Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211432.roa
File:                     AS211432.roa (raw, json)
Hash identifier:          htdBAS6d0BLJb7j2Gglnv1xv9tcxi31xpfVgxFdUSxQ=
Subject key identifier:   00:5D:C6:ED:4C:06:26:9B:D7:88:34:37:FF:D5:E3:71:1A:00:92:CB
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1A77DB5B7CEEA6E760EB31C6B5A0FDAE6CB49A25
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211432.roa
Signing time:             Fri 13 Oct 2023 07:35:23 +0000
ROA not before:           Fri 13 Oct 2023 07:30:23 +0000
ROA not after:            Fri 11 Oct 2024 07:35:23 +0000
asID:                     211432
IP address blocks:        185.170.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:77:db:5b:7c:ee:a6:e7:60:eb:31:c6:b5:a0:fd:ae:6c:b4:9a:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Oct 13 07:30:23 2023 GMT
            Not After : Oct 11 07:35:23 2024 GMT
        Subject: CN=005DC6ED4C06269BD7883437FFD5E3711A0092CB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:4a:f4:83:e8:8d:a8:41:2e:ca:05:fe:09:ba:
                    53:e1:53:cb:95:0e:0e:e6:4f:af:87:8b:88:b5:f3:
                    e3:01:dd:37:54:2c:06:9d:32:44:cb:2b:a9:87:40:
                    fa:5d:4b:34:2d:5c:56:f5:8c:74:c6:84:18:68:11:
                    46:01:06:5a:f7:71:20:54:8a:a7:f8:7e:73:a9:8e:
                    6b:99:ef:e5:8d:0e:60:50:a7:a9:29:88:3e:0e:7e:
                    9e:f2:0c:db:0c:61:aa:ae:7a:81:06:90:8e:01:dc:
                    8d:c4:31:30:ae:55:b9:41:da:da:4e:31:81:d3:bf:
                    4b:8c:72:50:11:95:1a:3b:04:10:97:f0:62:da:4e:
                    67:88:e5:3f:af:d8:c8:65:ad:51:1f:b0:8a:b6:c3:
                    2f:01:59:51:62:13:fb:8b:64:7f:d7:6f:ce:df:57:
                    53:a0:85:0b:ea:22:af:5f:05:8f:9a:99:2a:08:15:
                    0f:5e:59:a9:53:99:23:69:61:6b:3c:85:57:cc:61:
                    6f:88:19:bb:f3:2c:14:5b:7e:3b:4b:02:6c:3d:64:
                    01:60:31:d6:39:bf:2e:cf:3c:36:47:a8:9d:c6:29:
                    61:cb:64:41:91:dc:1d:00:eb:3c:3b:df:94:70:8a:
                    09:b7:5a:71:97:66:39:2a:1f:d1:43:04:d9:5d:96:
                    b3:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:5D:C6:ED:4C:06:26:9B:D7:88:34:37:FF:D5:E3:71:1A:00:92:CB
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.170.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:77:6e:1a:98:f6:b1:c6:7f:82:a0:24:3c:4d:84:88:e1:b0:
         ff:6b:ed:64:b1:6d:7b:05:4c:1c:43:f2:70:c5:b2:d2:d5:26:
         b6:16:f1:41:6a:62:9d:6a:58:0a:cd:79:bb:9e:35:d3:8f:31:
         2b:34:09:9f:7b:fc:29:21:3d:f2:30:1a:76:7d:df:b9:44:89:
         20:77:4a:87:27:44:57:0a:54:9d:17:b0:1f:80:6d:83:c2:16:
         8c:fc:33:17:94:65:48:1f:cb:94:01:a3:58:3a:38:04:d2:82:
         7c:d5:3b:7b:c7:55:74:da:0d:c9:33:dc:0c:2e:63:0a:7a:89:
         1f:8e:ea:0a:6d:58:e1:59:be:2b:a1:47:24:3f:70:a7:a5:2c:
         90:a8:f1:0f:79:99:78:b5:8b:e7:91:ee:96:38:4e:ad:6a:15:
         02:14:b6:c0:09:07:a7:9e:a3:1a:5a:f1:dd:8e:0c:b0:de:95:
         c9:71:db:3f:ce:55:00:78:a1:56:ca:2c:28:34:88:44:f8:a0:
         5a:86:28:f5:55:f0:59:d0:83:5a:d9:e9:4b:ad:84:3b:87:6b:
         73:32:70:84:03:f6:bb:6e:5e:de:78:3a:32:cc:95:1b:b3:ee:
         03:37:8e:42:c0:77:f7:c0:73:ed:38:53:7d:2a:9a:9d:0b:e9:
         12:a6:1d:4c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUGnfbW3zupudg6zHGtaD9rmy0miUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzEwMTMwNzMwMjNaFw0yNDEwMTEwNzM1MjNaMDMxMTAvBgNV
BAMTKDAwNURDNkVENEMwNjI2OUJENzg4MzQzN0ZGRDVFMzcxMUEwMDkyQ0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzSvSD6I2oQS7KBf4JulPhU8uV
Dg7mT6+Hi4i18+MB3TdULAadMkTLK6mHQPpdSzQtXFb1jHTGhBhoEUYBBlr3cSBU
iqf4fnOpjmuZ7+WNDmBQp6kpiD4Ofp7yDNsMYaqueoEGkI4B3I3EMTCuVblB2tpO
MYHTv0uMclARlRo7BBCX8GLaTmeI5T+v2MhlrVEfsIq2wy8BWVFiE/uLZH/Xb87f
V1OghQvqIq9fBY+amSoIFQ9eWalTmSNpYWs8hVfMYW+IGbvzLBRbfjtLAmw9ZAFg
MdY5vy7PPDZHqJ3GKWHLZEGR3B0A6zw735Rwigm3WnGXZjkqH9FDBNldlrOPAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUAF3G7UwGJpvXiDQ3/9XjcRoAksswHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjExNDMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuao4
MA0GCSqGSIb3DQEBCwUAA4IBAQAqd24amPaxxn+CoCQ8TYSI4bD/a+1ksW17BUwc
Q/JwxbLS1Sa2FvFBamKdalgKzXm7njXTjzErNAmfe/wpIT3yMBp2fd+5RIkgd0qH
J0RXClSdF7AfgG2DwhaM/DMXlGVIH8uUAaNYOjgE0oJ81Tt7x1V02g3JM9wMLmMK
eokfjuoKbVjhWb4roUckP3CnpSyQqPEPeZl4tYvnke6WOE6tahUCFLbACQennqMa
WvHdjgyw3pXJcds/zlUAeKFWyiwoNIhE+KBahij1VfBZ0INa2elLrYQ7h2tzMnCE
A/a7bl7eeDoyzJUbs+4DN45CwHf3wHPtOFN9KpqdC+kSph1M
-----END CERTIFICATE-----