Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211826.roa
File:                     AS211826.roa (raw, json)
Hash identifier:          HUOfc1ZyjjgakdrIq1XGDyUT4SQC2VmmoA1slVC/Ceo=
Subject key identifier:   65:B3:F7:57:21:BC:05:43:EE:03:74:09:17:6A:66:A5:78:D2:A0:62
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       62AC7E2D9BC4998E538D730256A73E6927FFC6DB
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211826.roa
Signing time:             Thu 18 Apr 2024 17:25:03 +0000
ROA not before:           Thu 18 Apr 2024 17:20:03 +0000
ROA not after:            Thu 17 Apr 2025 17:25:03 +0000
asID:                     211826
IP address blocks:        179.61.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:ac:7e:2d:9b:c4:99:8e:53:8d:73:02:56:a7:3e:69:27:ff:c6:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr 18 17:20:03 2024 GMT
            Not After : Apr 17 17:25:03 2025 GMT
        Subject: CN=65B3F75721BC0543EE037409176A66A578D2A062
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:26:95:da:e7:1c:d1:09:7f:b1:d5:3f:bd:37:
                    25:b0:45:a1:28:67:2c:1a:8f:a1:4e:da:81:eb:bb:
                    d8:21:5c:42:4b:b5:ac:f8:4b:99:74:c6:9a:1f:b5:
                    04:ef:cf:e1:38:41:04:50:2e:e7:75:3c:ed:55:3e:
                    ad:b7:83:21:89:d3:17:0d:48:70:8b:ba:61:af:b4:
                    52:e0:e8:bf:3c:83:b5:22:0b:55:c8:5c:3e:47:4f:
                    8c:7e:66:4e:3d:45:ac:5c:df:67:2f:62:91:9e:e1:
                    4b:18:b4:47:36:3d:bf:84:78:5e:2b:18:b0:2d:b1:
                    63:72:b4:cc:ac:7f:44:2f:cf:7f:e8:a1:31:92:bc:
                    41:22:1f:5b:21:c6:fc:bd:4e:65:c9:9a:d1:e1:a8:
                    39:ad:34:6f:3a:fd:cb:f3:cb:f0:ee:99:da:7b:fb:
                    f3:bc:e2:07:0a:d3:d3:a5:34:4f:5e:0a:19:c7:f0:
                    f7:7f:92:64:ad:65:8c:5b:3e:1c:1d:75:39:9a:b0:
                    70:a3:91:06:d9:97:13:9c:da:17:fa:03:61:c7:9a:
                    37:74:cd:55:f9:82:ed:c5:97:e3:a0:65:38:a4:7c:
                    52:cf:2d:40:3d:a3:b5:b4:86:dc:cd:c3:a5:77:8c:
                    e3:4b:a7:25:95:94:45:ab:4b:96:d2:40:76:75:50:
                    75:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:B3:F7:57:21:BC:05:43:EE:03:74:09:17:6A:66:A5:78:D2:A0:62
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211826.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:ea:93:46:eb:46:80:d9:87:c1:60:3a:03:0e:97:32:47:c4:
         cd:27:f8:93:0e:82:43:5b:c5:05:3b:2c:e1:1c:cb:6e:f7:fe:
         17:74:c5:63:f2:b6:5c:48:3e:8e:c3:43:c7:84:de:3e:ba:48:
         9c:55:30:58:84:85:e6:b8:00:46:2b:60:be:7d:fa:4c:d1:b2:
         0d:09:d4:49:05:96:f7:b4:66:8c:94:2e:ca:e6:7e:33:42:6b:
         37:44:1f:a6:18:79:ad:a6:c7:5c:e7:33:ed:fa:f8:12:62:fe:
         83:fc:1f:74:af:2e:23:6a:d8:5e:12:71:80:2d:36:2d:90:17:
         32:e6:9d:26:ae:f7:99:e1:9d:bd:27:50:56:54:c8:15:05:ce:
         72:39:4d:0c:a9:85:bc:fc:cc:b6:16:c0:8a:c1:d2:3b:18:ff:
         d1:ac:9a:48:9c:10:8b:62:1c:ac:e1:f8:3d:78:91:ee:5a:67:
         db:a2:11:ac:6e:b6:01:ff:ed:89:0c:d6:02:b5:4e:50:16:1c:
         a5:ca:2c:21:0e:a1:ae:45:37:7e:20:55:2d:a2:ca:b7:89:82:
         1d:f6:89:20:6f:6e:56:9f:04:9c:a2:df:f4:2b:28:b3:31:b1:
         21:04:71:12:ef:21:41:36:f5:b9:7b:14:71:32:24:33:6f:56:
         8a:cf:56:29
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUYqx+LZvEmY5TjXMCVqc+aSf/xtswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA0MTgxNzIwMDNaFw0yNTA0MTcxNzI1MDNaMDMxMTAvBgNV
BAMTKDY1QjNGNzU3MjFCQzA1NDNFRTAzNzQwOTE3NkE2NkE1NzhEMkEwNjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAJpXa5xzRCX+x1T+9NyWwRaEo
Zywaj6FO2oHru9ghXEJLtaz4S5l0xpoftQTvz+E4QQRQLud1PO1VPq23gyGJ0xcN
SHCLumGvtFLg6L88g7UiC1XIXD5HT4x+Zk49Raxc32cvYpGe4UsYtEc2Pb+EeF4r
GLAtsWNytMysf0Qvz3/ooTGSvEEiH1shxvy9TmXJmtHhqDmtNG86/cvzy/Dumdp7
+/O84gcK09OlNE9eChnH8Pd/kmStZYxbPhwddTmasHCjkQbZlxOc2hf6A2HHmjd0
zVX5gu3Fl+OgZTikfFLPLUA9o7W0htzNw6V3jONLpyWVlEWrS5bSQHZ1UHVfAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUZbP3VyG8BUPuA3QJF2pmpXjSoGIwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjExODI2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsz2x
MA0GCSqGSIb3DQEBCwUAA4IBAQBz6pNG60aA2YfBYDoDDpcyR8TNJ/iTDoJDW8UF
OyzhHMtu9/4XdMVj8rZcSD6Ow0PHhN4+ukicVTBYhIXmuABGK2C+ffpM0bINCdRJ
BZb3tGaMlC7K5n4zQms3RB+mGHmtpsdc5zPt+vgSYv6D/B90ry4jatheEnGALTYt
kBcy5p0mrveZ4Z29J1BWVMgVBc5yOU0MqYW8/My2FsCKwdI7GP/RrJpInBCLYhys
4fg9eJHuWmfbohGsbrYB/+2JDNYCtU5QFhylyiwhDqGuRTd+IFUtosq3iYId9okg
b25WnwScot/0KyizMbEhBHES7yFBNvW5exRxMiQzb1aKz1Yp
-----END CERTIFICATE-----