Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211091.roa
File:                     AS211091.roa (raw, json)
Hash identifier:          sydJ8aFQitnZ8zqBvj8rIHQhORkk/U/iBSDuoZMM244=
Subject key identifier:   B7:7A:37:05:36:58:B6:69:13:59:44:FC:65:1B:92:19:C0:92:E0:2C
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       450E812D47CC949F0983C41B37BA6F04D81F2476
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211091.roa
Signing time:             Tue 31 Oct 2023 09:29:06 +0000
ROA not before:           Tue 31 Oct 2023 09:24:06 +0000
ROA not after:            Tue 29 Oct 2024 09:29:06 +0000
asID:                     211091
IP address blocks:        191.96.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:0e:81:2d:47:cc:94:9f:09:83:c4:1b:37:ba:6f:04:d8:1f:24:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Oct 31 09:24:06 2023 GMT
            Not After : Oct 29 09:29:06 2024 GMT
        Subject: CN=B77A37053658B669135944FC651B9219C092E02C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:57:69:e3:ce:75:65:2f:93:a2:34:33:0e:4f:
                    4e:cb:13:d9:62:c4:ed:95:c5:4d:c7:65:1d:ca:9a:
                    09:4c:57:15:04:41:28:01:84:91:47:a3:91:83:6b:
                    a9:a2:85:4f:fc:db:16:b3:97:9f:47:38:75:47:0c:
                    9a:d3:a7:8a:1e:4f:d1:6e:b8:d2:b3:b9:6d:92:77:
                    45:39:25:24:c7:47:1a:1a:fd:b5:2e:39:c8:de:02:
                    bc:14:53:cb:17:59:61:1d:a3:7a:f2:b9:37:70:79:
                    7a:46:4e:1b:4e:60:d9:73:8e:0d:38:14:5a:8c:16:
                    54:89:4c:41:2e:b7:4f:98:75:a9:c2:23:43:4d:6d:
                    3b:d3:92:35:7a:47:42:39:e4:f8:cb:04:9f:8a:bb:
                    60:6e:ff:1d:5c:52:df:3e:f7:3b:6b:d2:42:7d:fe:
                    a2:ea:fc:e7:fc:1d:13:15:80:73:77:e3:bf:5e:51:
                    d4:9b:5f:b0:d1:bc:6e:9f:60:e6:09:98:04:d9:29:
                    b5:93:3f:0c:b3:d5:23:9b:8d:8f:01:f0:55:1a:8b:
                    19:78:6f:1f:0c:b1:04:eb:f3:62:6c:ed:51:c3:bd:
                    56:3a:5c:8d:40:f3:20:20:e2:f0:8e:c5:7d:7b:49:
                    ba:be:17:bb:44:e9:e2:39:4f:d7:54:ba:89:eb:1c:
                    1e:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:7A:37:05:36:58:B6:69:13:59:44:FC:65:1B:92:19:C0:92:E0:2C
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211091.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:a1:b4:a9:2c:51:bb:70:8b:65:a2:ba:95:fb:54:67:45:80:
         f6:a2:3f:62:a7:64:6b:49:27:50:fd:49:65:4b:40:cc:8d:06:
         3b:36:7c:0e:3a:ff:19:e5:1d:c5:05:a3:87:aa:31:05:d5:30:
         a5:66:7c:b0:84:60:8f:dc:75:58:f1:8c:f5:ae:b0:2c:6a:7c:
         a2:be:fa:b0:a2:dd:e5:88:f0:41:42:c1:f8:f5:d0:d0:7e:da:
         19:e4:aa:6f:e1:f2:98:a7:74:eb:9b:e6:d2:a4:89:53:ea:6a:
         9f:82:db:97:31:75:62:7e:68:9d:04:68:af:0c:8c:06:0d:00:
         8c:60:f9:92:7f:79:7d:d4:95:dd:62:c6:1a:31:2e:8a:8a:37:
         b4:22:e2:ac:d1:af:c7:48:19:6d:51:bd:60:d6:0c:77:f6:46:
         9e:df:b3:d0:fb:c5:bc:11:64:18:25:0b:4d:64:de:95:5d:b0:
         3a:09:70:a9:b9:31:ce:37:31:18:00:17:ca:49:12:9b:db:64:
         e0:b8:23:27:c5:83:c6:84:03:d5:14:96:7c:51:9c:cb:71:d7:
         65:96:4c:8b:e6:35:bc:83:82:41:7d:25:ce:f2:d4:42:dc:59:
         41:3b:56:e0:5c:c7:9d:ea:63:8d:2d:e0:ac:2b:e1:55:76:4d:
         83:fe:ad:1d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURQ6BLUfMlJ8Jg8QbN7pvBNgfJHYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzEwMzEwOTI0MDZaFw0yNDEwMjkwOTI5MDZaMDMxMTAvBgNV
BAMTKEI3N0EzNzA1MzY1OEI2NjkxMzU5NDRGQzY1MUI5MjE5QzA5MkUwMkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXV2njznVlL5OiNDMOT07LE9li
xO2VxU3HZR3KmglMVxUEQSgBhJFHo5GDa6mihU/82xazl59HOHVHDJrTp4oeT9Fu
uNKzuW2Sd0U5JSTHRxoa/bUuOcjeArwUU8sXWWEdo3ryuTdweXpGThtOYNlzjg04
FFqMFlSJTEEut0+YdanCI0NNbTvTkjV6R0I55PjLBJ+Ku2Bu/x1cUt8+9ztr0kJ9
/qLq/Of8HRMVgHN3479eUdSbX7DRvG6fYOYJmATZKbWTPwyz1SObjY8B8FUaixl4
bx8MsQTr82Js7VHDvVY6XI1A8yAg4vCOxX17Sbq+F7tE6eI5T9dUuonrHB77AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUt3o3BTZYtmkTWUT8ZRuSGcCS4CwwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjExMDkxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2A7
MA0GCSqGSIb3DQEBCwUAA4IBAQCRobSpLFG7cItlorqV+1RnRYD2oj9ip2RrSSdQ
/UllS0DMjQY7NnwOOv8Z5R3FBaOHqjEF1TClZnywhGCP3HVY8Yz1rrAsanyivvqw
ot3liPBBQsH49dDQftoZ5Kpv4fKYp3Trm+bSpIlT6mqfgtuXMXVifmidBGivDIwG
DQCMYPmSf3l91JXdYsYaMS6Kije0IuKs0a/HSBltUb1g1gx39kae37PQ+8W8EWQY
JQtNZN6VXbA6CXCpuTHONzEYABfKSRKb22TguCMnxYPGhAPVFJZ8UZzLcddllkyL
5jW8g4JBfSXO8tRC3FlBO1bgXMed6mONLeCsK+FVdk2D/q0d
-----END CERTIFICATE-----