:8b:35:8e:2c:18:2d:70:3d:bb:34:ce:
         d7:24:8f:9e:1d:46:ac:5c:34:0f:72:8e:c7:b3:c1:9c:f0:7e:
         db:01:48:ff:93:0a:65:7a:7a:96:47:10:e3:c4:0a:51:f9:e8:
         6e:03:72:8d:ae:a8:af:11:c4:ee:32:0b:e8:80:00:93:1c:4c:
         93:3e:f6:1b:9d:1f:6e:c0:a1:0f:05:19:4d:8f:ca:f5:2a:c6:
         4f:a8:7d:6c:cc:70:c9:9d:8c:60:a7:0a:e9:86:12:ca:a8:4b:
         83:ea:68:47:a2:95:d6:00:b3:8d:3b:07:23:9b:f8:29:85:bd:
         69:1f:49:42:55:27:4e:12:bf:42:0a:f6:81:a9:1b:60:6f:27:
         41:6d:d0:0a:7e:1f:8f:44:5c:d9:37:4a:a7:4b:af:74:d2:31:
         5b:ec:d0:b5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUE4q7GFxoZxFLrZheHqoyhikRJogwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMTBaFw0yNTAxMjkwODA1MTBaMDMxMTAvBgNV
BAMTKDM1MjY3QkI4RDI4NDI4QzZCNEZCNjQ0ODgyOEZFNjVBMEEyODdCN0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWMUSPDOY3JpKuz+qQ2pVW9gTA
M5xMcHtmVkZoe+S7flqP0aOLnSAGjatV1ML/x84vJz3V/Fikn1JD+M6FaWqW/3Pr
T+paNggG0W4k4a16nAMaDqlXytSBxOGfh1VUC6tifCBepiIT9Eb9cIRZXgHKgA4j
HYwNJf4vgVJMga/vemXRKFpzOVEzOMxRNwgY0c6xh3qtNb2wWIQEpl1+mrDy8qj3
gWIuO/7Nx5bBBMG6tXWkE4pKpswVdbOqAUtCownhFypr2BSozsIb18v5H/Z0CJV6
DSNSOELO3eyK6T1o0cCOCHi4JJkcxNzV2H+K1eOxKqUgNKjZvI7lWOaUgArDAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUNSZ7uNKEKMa0+2RIgo/mWgooe30wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjEwODQ2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYWu
MA0GCSqGSIb3DQEBCwUAA4IBAQAp+nDzQ4UAD6NecIXYC3sp5oP8dCCVpF7p/i9P
hlvaOpInW9WZ6OMwAjzAUBXT5l29w09dOPXxddnWtXjvtj/2BrN6UQ5dg5QwPhVi
SJzH66AOwVU+kX2UETQ7GrxSzotlizWOLBgtcD27NM7XJI+eHUasXDQPco7Hs8Gc
8H7bAUj/kwplenqWRxDjxApR+ehuA3KNrqivEcTuMgvogACTHEyTPvYbnR9uwKEP
BRlNj8r1KsZPqH1szHDJnYxgpwrphhLKqEuD6mhHopXWALONOwcjm/gphb1pH0lC
VSdOEr9CCvaBqRtgbydBbdAKfh+PRFzZN0qnS6900jFb7NC1
-----END CERTIFICATE-----