Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211440.roa
File:                     AS211440.roa (raw, json)
Hash identifier:          E+4Kz6QExUUxJrgaghg6bq4kBpQ3fvfuPkFauggcROQ=
Subject key identifier:   11:95:D4:D7:33:A6:DF:A6:54:FD:FD:98:D6:5A:4F:60:8A:52:32:A5
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       012276CDF46C771E19CF14DCB1480F47F40C1464
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211440.roa
Signing time:             Mon 27 May 2024 15:05:16 +0000
ROA not before:           Mon 27 May 2024 15:00:16 +0000
ROA not after:            Mon 26 May 2025 15:05:16 +0000
asID:                     211440
IP address blocks:        179.61.250.0/24 maxlen: 24
                          181.214.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:22:76:cd:f4:6c:77:1e:19:cf:14:dc:b1:48:0f:47:f4:0c:14:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 27 15:00:16 2024 GMT
            Not After : May 26 15:05:16 2025 GMT
        Subject: CN=1195D4D733A6DFA654FDFD98D65A4F608A5232A5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:7b:90:b8:97:3f:f6:cc:65:ee:66:4c:42:69:
                    80:1b:76:84:b8:75:6f:27:9b:af:13:e4:1f:e2:9c:
                    a6:18:51:d9:ea:20:cf:93:3f:d5:54:e6:de:4c:91:
                    49:22:8b:96:0a:fc:cc:e7:01:9f:bc:c5:a0:5f:00:
                    6a:42:99:35:08:6a:d2:19:ed:e7:79:cf:34:a0:e6:
                    6b:07:95:ee:53:48:19:63:95:50:39:b7:a0:37:e0:
                    b2:5b:e9:1e:86:dc:e6:c2:1e:6c:e1:72:b6:e8:78:
                    62:b5:af:bf:d0:bb:61:ac:93:40:71:14:0e:47:28:
                    81:38:1b:46:39:84:07:36:eb:cc:fd:2b:ce:e6:7a:
                    a1:f3:0b:fa:c9:8c:db:b7:fe:87:10:ed:89:6c:bc:
                    7d:fb:e2:b1:ff:57:9d:64:53:a4:1b:36:c5:7b:a3:
                    d7:5f:51:56:a7:9c:2d:da:a0:59:45:9b:29:a6:74:
                    ea:1b:34:1d:61:a2:c1:dc:ec:67:6f:b6:19:a7:cb:
                    ee:dc:f2:05:1b:71:f8:95:e9:07:7f:62:cc:94:a5:
                    70:d9:6c:05:4f:8f:16:8a:c3:af:7d:f8:f2:e4:a3:
                    ee:9f:a1:e0:2c:62:b3:d7:57:1e:31:69:c0:9f:de:
                    e0:b9:ed:28:f9:86:f6:4f:d5:0d:57:5d:53:68:f3:
                    2b:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:95:D4:D7:33:A6:DF:A6:54:FD:FD:98:D6:5A:4F:60:8A:52:32:A5
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211440.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.250.0/24
                  181.214.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:bd:70:c6:db:47:ec:6c:dc:dc:c0:f2:f6:2f:5d:2a:05:c3:
         0e:24:51:cb:c1:fd:9b:63:62:f1:6d:82:e7:0e:15:15:b7:fd:
         2d:20:41:fc:20:37:48:b7:a7:17:ad:da:6e:4e:68:d1:e5:ec:
         d4:8f:7c:be:6a:15:3a:e7:c3:95:2b:ca:10:d4:69:b8:a6:3c:
         b1:b1:03:c0:88:97:96:5a:9f:06:9b:55:8d:1d:d1:64:a8:6f:
         18:87:a6:a1:30:19:c4:33:ea:53:93:8a:fa:78:01:29:1f:dd:
         bd:a2:57:7a:39:2f:f0:4d:44:3b:e3:4b:33:ea:ab:e2:4d:fd:
         ba:c2:93:e4:9a:b0:c5:21:05:a1:f1:e7:17:f3:f8:4a:05:ae:
         a3:54:39:bd:9c:6f:ef:e9:9a:1d:35:13:67:49:89:f6:89:ac:
         0e:a3:f3:27:56:ee:f9:f0:47:f4:8a:2a:19:fa:55:10:e2:52:
         ca:48:01:0f:ff:ba:f5:c8:a3:3d:ed:3a:af:1f:ba:f7:11:a5:
         14:a2:0b:2e:07:c7:d2:ec:e2:2b:79:5a:52:51:f4:5f:c4:b6:
         fc:9f:61:22:7c:12:92:f4:dd:cb:16:48:2c:c0:db:23:fe:43:
         8b:ed:55:1a:8e:dc:6e:a9:ed:6d:8f:09:ac:61:43:29:24:ee:
         64:b9:0c:dd
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUASJ2zfRsdx4ZzxTcsUgPR/QMFGQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA1MjcxNTAwMTZaFw0yNTA1MjYxNTA1MTZaMDMxMTAvBgNV
BAMTKDExOTVENEQ3MzNBNkRGQTY1NEZERkQ5OEQ2NUE0RjYwOEE1MjMyQTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJe5C4lz/2zGXuZkxCaYAbdoS4
dW8nm68T5B/inKYYUdnqIM+TP9VU5t5MkUkii5YK/MznAZ+8xaBfAGpCmTUIatIZ
7ed5zzSg5msHle5TSBljlVA5t6A34LJb6R6G3ObCHmzhcrboeGK1r7/Qu2Gsk0Bx
FA5HKIE4G0Y5hAc268z9K87meqHzC/rJjNu3/ocQ7YlsvH374rH/V51kU6QbNsV7
o9dfUVannC3aoFlFmymmdOobNB1hosHc7Gdvthmny+7c8gUbcfiV6Qd/YsyUpXDZ
bAVPjxaKw699+PLko+6foeAsYrPXVx4xacCf3uC57Sj5hvZP1Q1XXVNo8ysPAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUEZXU1zOm36ZU/f2Y1lpPYIpSMqUwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjExNDQwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsz36
AwQAtda8MA0GCSqGSIb3DQEBCwUAA4IBAQAZvXDG20fsbNzcwPL2L10qBcMOJFHL
wf2bY2LxbYLnDhUVt/0tIEH8IDdIt6cXrdpuTmjR5ezUj3y+ahU658OVK8oQ1Gm4
pjyxsQPAiJeWWp8Gm1WNHdFkqG8Yh6ahMBnEM+pTk4r6eAEpH929old6OS/wTUQ7
40sz6qviTf26wpPkmrDFIQWh8ecX8/hKBa6jVDm9nG/v6ZodNRNnSYn2iawOo/Mn
Vu758Ef0iioZ+lUQ4lLKSAEP/7r1yKM97TqvH7r3EaUUogsuB8fS7OIreVpSUfRf
xLb8n2EifBKS9N3LFkgswNsj/kOL7VUajtxuqe1tjwmsYUMpJO5kuQzd
-----END CERTIFICATE-----