Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211936.roa
File:                     AS211936.roa (raw, json)
Hash identifier:          H1rFBGB7UUTFtxy9Sf8mdlSLwFhsCPZMCNXeZqbliXY=
Subject key identifier:   54:CB:3C:E6:01:41:A5:EB:C3:CF:E1:41:5B:5D:D3:D7:64:55:F1:AF
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       338D0E05E1DC5C076582EB2A214AA5AAE5A3C880
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211936.roa
Signing time:             Sun 10 Dec 2023 13:26:10 +0000
ROA not before:           Sun 10 Dec 2023 13:21:10 +0000
ROA not after:            Sun 08 Dec 2024 13:26:10 +0000
asID:                     211936
IP address blocks:        45.139.182.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:8d:0e:05:e1:dc:5c:07:65:82:eb:2a:21:4a:a5:aa:e5:a3:c8:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Dec 10 13:21:10 2023 GMT
            Not After : Dec  8 13:26:10 2024 GMT
        Subject: CN=54CB3CE60141A5EBC3CFE1415B5DD3D76455F1AF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:1d:d7:5a:4c:ba:c7:df:02:cb:39:18:ae:20:
                    15:d6:17:21:cc:b4:69:81:bc:3b:33:8f:dc:03:69:
                    55:e6:94:02:5f:84:c3:a5:68:a2:bf:66:c7:86:a1:
                    df:19:50:4d:fe:c0:b5:03:26:f2:69:9a:f9:39:d6:
                    a3:4e:d7:22:52:4b:4c:d3:8b:41:e1:dc:70:6a:66:
                    77:dd:89:0d:75:e8:d2:c0:bc:5f:94:8d:2e:8a:51:
                    dc:9e:95:bb:a0:2d:c3:b4:d0:44:a6:58:26:e4:d5:
                    6e:26:18:21:75:77:53:d8:e1:0b:19:be:84:bb:75:
                    6c:31:9d:5f:5d:f3:bf:9a:52:fc:7e:ff:06:4a:08:
                    58:08:68:fc:2f:87:13:da:89:a5:fa:32:2b:95:3c:
                    05:fe:39:99:24:ca:50:6f:bb:00:5a:eb:f4:e4:d4:
                    42:e3:8b:d6:73:2b:dd:35:1b:73:32:3d:07:91:2b:
                    d6:d3:a1:0a:05:49:a6:44:07:ff:a0:92:98:92:8d:
                    e0:52:0f:65:17:3e:4b:d9:f1:5e:85:bd:74:c1:f5:
                    3a:35:49:3d:f6:4d:8f:83:a9:72:63:75:c2:7c:e6:
                    f2:68:69:4c:1f:e9:13:65:08:b7:76:a1:71:f0:a0:
                    a9:71:b7:ec:f2:86:58:ba:78:78:4b:96:b7:1c:65:
                    a5:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:CB:3C:E6:01:41:A5:EB:C3:CF:E1:41:5B:5D:D3:D7:64:55:F1:AF
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211936.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6c:8a:37:ce:7a:b6:55:f6:e4:cf:56:3e:63:4c:94:13:89:4c:
         5f:82:88:12:46:1b:2c:9d:21:1f:e3:f0:70:35:8d:65:d6:78:
         16:7a:27:ac:0e:c3:79:d2:10:0c:d7:fd:14:dc:64:d1:3e:32:
         3b:42:12:7f:32:52:ea:21:3f:9b:9a:b8:79:64:2a:b4:d1:05:
         ed:50:b5:9b:59:c4:85:eb:54:b9:f3:dc:90:b4:64:86:95:c2:
         ac:76:73:e5:c7:72:0b:2a:8b:31:f9:42:ad:72:d0:86:c5:f9:
         de:bb:05:66:d9:4a:73:b8:e5:54:87:85:4f:59:5a:db:b8:ef:
         80:33:2d:2a:30:db:8d:01:fa:a8:8e:c9:e2:c9:e6:77:ca:7b:
         9b:c9:72:d5:49:a3:41:81:3f:d8:dd:34:35:49:30:b7:a3:70:
         01:79:64:0a:27:65:08:ed:fe:e4:bc:de:db:7a:3d:14:3d:61:
         ff:50:f5:22:64:98:2e:75:70:28:5e:f4:f4:8a:d9:a6:28:80:
         ce:7e:6b:27:2d:58:aa:a3:2a:77:d9:9f:45:fc:1d:f8:e1:c3:
         45:db:bf:c6:6f:56:b3:f8:aa:2f:f4:49:b6:00:fd:81:68:28:
         83:cb:f8:1b:93:2e:9d:22:55:5b:34:39:16:b4:fb:58:39:f4:
         e1:08:a4:ba
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUM40OBeHcXAdlgusqIUqlquWjyIAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzEyMTAxMzIxMTBaFw0yNDEyMDgxMzI2MTBaMDMxMTAvBgNV
BAMTKDU0Q0IzQ0U2MDE0MUE1RUJDM0NGRTE0MTVCNUREM0Q3NjQ1NUYxQUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2HddaTLrH3wLLORiuIBXWFyHM
tGmBvDszj9wDaVXmlAJfhMOlaKK/ZseGod8ZUE3+wLUDJvJpmvk51qNO1yJSS0zT
i0Hh3HBqZnfdiQ116NLAvF+UjS6KUdyelbugLcO00ESmWCbk1W4mGCF1d1PY4QsZ
voS7dWwxnV9d87+aUvx+/wZKCFgIaPwvhxPaiaX6MiuVPAX+OZkkylBvuwBa6/Tk
1ELji9ZzK901G3MyPQeRK9bToQoFSaZEB/+gkpiSjeBSD2UXPkvZ8V6FvXTB9To1
ST32TY+DqXJjdcJ85vJoaUwf6RNlCLd2oXHwoKlxt+zyhli6eHhLlrccZaXbAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUVMs85gFBpevDz+FBW13T12RV8a8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjExOTM2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYu2
MA0GCSqGSIb3DQEBCwUAA4IBAQBsijfOerZV9uTPVj5jTJQTiUxfgogSRhssnSEf
4/BwNY1l1ngWeiesDsN50hAM1/0U3GTRPjI7QhJ/MlLqIT+bmrh5ZCq00QXtULWb
WcSF61S589yQtGSGlcKsdnPlx3ILKosx+UKtctCGxfneuwVm2UpzuOVUh4VPWVrb
uO+AMy0qMNuNAfqojsniyeZ3ynubyXLVSaNBgT/Y3TQ1STC3o3ABeWQKJ2UI7f7k
vN7bej0UPWH/UPUiZJgudXAoXvT0itmmKIDOfmsnLViqoyp32Z9F/B344cNF27/G
b1az+Kov9Em2AP2BaCiDy/gbky6dIlVbNDkWtPtYOfThCKS6
-----END CERTIFICATE-----