Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211415.roa
File:                     AS211415.roa (raw, json)
Hash identifier:          i5/763dUAIWFDxwk9/GUAYYG+0BlL8cGD0FybdzhtdA=
Subject key identifier:   73:DC:DB:C8:D5:B5:12:2D:48:95:28:A4:A6:EF:F5:2E:AB:0E:9B:26
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       686C413BCC7DD1B8571890418D13A736C1DC6FC1
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211415.roa
Signing time:             Fri 06 Sep 2024 00:05:20 +0000
ROA not before:           Fri 06 Sep 2024 00:00:20 +0000
ROA not after:            Fri 05 Sep 2025 00:05:20 +0000
asID:                     211415
IP address blocks:        45.133.177.0/24 maxlen: 24
                          181.215.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:6c:41:3b:cc:7d:d1:b8:57:18:90:41:8d:13:a7:36:c1:dc:6f:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Sep  6 00:00:20 2024 GMT
            Not After : Sep  5 00:05:20 2025 GMT
        Subject: CN=73DCDBC8D5B5122D489528A4A6EFF52EAB0E9B26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:3b:52:a4:ab:30:b6:b1:9e:b3:93:ef:87:ae:
                    b6:b1:3a:57:ca:a2:23:89:9a:50:87:f9:5d:06:9c:
                    12:42:7c:2a:08:25:05:51:cd:4c:65:96:9f:7c:1f:
                    aa:82:14:a2:0e:6d:5c:51:58:bb:90:06:47:08:c7:
                    26:0f:82:83:09:13:d1:86:08:a5:6a:f4:2d:3b:fc:
                    fd:63:7f:e7:2c:6f:81:ac:d5:dc:ed:38:5f:3e:af:
                    ee:c1:80:c2:6c:9c:e3:47:23:c4:8c:b1:c4:9e:60:
                    c6:d4:9c:59:6c:06:50:a4:c4:f1:59:e7:b0:b7:2e:
                    95:ef:97:f4:36:b6:de:a5:8d:6e:a1:53:64:8d:29:
                    a9:62:c1:0d:ec:7a:0c:43:35:bb:5a:62:29:b2:d1:
                    50:17:df:88:c9:a8:40:5c:9f:55:59:33:13:cc:1e:
                    c6:2f:45:1b:6b:2c:93:98:5c:7f:23:14:cd:17:a7:
                    25:a6:9d:74:8b:4f:44:64:60:00:45:5a:27:d5:1d:
                    0a:fb:f5:dd:71:46:09:f7:c0:80:a0:7e:e7:b9:02:
                    1c:95:bb:05:66:38:6b:30:4c:1a:aa:bc:81:54:03:
                    18:89:23:3f:f7:14:a3:0f:6a:98:6f:8f:c9:49:90:
                    26:ea:61:c1:61:ec:71:15:21:c4:88:8b:ff:f9:8a:
                    a7:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:DC:DB:C8:D5:B5:12:2D:48:95:28:A4:A6:EF:F5:2E:AB:0E:9B:26
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211415.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.177.0/24
                  181.215.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:e4:fe:a9:e7:4f:40:c2:28:e8:2a:48:9d:db:a8:24:00:28:
         27:c7:01:0a:2d:4f:32:4c:92:d6:18:5e:c6:0e:78:b3:e2:fa:
         e6:6d:7c:38:a1:69:ec:04:4b:f7:ad:63:57:69:16:ac:3f:70:
         1c:a2:17:f3:d7:60:f7:12:99:09:93:ac:9d:6c:d0:63:98:01:
         5f:de:fa:b9:3b:62:c4:8c:a2:0a:29:9e:57:eb:d3:11:a2:55:
         06:95:79:b7:a3:cf:ee:91:07:4e:00:d0:95:9b:fb:4e:07:2e:
         a3:b9:80:73:e9:40:45:24:f9:ed:7f:7e:ff:86:bb:6b:4a:80:
         d3:14:f6:40:32:b0:ae:15:c4:ba:15:1d:5e:aa:4b:b5:e9:68:
         8a:47:15:6d:b4:27:77:5c:51:e2:bf:52:04:4e:d7:37:5f:9c:
         25:78:5e:8e:d9:a2:a9:40:69:f1:32:b7:ac:4b:59:34:e7:0f:
         b0:5d:a9:3c:61:37:41:83:96:ff:24:b0:b7:40:c8:f4:73:2a:
         6c:a0:c3:53:a6:4c:55:8f:12:6d:c0:2a:1b:7e:e8:cf:98:9a:
         93:25:ca:82:9c:b4:33:09:2f:5f:66:9a:85:08:ea:50:e2:27:
         3f:b7:46:f2:44:e8:ac:5d:22:a4:1d:bc:b8:ce:bf:73:d1:7f:
         cd:c1:65:d4
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUaGxBO8x90bhXGJBBjROnNsHcb8EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA5MDYwMDAwMjBaFw0yNTA5MDUwMDA1MjBaMDMxMTAvBgNV
BAMTKDczRENEQkM4RDVCNTEyMkQ0ODk1MjhBNEE2RUZGNTJFQUIwRTlCMjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVO1KkqzC2sZ6zk++HrraxOlfK
oiOJmlCH+V0GnBJCfCoIJQVRzUxllp98H6qCFKIObVxRWLuQBkcIxyYPgoMJE9GG
CKVq9C07/P1jf+csb4Gs1dztOF8+r+7BgMJsnONHI8SMscSeYMbUnFlsBlCkxPFZ
57C3LpXvl/Q2tt6ljW6hU2SNKaliwQ3segxDNbtaYimy0VAX34jJqEBcn1VZMxPM
HsYvRRtrLJOYXH8jFM0XpyWmnXSLT0RkYABFWifVHQr79d1xRgn3wICgfue5AhyV
uwVmOGswTBqqvIFUAxiJIz/3FKMPaphvj8lJkCbqYcFh7HEVIcSIi//5iqcpAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUc9zbyNW1Ei1IlSikpu/1LqsOmyYwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjExNDE1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYWx
AwQAtdffMA0GCSqGSIb3DQEBCwUAA4IBAQCj5P6p509AwijoKkid26gkACgnxwEK
LU8yTJLWGF7GDniz4vrmbXw4oWnsBEv3rWNXaRasP3Acohfz12D3EpkJk6ydbNBj
mAFf3vq5O2LEjKIKKZ5X69MRolUGlXm3o8/ukQdOANCVm/tOBy6juYBz6UBFJPnt
f37/hrtrSoDTFPZAMrCuFcS6FR1eqku16WiKRxVttCd3XFHiv1IETtc3X5wleF6O
2aKpQGnxMresS1k05w+wXak8YTdBg5b/JLC3QMj0cypsoMNTpkxVjxJtwCobfujP
mJqTJcqCnLQzCS9fZpqFCOpQ4ic/t0byROisXSKkHby4zr9z0X/NwWXU
-----END CERTIFICATE-----