Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211810.roa
File:                     AS211810.roa (raw, json)
Hash identifier:          cxe+IySRdBT7NEe/SmqLHGOfR+9FPLoZJnnZ0B7b24I=
Subject key identifier:   A5:4B:03:16:C4:26:92:91:5C:B7:A7:14:29:88:DE:31:61:FC:02:2C
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       09F7E170807AF8BD134C3C4D75B0993E516588E5
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211810.roa
Signing time:             Thu 22 Feb 2024 14:05:13 +0000
ROA not before:           Thu 22 Feb 2024 14:00:13 +0000
ROA not after:            Thu 20 Feb 2025 14:05:13 +0000
asID:                     211810
IP address blocks:        181.215.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:f7:e1:70:80:7a:f8:bd:13:4c:3c:4d:75:b0:99:3e:51:65:88:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb 22 14:00:13 2024 GMT
            Not After : Feb 20 14:05:13 2025 GMT
        Subject: CN=A54B0316C42692915CB7A7142988DE3161FC022C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:3f:f3:b7:a2:cf:21:2d:17:31:ca:11:d9:07:
                    7a:c8:31:46:e0:88:60:2d:f4:f0:24:b4:27:1b:27:
                    48:e0:9d:ee:06:ce:b1:9c:eb:80:19:03:af:4f:a1:
                    3d:47:f7:42:57:f4:58:ec:8a:3f:79:64:fe:7e:5e:
                    f5:b9:17:13:c3:c7:c8:a1:8b:95:16:37:7d:7b:99:
                    a8:4e:e5:1b:eb:37:a9:e0:58:f8:60:c2:50:d2:15:
                    75:d1:cc:dd:57:e8:c2:31:e0:93:f8:f2:f2:98:f8:
                    7d:26:89:87:80:31:8b:96:db:f3:33:b9:7e:09:24:
                    7b:fd:5f:46:d7:95:d3:75:9b:15:51:a5:34:9f:84:
                    2b:46:cb:3a:b2:28:88:8f:0a:85:7e:15:4e:97:6a:
                    f5:34:e9:22:12:3f:31:ff:e0:5b:9f:34:4c:c8:91:
                    99:f0:35:81:f1:4f:07:23:e1:58:b1:49:f1:90:48:
                    cd:0d:4b:79:cc:69:4e:3e:b6:4e:b3:52:dd:18:1c:
                    c3:e4:28:44:c9:5e:50:c5:13:e8:1e:cc:76:02:cf:
                    9a:57:7a:50:01:52:da:1a:1b:ad:15:ac:ae:3f:02:
                    be:50:95:4b:9d:b5:c2:8c:b5:66:34:22:e0:96:f9:
                    e9:17:f9:8a:d5:5b:67:19:84:6a:98:06:79:77:08:
                    b3:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:4B:03:16:C4:26:92:91:5C:B7:A7:14:29:88:DE:31:61:FC:02:2C
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211810.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:b4:02:c0:7d:f2:1f:0f:cf:fe:16:3a:66:a6:9a:57:e4:ae:
         c0:ef:2c:a1:ac:84:a2:6a:25:92:c7:06:00:c2:ff:b6:cb:03:
         d1:15:53:98:57:89:11:04:ff:5d:ae:91:29:7f:26:97:71:87:
         ad:61:03:11:d7:f0:0f:96:ff:54:af:66:9d:b8:f8:1c:2e:17:
         4b:1f:10:34:e0:92:7b:b4:1d:04:f0:64:e2:4c:87:1a:01:67:
         e6:a3:6d:96:70:bb:09:62:91:a0:ce:b2:6c:0c:bd:7c:49:65:
         32:d2:c4:76:7e:69:61:44:75:60:f1:97:a3:3c:94:32:27:97:
         91:e3:25:de:db:d1:a1:09:d2:4e:fe:01:7f:7a:3c:d9:99:94:
         cc:8b:54:0f:df:1a:98:6e:19:26:3b:6f:e1:46:8d:a4:36:99:
         98:46:eb:13:f2:a5:f7:12:89:f8:7b:f3:fc:fa:5d:0e:e2:b3:
         45:ff:68:58:eb:66:5d:88:de:b9:ed:1e:97:4c:db:9c:a7:42:
         ed:fc:d4:22:a5:66:b5:13:64:bf:52:2c:c4:92:98:30:59:67:
         e4:7f:4f:f2:bd:4f:16:1c:bd:d9:9e:5c:1b:48:77:db:b4:b0:
         2c:d8:06:67:95:fc:36:30:6b:3d:58:09:ce:56:0d:b8:0a:1c:
         4e:5f:f9:9b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUCffhcIB6+L0TTDxNdbCZPlFliOUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAyMjIxNDAwMTNaFw0yNTAyMjAxNDA1MTNaMDMxMTAvBgNV
BAMTKEE1NEIwMzE2QzQyNjkyOTE1Q0I3QTcxNDI5ODhERTMxNjFGQzAyMkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdP/O3os8hLRcxyhHZB3rIMUbg
iGAt9PAktCcbJ0jgne4GzrGc64AZA69PoT1H90JX9Fjsij95ZP5+XvW5FxPDx8ih
i5UWN317mahO5RvrN6ngWPhgwlDSFXXRzN1X6MIx4JP48vKY+H0miYeAMYuW2/Mz
uX4JJHv9X0bXldN1mxVRpTSfhCtGyzqyKIiPCoV+FU6XavU06SISPzH/4FufNEzI
kZnwNYHxTwcj4VixSfGQSM0NS3nMaU4+tk6zUt0YHMPkKETJXlDFE+gezHYCz5pX
elABUtoaG60VrK4/Ar5QlUudtcKMtWY0IuCW+ekX+YrVW2cZhGqYBnl3CLMBAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUpUsDFsQmkpFct6cUKYjeMWH8AiwwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjExODEwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdcg
MA0GCSqGSIb3DQEBCwUAA4IBAQBLtALAffIfD8/+FjpmpppX5K7A7yyhrISiaiWS
xwYAwv+2ywPRFVOYV4kRBP9drpEpfyaXcYetYQMR1/APlv9Ur2aduPgcLhdLHxA0
4JJ7tB0E8GTiTIcaAWfmo22WcLsJYpGgzrJsDL18SWUy0sR2fmlhRHVg8ZejPJQy
J5eR4yXe29GhCdJO/gF/ejzZmZTMi1QP3xqYbhkmO2/hRo2kNpmYRusT8qX3Eon4
e/P8+l0O4rNF/2hY62ZdiN657R6XTNucp0Lt/NQipWa1E2S/UizEkpgwWWfkf0/y
vU8WHL3ZnlwbSHfbtLAs2AZnlfw2MGs9WAnOVg24ChxOX/mb
-----END CERTIFICATE-----