Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211440.roa
File:                     AS211440.roa (raw, json)
Hash identifier:          WTEIG0cArE7KcsJfu4I6UrWdXaNrn4+1UV2/yB76kCQ=
Subject key identifier:   1F:80:48:C9:56:91:F9:DB:E8:0E:66:F7:CA:9C:C7:77:1A:97:5A:A9
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       66038CD7121A017A5AC5D32CBA57433C81CFA5EE
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211440.roa
Signing time:             Mon 26 Jun 2023 14:11:49 +0000
ROA not before:           Mon 26 Jun 2023 14:06:49 +0000
ROA not after:            Mon 24 Jun 2024 14:11:49 +0000
asID:                     211440
IP address blocks:        179.61.250.0/24 maxlen: 24
                          181.214.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 04:39:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:03:8c:d7:12:1a:01:7a:5a:c5:d3:2c:ba:57:43:3c:81:cf:a5:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 26 14:06:49 2023 GMT
            Not After : Jun 24 14:11:49 2024 GMT
        Subject: CN=1F8048C95691F9DBE80E66F7CA9CC7771A975AA9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:0c:9c:30:7e:c0:45:a1:74:25:59:3e:d4:aa:
                    9f:29:d2:67:9f:d3:07:68:e8:4d:41:7a:2b:b2:03:
                    05:ad:4b:bd:b6:af:6a:e7:52:1f:ce:06:18:e3:97:
                    8f:2d:7f:93:1c:d5:13:73:87:c3:86:72:ae:51:c8:
                    7e:e1:b5:f3:21:85:bd:68:dc:f3:bd:f3:2d:1b:29:
                    68:bf:cd:09:de:2e:f8:a0:2f:63:b5:8d:bc:0c:e6:
                    ea:14:46:62:15:9b:37:bf:af:8a:57:1c:1e:5c:dd:
                    5c:64:f8:b3:16:f1:c7:6e:18:e1:e3:d8:3b:d6:07:
                    74:01:e5:45:38:e0:a5:b9:c6:ee:b7:83:70:b3:f3:
                    a9:44:c2:34:b0:4f:7d:a3:55:91:4a:e2:95:6a:2b:
                    1c:0a:e6:ba:01:03:02:c7:1c:4f:7d:c2:b1:dc:76:
                    b0:81:ed:b2:92:d5:33:19:66:e6:07:5a:aa:8a:cd:
                    11:d8:65:ed:ee:0b:35:f4:95:65:f9:3b:0f:38:93:
                    00:f9:be:cf:fd:43:02:aa:a8:ab:10:81:7f:7f:07:
                    84:d6:c7:69:3f:9b:56:b6:4f:d5:ff:04:bb:d9:08:
                    b1:c6:b0:0d:d7:dc:b4:fd:b4:3b:89:d6:78:8e:80:
                    86:b5:8e:15:5d:4f:04:bd:24:b6:df:c0:c5:15:d3:
                    6f:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:80:48:C9:56:91:F9:DB:E8:0E:66:F7:CA:9C:C7:77:1A:97:5A:A9
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211440.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.250.0/24
                  181.214.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:f5:70:41:65:94:d2:06:fb:f8:a5:20:c4:4a:44:47:8b:db:
         e2:2d:4b:e2:25:4a:70:0b:c3:9e:14:cf:48:cb:ad:50:c2:26:
         70:0b:3a:1f:a8:c4:8a:73:3e:78:86:04:89:97:cb:9b:43:70:
         c4:20:33:53:5d:b4:37:3a:45:68:50:9d:7f:c2:05:9d:55:6a:
         1d:25:6d:08:b7:cd:22:9c:9b:3a:54:bb:ea:d6:c7:6c:5f:86:
         0f:65:64:02:72:29:22:1c:4d:d4:c6:65:98:29:6c:4c:79:c3:
         51:59:80:e8:de:b1:84:8f:85:b5:b9:32:db:9d:ac:96:ab:68:
         42:5b:8f:a1:f0:1d:94:56:03:42:b4:0a:88:5f:0e:f3:49:09:
         02:68:68:a1:b0:35:12:6e:f8:c1:6a:d7:23:ca:49:8c:e2:f9:
         40:08:34:d7:ef:ca:24:9a:4c:39:71:f4:c6:dc:21:2a:b8:a1:
         3a:b4:d5:20:ae:43:03:07:cc:10:11:fd:89:31:bc:fe:35:1c:
         7b:7b:8a:7f:f3:a3:5e:eb:2d:57:40:42:81:0c:54:2c:81:1e:
         12:b4:cb:83:dd:2a:6c:bf:f4:5d:9d:e9:2b:26:c2:ce:5b:8b:
         bc:f4:ff:21:3b:3d:b4:48:a2:52:f6:7d:85:39:77:27:75:ef:
         69:ca:35:e6
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUZgOM1xIaAXpaxdMsuldDPIHPpe4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzA2MjYxNDA2NDlaFw0yNDA2MjQxNDExNDlaMDMxMTAvBgNV
BAMTKDFGODA0OEM5NTY5MUY5REJFODBFNjZGN0NBOUNDNzc3MUE5NzVBQTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1DJwwfsBFoXQlWT7Uqp8p0mef
0wdo6E1BeiuyAwWtS722r2rnUh/OBhjjl48tf5Mc1RNzh8OGcq5RyH7htfMhhb1o
3PO98y0bKWi/zQneLvigL2O1jbwM5uoURmIVmze/r4pXHB5c3Vxk+LMW8cduGOHj
2DvWB3QB5UU44KW5xu63g3Cz86lEwjSwT32jVZFK4pVqKxwK5roBAwLHHE99wrHc
drCB7bKS1TMZZuYHWqqKzRHYZe3uCzX0lWX5Ow84kwD5vs/9QwKqqKsQgX9/B4TW
x2k/m1a2T9X/BLvZCLHGsA3X3LT9tDuJ1niOgIa1jhVdTwS9JLbfwMUV028tAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUH4BIyVaR+dvoDmb3ypzHdxqXWqkwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjExNDQwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsz36
AwQAtda8MA0GCSqGSIb3DQEBCwUAA4IBAQBv9XBBZZTSBvv4pSDESkRHi9viLUvi
JUpwC8OeFM9Iy61QwiZwCzofqMSKcz54hgSJl8ubQ3DEIDNTXbQ3OkVoUJ1/wgWd
VWodJW0It80inJs6VLvq1sdsX4YPZWQCcikiHE3UxmWYKWxMecNRWYDo3rGEj4W1
uTLbnayWq2hCW4+h8B2UVgNCtAqIXw7zSQkCaGihsDUSbvjBatcjykmM4vlACDTX
78okmkw5cfTG3CEquKE6tNUgrkMDB8wQEf2JMbz+NRx7e4p/86Ne6y1XQEKBDFQs
gR4StMuD3Spsv/RdnekrJsLOW4u89P8hOz20SKJS9n2FOXcnde9pyjXm
-----END CERTIFICATE-----