Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211373.roa
File:                     AS211373.roa (raw, json)
Hash identifier:          DCRLRLEO16uIl1M/WLwzz2QzuzxbQxeW3K/dez72lCY=
Subject key identifier:   61:4B:A0:97:BD:FF:9C:51:7A:47:D4:A0:E6:98:B0:BA:26:C0:67:2B
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       211B0E566FAFFAAF7FE5BAC96985C9E5C277B315
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211373.roa
Signing time:             Tue 19 Mar 2024 08:05:14 +0000
ROA not before:           Tue 19 Mar 2024 08:00:14 +0000
ROA not after:            Tue 18 Mar 2025 08:05:14 +0000
asID:                     211373
IP address blocks:        179.61.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:1b:0e:56:6f:af:fa:af:7f:e5:ba:c9:69:85:c9:e5:c2:77:b3:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 19 08:00:14 2024 GMT
            Not After : Mar 18 08:05:14 2025 GMT
        Subject: CN=614BA097BDFF9C517A47D4A0E698B0BA26C0672B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:ec:a3:6b:c2:e9:75:c9:d7:07:30:8c:04:eb:
                    67:ec:79:eb:9f:42:13:3f:28:2d:b9:69:0a:80:1f:
                    b9:8b:1f:5b:f3:17:12:97:03:a8:25:5b:87:e0:0b:
                    1d:c9:3c:8b:48:55:0c:54:8b:87:58:7d:9b:78:87:
                    82:77:b0:08:01:1e:1d:97:5e:56:63:8e:c3:71:48:
                    93:c4:e3:16:57:ae:27:da:d7:08:84:9b:89:0e:57:
                    f3:8e:38:33:eb:ab:aa:43:37:d9:35:d7:67:df:17:
                    4a:43:6e:92:cf:b9:93:77:4d:c2:fc:bf:ed:75:5c:
                    02:6a:5b:61:2c:c6:f6:47:27:13:98:4a:11:85:c2:
                    e7:1a:92:d2:66:0d:e8:4c:84:73:dd:de:98:ff:2f:
                    0f:7b:5c:c5:81:98:0a:86:59:11:aa:38:8c:69:f2:
                    4d:18:15:e0:84:4d:03:7f:71:43:bc:a0:d8:c3:d3:
                    d3:77:be:45:6d:2b:8b:84:42:d8:0a:90:2d:47:b8:
                    2f:c9:84:f1:a5:13:4c:55:71:84:5a:dc:c5:c0:60:
                    88:4c:51:9c:4b:db:c4:dd:bc:69:af:ca:f1:b0:1d:
                    ea:b6:e0:cd:5b:69:4a:6e:01:66:92:4d:cc:41:f3:
                    fe:33:76:9a:8d:63:9a:ca:19:a6:3e:95:6c:7d:eb:
                    48:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:4B:A0:97:BD:FF:9C:51:7A:47:D4:A0:E6:98:B0:BA:26:C0:67:2B
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211373.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:a3:a0:3c:d5:5a:a8:00:64:ad:d8:86:b5:e3:ba:e9:9c:71:
         eb:21:42:8a:61:f8:40:cf:6d:ea:5f:43:98:0c:cd:76:3f:28:
         28:e5:ab:f1:84:35:99:a1:73:3a:0a:f7:db:fe:2f:44:f5:2a:
         f2:4e:4b:4e:77:8f:24:86:74:cb:d0:79:16:b4:e7:7e:54:4f:
         17:fd:12:14:9d:e4:ac:93:20:24:2a:58:f4:44:4d:90:f1:46:
         a9:81:92:b8:22:74:9c:97:00:aa:e1:eb:ba:6a:6d:7f:fd:fe:
         79:21:04:10:99:17:f8:89:4b:60:d0:bb:76:e6:4c:e9:04:08:
         5a:83:83:a4:ef:69:3d:1b:73:f9:a4:b3:ca:1d:8b:df:dd:2c:
         9b:d6:ea:22:ef:99:09:2b:a2:90:a8:a6:38:10:45:1d:0c:29:
         90:a9:38:94:5b:45:16:ab:4b:7e:cf:a7:11:51:4d:d1:95:7d:
         e5:78:f0:19:a9:8b:0d:d3:3f:78:85:01:2f:d6:ee:40:6f:fc:
         ea:9e:11:c2:e7:87:65:e4:b8:59:b9:39:80:67:5a:6f:21:f9:
         d9:17:61:b5:e6:67:91:d7:b2:d4:7d:d2:18:b8:73:e5:97:33:
         ec:a5:49:83:2a:d7:ed:be:b8:74:84:e3:51:a3:23:e0:5c:59:
         47:4e:2e:96
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUIRsOVm+v+q9/5brJaYXJ5cJ3sxUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAzMTkwODAwMTRaFw0yNTAzMTgwODA1MTRaMDMxMTAvBgNV
BAMTKDYxNEJBMDk3QkRGRjlDNTE3QTQ3RDRBMEU2OThCMEJBMjZDMDY3MkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDG7KNrwul1ydcHMIwE62fseeuf
QhM/KC25aQqAH7mLH1vzFxKXA6glW4fgCx3JPItIVQxUi4dYfZt4h4J3sAgBHh2X
XlZjjsNxSJPE4xZXrifa1wiEm4kOV/OOODPrq6pDN9k112ffF0pDbpLPuZN3TcL8
v+11XAJqW2EsxvZHJxOYShGFwucaktJmDehMhHPd3pj/Lw97XMWBmAqGWRGqOIxp
8k0YFeCETQN/cUO8oNjD09N3vkVtK4uEQtgKkC1HuC/JhPGlE0xVcYRa3MXAYIhM
UZxL28TdvGmvyvGwHeq24M1baUpuAWaSTcxB8/4zdpqNY5rKGaY+lWx960ibAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUYUugl73/nFF6R9Sg5piwuibAZyswHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjExMzczLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsz2Z
MA0GCSqGSIb3DQEBCwUAA4IBAQApo6A81VqoAGSt2Ia147rpnHHrIUKKYfhAz23q
X0OYDM12Pygo5avxhDWZoXM6Cvfb/i9E9SryTktOd48khnTL0HkWtOd+VE8X/RIU
neSskyAkKlj0RE2Q8UapgZK4InSclwCq4eu6am1//f55IQQQmRf4iUtg0Lt25kzp
BAhag4Ok72k9G3P5pLPKHYvf3Syb1uoi75kJK6KQqKY4EEUdDCmQqTiUW0UWq0t+
z6cRUU3RlX3lePAZqYsN0z94hQEv1u5Ab/zqnhHC54dl5LhZuTmAZ1pvIfnZF2G1
5meR17LUfdIYuHPllzPspUmDKtftvrh0hONRoyPgXFlHTi6W
-----END CERTIFICATE-----