Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211415.roa
File:                     AS211415.roa (raw, json)
Hash identifier:          WY/+sp4xTluJ3o+giuOcJy7en1oKyb2xHdkYh/Yrcxs=
Subject key identifier:   20:71:2D:2B:C8:A7:E6:F6:96:19:2B:3F:6E:DD:36:EB:E9:03:67:FB
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       2A06FFF420590333727D36E73DA6EFAB68A48CD0
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211415.roa
Signing time:             Fri 06 Oct 2023 00:00:06 +0000
ROA not before:           Thu 05 Oct 2023 23:55:06 +0000
ROA not after:            Fri 04 Oct 2024 00:00:06 +0000
asID:                     211415
IP address blocks:        45.133.177.0/24 maxlen: 24
                          181.215.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 04:39:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:06:ff:f4:20:59:03:33:72:7d:36:e7:3d:a6:ef:ab:68:a4:8c:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Oct  5 23:55:06 2023 GMT
            Not After : Oct  4 00:00:06 2024 GMT
        Subject: CN=20712D2BC8A7E6F696192B3F6EDD36EBE90367FB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:a5:5f:98:24:d2:f2:a1:4d:e3:55:44:21:24:
                    61:36:a8:4a:2f:cb:82:8c:40:98:8a:51:4f:de:c1:
                    77:b9:df:f9:d9:23:d3:7b:52:0c:f0:d2:4c:a2:74:
                    50:60:28:ea:21:8f:0a:b9:60:78:dc:42:b2:e3:ba:
                    73:a1:7d:0c:84:23:92:a9:ba:39:af:01:cb:f2:9a:
                    71:97:e3:80:27:86:f9:8a:bd:4c:01:28:3f:4e:04:
                    82:5f:e1:24:5f:39:bc:f4:70:04:ef:45:a3:63:a5:
                    cb:84:81:d5:56:85:12:4a:10:60:0e:7c:43:3a:c3:
                    51:a2:16:96:9e:a4:02:05:9f:3a:76:a7:06:37:ef:
                    0b:ee:ec:60:28:28:b2:d5:e4:d5:c8:fd:06:23:9a:
                    0d:50:1c:55:fe:e7:7f:ac:9e:67:ea:ac:46:9b:48:
                    4c:5d:84:54:c7:01:bf:e4:90:8c:b1:cd:9a:f9:63:
                    a7:9f:7c:fe:bb:1a:0f:83:64:c2:ca:fb:3b:ef:75:
                    fe:40:61:4d:d1:d2:bc:38:bd:49:24:3b:16:86:f7:
                    d7:bf:89:e7:7f:3b:69:52:fc:2e:78:08:7e:c0:98:
                    8b:a0:3f:4d:c8:64:b5:a1:17:18:68:06:a8:af:48:
                    7a:9a:c0:9e:26:e8:8f:cb:e7:06:f4:c8:b3:c3:e5:
                    7c:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:71:2D:2B:C8:A7:E6:F6:96:19:2B:3F:6E:DD:36:EB:E9:03:67:FB
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211415.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.177.0/24
                  181.215.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:95:74:18:e9:0b:f0:cd:2c:72:b8:24:0c:fe:20:ba:74:c3:
         e0:b4:f6:26:3c:60:94:86:00:d7:ac:6d:a6:17:86:53:55:7f:
         6b:b7:98:fc:12:95:99:7a:29:40:27:fa:b3:b4:e7:d8:5b:0b:
         44:f7:dd:74:58:42:d9:a5:e3:e3:ba:5d:7e:bf:da:b0:58:00:
         32:2c:79:f9:d2:8a:13:e8:cf:81:45:cc:35:8b:e5:1c:86:1d:
         75:dc:99:f7:4a:79:a6:d3:b5:c3:d0:df:bd:05:59:f0:74:cc:
         b0:11:48:4e:56:f7:f6:83:1a:de:5f:a0:58:81:92:a2:44:52:
         90:14:e0:f5:27:f3:68:d5:67:b4:8c:cf:75:45:a7:7d:50:fc:
         2b:a8:d2:2c:57:a5:ab:dd:ad:08:d9:77:a9:13:3b:b5:0b:2c:
         e7:3d:86:04:0e:d9:29:ea:8e:68:ba:88:a4:ff:bd:14:1e:2c:
         58:c0:5f:e7:1e:8c:b0:ac:f3:e7:64:ab:a9:73:8b:1a:eb:b8:
         01:d1:70:73:d8:46:f4:a7:b7:bf:01:6c:a0:02:0b:72:e7:a1:
         eb:20:f9:8c:4c:d1:ca:ae:9d:64:9f:99:24:0d:f8:22:f7:e8:
         75:46:fd:6e:a6:38:b4:da:5d:61:c5:b6:a0:8c:eb:0b:b4:00:
         58:b6:89:cd
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUKgb/9CBZAzNyfTbnPabvq2ikjNAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzEwMDUyMzU1MDZaFw0yNDEwMDQwMDAwMDZaMDMxMTAvBgNV
BAMTKDIwNzEyRDJCQzhBN0U2RjY5NjE5MkIzRjZFREQzNkVCRTkwMzY3RkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvpV+YJNLyoU3jVUQhJGE2qEov
y4KMQJiKUU/ewXe53/nZI9N7Ugzw0kyidFBgKOohjwq5YHjcQrLjunOhfQyEI5Kp
ujmvAcvymnGX44AnhvmKvUwBKD9OBIJf4SRfObz0cATvRaNjpcuEgdVWhRJKEGAO
fEM6w1GiFpaepAIFnzp2pwY37wvu7GAoKLLV5NXI/QYjmg1QHFX+53+snmfqrEab
SExdhFTHAb/kkIyxzZr5Y6effP67Gg+DZMLK+zvvdf5AYU3R0rw4vUkkOxaG99e/
ied/O2lS/C54CH7AmIugP03IZLWhFxhoBqivSHqawJ4m6I/L5wb0yLPD5XwvAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUIHEtK8in5vaWGSs/bt026+kDZ/swHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjExNDE1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYWx
AwQAtdffMA0GCSqGSIb3DQEBCwUAA4IBAQCjlXQY6QvwzSxyuCQM/iC6dMPgtPYm
PGCUhgDXrG2mF4ZTVX9rt5j8EpWZeilAJ/qztOfYWwtE9910WELZpePjul1+v9qw
WAAyLHn50ooT6M+BRcw1i+Uchh113Jn3Snmm07XD0N+9BVnwdMywEUhOVvf2gxre
X6BYgZKiRFKQFOD1J/No1We0jM91Rad9UPwrqNIsV6Wr3a0I2XepEzu1CyznPYYE
Dtkp6o5ouoik/70UHixYwF/nHoywrPPnZKupc4sa67gB0XBz2Eb0p7e/AWygAgty
56HrIPmMTNHKrp1kn5kkDfgi9+h1Rv1upji02l1hxbagjOsLtABYtonN
-----END CERTIFICATE-----