Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS210907.roa
File:                     AS210907.roa (raw, json)
Hash identifier:          kKPYiEP7fjCCsKRNMScX+QUMzjLMitb/0T47zMvfRjw=
Subject key identifier:   09:C2:AB:83:71:68:36:3E:85:B1:B6:E0:F5:1D:6B:C8:34:83:C1:EA
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3C979231A53276052DD3A22C681B26EE3FA53211
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS210907.roa
Signing time:             Tue 30 Apr 2024 16:05:16 +0000
ROA not before:           Tue 30 Apr 2024 16:00:16 +0000
ROA not after:            Tue 29 Apr 2025 16:05:16 +0000
asID:                     210907
IP address blocks:        191.101.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 04:39:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:97:92:31:a5:32:76:05:2d:d3:a2:2c:68:1b:26:ee:3f:a5:32:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr 30 16:00:16 2024 GMT
            Not After : Apr 29 16:05:16 2025 GMT
        Subject: CN=09C2AB837168363E85B1B6E0F51D6BC83483C1EA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:85:96:17:92:6f:0f:64:db:c6:e3:10:df:0a:
                    58:98:4f:d3:f8:df:f2:87:a4:ff:da:3e:4f:35:c2:
                    3f:60:0d:c4:3d:fe:0b:f1:01:1a:d3:27:82:5f:be:
                    7d:c3:33:42:5a:89:e7:e4:ae:73:2c:e9:47:f5:72:
                    00:0d:c4:ae:25:66:66:cb:c0:cc:23:5f:f9:db:08:
                    27:ce:1a:91:c2:d3:57:e0:62:2e:67:2e:0a:ba:ad:
                    d2:69:0e:09:ed:c4:99:b0:1b:e0:b5:3d:9f:fc:8f:
                    51:67:66:e8:55:96:72:dd:d1:1d:fe:57:02:de:62:
                    1b:b3:e3:c0:a2:a7:b7:d6:f9:50:11:75:1a:63:73:
                    48:12:81:e4:42:2f:83:15:f1:7d:3c:2d:9f:90:42:
                    71:6b:82:b2:69:c9:54:7e:c5:f7:af:53:d4:f4:8a:
                    8c:de:ac:10:9a:8a:4b:50:a4:d8:8e:73:8c:72:09:
                    61:ea:b8:4f:cd:26:80:1b:07:89:65:b2:60:9c:2c:
                    4e:26:45:fe:ad:e7:db:a9:43:bc:45:12:07:30:b4:
                    4c:65:0b:76:15:bf:4c:75:97:55:95:89:1e:86:26:
                    0d:2e:ba:6f:10:d5:df:1a:19:cb:94:3d:74:bd:5e:
                    06:9b:fe:0f:6b:e3:f6:e0:01:c9:9f:b5:f3:aa:0a:
                    9e:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:C2:AB:83:71:68:36:3E:85:B1:B6:E0:F5:1D:6B:C8:34:83:C1:EA
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS210907.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:a4:91:a1:c7:eb:ed:b2:d2:95:f4:c3:f0:bc:20:ad:30:e5:
         35:c5:eb:71:09:32:e1:ad:19:72:2f:0a:0d:8e:79:c7:17:a2:
         30:f7:fc:e9:c1:ec:01:b1:df:f1:fe:11:7a:70:0f:7b:6e:56:
         b6:3d:71:9f:c5:c5:ae:3a:4f:dd:c3:12:38:eb:66:d4:ad:20:
         24:8b:36:38:5d:a1:a8:cf:aa:66:d4:e9:43:26:4d:10:76:6a:
         e9:4d:d6:05:fa:0a:45:98:25:97:49:54:e0:f7:e0:40:27:70:
         f1:74:f5:50:09:df:40:94:bb:0b:fb:6c:b8:88:2c:f1:bd:6c:
         2c:00:c7:65:f7:82:47:df:99:ca:31:78:02:88:24:50:9a:42:
         f2:bc:c1:93:c3:b1:ce:8d:0e:20:c7:8d:e2:b8:da:29:42:dc:
         c6:58:4c:de:81:ee:c2:e3:01:65:90:88:a4:92:90:0c:8c:46:
         d7:9a:29:8f:85:f9:e1:00:16:7f:e6:3f:ce:de:d6:ed:6e:92:
         46:27:54:06:50:9d:e3:f4:9a:e1:e3:0b:7a:d3:36:b3:d9:38:
         2b:67:86:f1:21:5f:b0:1d:7f:31:6f:5f:cc:02:4d:de:c5:07:
         b2:e5:4f:65:8b:1e:36:12:31:9c:73:e5:45:5d:ad:44:23:c9:
         7e:b1:cf:63
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUPJeSMaUydgUt06IsaBsm7j+lMhEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA0MzAxNjAwMTZaFw0yNTA0MjkxNjA1MTZaMDMxMTAvBgNV
BAMTKDA5QzJBQjgzNzE2ODM2M0U4NUIxQjZFMEY1MUQ2QkM4MzQ4M0MxRUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMhZYXkm8PZNvG4xDfCliYT9P4
3/KHpP/aPk81wj9gDcQ9/gvxARrTJ4Jfvn3DM0JaiefkrnMs6Uf1cgANxK4lZmbL
wMwjX/nbCCfOGpHC01fgYi5nLgq6rdJpDgntxJmwG+C1PZ/8j1FnZuhVlnLd0R3+
VwLeYhuz48Cip7fW+VARdRpjc0gSgeRCL4MV8X08LZ+QQnFrgrJpyVR+xfevU9T0
iozerBCaiktQpNiOc4xyCWHquE/NJoAbB4llsmCcLE4mRf6t59upQ7xFEgcwtExl
C3YVv0x1l1WViR6GJg0uum8Q1d8aGcuUPXS9Xgab/g9r4/bgAcmftfOqCp7XAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUCcKrg3FoNj6Fsbbg9R1ryDSDweowHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjEwOTA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2U4
MA0GCSqGSIb3DQEBCwUAA4IBAQCUpJGhx+vtstKV9MPwvCCtMOU1xetxCTLhrRly
LwoNjnnHF6Iw9/zpwewBsd/x/hF6cA97bla2PXGfxcWuOk/dwxI462bUrSAkizY4
XaGoz6pm1OlDJk0QdmrpTdYF+gpFmCWXSVTg9+BAJ3DxdPVQCd9AlLsL+2y4iCzx
vWwsAMdl94JH35nKMXgCiCRQmkLyvMGTw7HOjQ4gx43iuNopQtzGWEzege7C4wFl
kIikkpAMjEbXmimPhfnhABZ/5j/O3tbtbpJGJ1QGUJ3j9Jrh4wt60zaz2TgrZ4bx
IV+wHX8xb1/MAk3exQey5U9lix42EjGcc+VFXa1EI8l+sc9j
-----END CERTIFICATE-----