Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211936.roa
File:                     AS211936.roa (raw, json)
Hash identifier:          afX8wpnpgfr160KZOQC+j8VzwHmIOImtecHLBwJpTX8=
Subject key identifier:   E7:52:B8:42:09:81:59:C6:74:E3:79:15:25:E5:CD:70:DC:F8:2A:E1
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       672CD7FAB1A46F1B793DDA5231FFCBAE02811D29
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211936.roa
Signing time:             Sun 10 Nov 2024 13:43:27 +0000
ROA not before:           Sun 10 Nov 2024 13:38:27 +0000
ROA not after:            Sun 09 Nov 2025 13:43:27 +0000
asID:                     211936
IP address blocks:        45.139.182.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:2c:d7:fa:b1:a4:6f:1b:79:3d:da:52:31:ff:cb:ae:02:81:1d:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Nov 10 13:38:27 2024 GMT
            Not After : Nov  9 13:43:27 2025 GMT
        Subject: CN=E752B842098159C674E3791525E5CD70DCF82AE1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:44:2e:48:47:4a:ca:0c:01:7c:fe:18:b7:7b:
                    1f:96:8d:7f:32:3b:21:a3:29:40:0f:55:38:56:b2:
                    6a:90:1c:68:4b:14:4c:5d:4a:af:fe:67:d9:af:4b:
                    94:0b:63:0d:65:da:b7:2b:27:38:4b:c2:c5:dc:d5:
                    b2:46:cd:b1:56:60:13:9d:93:29:1a:cc:67:61:c5:
                    7e:a5:31:5d:b3:4c:63:21:19:ff:00:5d:c0:76:bf:
                    85:00:2e:60:8d:34:36:96:56:34:5c:74:83:77:78:
                    6c:20:bb:63:48:8d:a0:cf:30:a8:b9:e8:d4:8c:03:
                    e6:bd:de:20:e7:75:ee:85:4e:fb:5f:61:c6:15:3d:
                    34:62:3a:34:b4:8d:4d:63:c7:56:92:b0:90:c5:80:
                    8c:2c:5a:79:d4:60:4e:97:cc:40:f0:ce:a3:cf:60:
                    e0:22:40:aa:a7:10:72:e5:21:e5:77:ef:22:fa:fa:
                    a8:9b:eb:5f:28:62:18:50:72:cc:6f:f6:99:e4:b0:
                    f8:78:c0:34:72:76:1d:06:ff:4f:68:62:b8:5c:0f:
                    fd:83:6e:ca:df:5a:94:a1:f5:08:0f:b3:7e:dd:20:
                    8f:d8:ca:71:be:9c:5e:d1:70:06:02:cf:0d:83:7c:
                    36:06:7d:d0:1a:ba:ba:77:b9:d3:77:57:f4:3d:30:
                    b9:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:52:B8:42:09:81:59:C6:74:E3:79:15:25:E5:CD:70:DC:F8:2A:E1
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211936.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4f:9c:b8:ed:e6:69:2d:36:56:05:c9:cb:66:d5:2f:c3:66:1c:
         1c:80:5e:8f:71:b2:a6:88:17:e2:c0:67:0d:df:55:f6:a9:19:
         ac:64:79:d5:0b:72:92:1b:58:24:3e:bc:ed:ee:8a:3c:8a:b7:
         0f:55:ec:1f:03:16:26:eb:68:7c:bf:d0:9d:76:26:d2:e1:10:
         bf:75:32:ea:5a:a2:72:8e:61:68:d9:3d:92:9f:0a:14:a9:5a:
         a9:d3:a0:ce:5e:94:fb:23:87:cd:fd:49:22:73:12:3d:57:5d:
         c9:2f:c2:0e:ff:f9:3e:68:21:e5:4f:85:92:f6:c4:ba:04:cb:
         8a:d6:aa:be:35:25:7b:fd:a5:cd:a0:d8:46:3a:99:26:44:f4:
         43:0a:b0:ab:0b:76:32:ee:da:ba:eb:ce:78:c1:6e:65:8e:85:
         ae:0f:12:14:0a:03:cc:68:d7:37:e8:3a:a3:64:97:08:72:cd:
         b1:bd:c9:5b:01:b9:1d:1c:e3:db:f2:f1:e3:d6:1c:86:bd:07:
         ab:15:bd:89:ae:1c:83:89:01:0b:06:e3:b3:36:e9:14:19:c6:
         43:1d:5e:5b:68:6d:18:1d:eb:5a:81:db:34:12:b8:99:1a:36:
         53:ef:22:92:d9:18:8a:fe:d6:c4:fa:00:43:ae:ff:1d:8b:8f:
         c0:72:18:25
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUZyzX+rGkbxt5PdpSMf/LrgKBHSkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDExMTAxMzM4MjdaFw0yNTExMDkxMzQzMjdaMDMxMTAvBgNV
BAMTKEU3NTJCODQyMDk4MTU5QzY3NEUzNzkxNTI1RTVDRDcwRENGODJBRTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwRC5IR0rKDAF8/hi3ex+WjX8y
OyGjKUAPVThWsmqQHGhLFExdSq/+Z9mvS5QLYw1l2rcrJzhLwsXc1bJGzbFWYBOd
kykazGdhxX6lMV2zTGMhGf8AXcB2v4UALmCNNDaWVjRcdIN3eGwgu2NIjaDPMKi5
6NSMA+a93iDnde6FTvtfYcYVPTRiOjS0jU1jx1aSsJDFgIwsWnnUYE6XzEDwzqPP
YOAiQKqnEHLlIeV37yL6+qib618oYhhQcsxv9pnksPh4wDRydh0G/09oYrhcD/2D
bsrfWpSh9QgPs37dII/YynG+nF7RcAYCzw2DfDYGfdAaurp3udN3V/Q9MLlLAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU51K4QgmBWcZ043kVJeXNcNz4KuEwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjExOTM2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYu2
MA0GCSqGSIb3DQEBCwUAA4IBAQBPnLjt5mktNlYFyctm1S/DZhwcgF6PcbKmiBfi
wGcN31X2qRmsZHnVC3KSG1gkPrzt7oo8ircPVewfAxYm62h8v9CddibS4RC/dTLq
WqJyjmFo2T2SnwoUqVqp06DOXpT7I4fN/UkicxI9V13JL8IO//k+aCHlT4WS9sS6
BMuK1qq+NSV7/aXNoNhGOpkmRPRDCrCrC3Yy7tq66854wW5ljoWuDxIUCgPMaNc3
6DqjZJcIcs2xvclbAbkdHOPb8vHj1hyGvQerFb2JrhyDiQELBuOzNukUGcZDHV5b
aG0YHetagds0EriZGjZT7yKS2RiK/tbE+gBDrv8di4/Achgl
-----END CERTIFICATE-----