Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211091.roa
File:                     AS211091.roa (raw, json)
Hash identifier:          aSGjpM/U3ajBhisz9YLMeYikWaiuzt+mjrcmj1CiP8g=
Subject key identifier:   4B:2C:AD:BE:05:CC:9F:A6:71:FD:18:51:91:42:55:76:A5:73:B6:5A
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7D2DCC20F6F5FE47EA5827507BEC97C738827161
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211091.roa
Signing time:             Tue 02 Sep 2025 09:54:58 +0000
ROA not before:           Tue 02 Sep 2025 09:49:58 +0000
ROA not after:            Tue 01 Sep 2026 09:54:58 +0000
asID:                     211091
IP address blocks:        191.96.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 10:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:2d:cc:20:f6:f5:fe:47:ea:58:27:50:7b:ec:97:c7:38:82:71:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Sep  2 09:49:58 2025 GMT
            Not After : Sep  1 09:54:58 2026 GMT
        Subject: CN=4B2CADBE05CC9FA671FD185191425576A573B65A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:b3:32:b0:1b:05:d9:72:b8:c1:1a:3b:f4:e4:
                    90:a8:60:d7:ca:32:17:2d:81:86:7c:23:8c:99:27:
                    7c:9e:bd:d8:b3:5e:8c:86:ee:b9:45:6b:10:9b:b3:
                    b0:ba:ac:98:b4:d1:b8:89:d0:a7:6f:78:09:13:39:
                    cd:96:38:44:0a:33:2e:60:2e:a2:a8:8a:aa:8f:1c:
                    df:24:9a:d0:5c:3e:07:b1:8a:b0:a2:de:13:01:5b:
                    cb:dc:5f:76:a0:fa:60:b1:35:de:49:58:a6:53:4a:
                    8a:d6:81:02:8a:04:a7:9c:fc:16:e0:9f:70:c2:5f:
                    e2:66:2a:7f:00:8a:54:21:47:77:16:25:14:09:b5:
                    29:db:60:f0:84:e6:8e:84:8c:62:54:74:03:c4:1e:
                    4a:65:e3:d1:f1:28:8a:3c:25:d9:34:3d:00:9d:5f:
                    05:54:31:18:4e:83:6f:af:9c:72:fd:5d:9a:e8:b3:
                    19:73:08:40:6c:96:75:b1:f3:b6:bd:88:fa:e8:34:
                    e0:75:50:80:9c:81:2c:58:d1:6f:1d:12:47:9c:74:
                    39:0b:56:e1:e4:a4:1e:f1:78:3b:f8:b3:30:65:a3:
                    cb:57:60:48:bb:3d:80:ce:cb:15:47:19:1e:9d:2f:
                    e0:ac:64:63:9e:56:0d:13:7f:74:aa:ed:60:84:9d:
                    7f:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:2C:AD:BE:05:CC:9F:A6:71:FD:18:51:91:42:55:76:A5:73:B6:5A
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211091.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:2d:30:54:cc:15:4e:a9:38:e4:5e:2d:44:56:74:8a:23:43:
         c3:23:ff:2d:f4:26:43:cc:dd:0a:f9:15:cd:4c:a2:ae:2d:7c:
         44:0a:e7:86:de:a1:e8:c0:71:1f:20:7c:b3:83:71:85:d5:89:
         b3:da:f8:a6:ec:96:55:8b:e8:64:44:18:33:41:09:88:95:33:
         90:fe:90:46:0f:5a:d1:52:8b:4a:ed:62:38:01:40:62:b0:68:
         e3:3b:74:74:62:60:66:41:61:f9:3a:88:58:fe:26:71:96:ed:
         db:d3:8f:9d:bf:c3:13:7d:3e:6f:93:a1:87:97:e0:bd:47:94:
         4e:19:86:27:d2:4e:75:c4:e8:3d:8a:1e:39:b0:54:0b:e4:1b:
         5e:3c:16:f5:40:fa:25:28:ff:b1:19:c2:ca:41:1b:e1:cd:3a:
         9f:79:b3:41:ce:ef:71:2b:b7:4c:ac:da:08:67:ee:b9:03:9e:
         af:ae:b2:b1:fe:e2:f1:e5:8d:62:ec:e3:3e:1b:d8:6b:02:11:
         48:3b:27:5a:33:77:ab:27:c2:c5:1f:6a:c0:cc:8c:82:a2:a2:
         98:68:6c:f1:1e:03:8f:4b:5c:5f:e0:3c:b6:61:d5:58:e2:e9:
         f0:57:11:29:2d:b9:76:96:d2:33:53:62:e6:c8:c5:e7:24:e5:
         ee:7c:22:7d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUfS3MIPb1/kfqWCdQe+yXxziCcWEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA5MDIwOTQ5NThaFw0yNjA5MDEwOTU0NThaMDMxMTAvBgNV
BAMTKDRCMkNBREJFMDVDQzlGQTY3MUZEMTg1MTkxNDI1NTc2QTU3M0I2NUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTszKwGwXZcrjBGjv05JCoYNfK
MhctgYZ8I4yZJ3yevdizXoyG7rlFaxCbs7C6rJi00biJ0KdveAkTOc2WOEQKMy5g
LqKoiqqPHN8kmtBcPgexirCi3hMBW8vcX3ag+mCxNd5JWKZTSorWgQKKBKec/Bbg
n3DCX+JmKn8AilQhR3cWJRQJtSnbYPCE5o6EjGJUdAPEHkpl49HxKIo8Jdk0PQCd
XwVUMRhOg2+vnHL9XZrosxlzCEBslnWx87a9iProNOB1UICcgSxY0W8dEkecdDkL
VuHkpB7xeDv4szBlo8tXYEi7PYDOyxVHGR6dL+CsZGOeVg0Tf3Sq7WCEnX+jAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUSyytvgXMn6Zx/RhRkUJVdqVztlowHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjExMDkxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2A7
MA0GCSqGSIb3DQEBCwUAA4IBAQAoLTBUzBVOqTjkXi1EVnSKI0PDI/8t9CZDzN0K
+RXNTKKuLXxECueG3qHowHEfIHyzg3GF1Ymz2vim7JZVi+hkRBgzQQmIlTOQ/pBG
D1rRUotK7WI4AUBisGjjO3R0YmBmQWH5OohY/iZxlu3b04+dv8MTfT5vk6GHl+C9
R5ROGYYn0k51xOg9ih45sFQL5BtePBb1QPolKP+xGcLKQRvhzTqfebNBzu9xK7dM
rNoIZ+65A56vrrKx/uLx5Y1i7OM+G9hrAhFIOydaM3erJ8LFH2rAzIyCoqKYaGzx
HgOPS1xf4Dy2YdVY4unwVxEpLbl2ltIzU2LmyMXnJOXufCJ9
-----END CERTIFICATE-----