Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS212609.roa
File:                     AS212609.roa (raw, json)
Hash identifier:          sBUA1zqAU9enmdWZbFaZzSRSE/UjkI/I5DQyGCpO1pU=
Subject key identifier:   E5:E3:AE:2F:08:6D:41:93:06:A5:21:76:DF:9F:F1:85:0A:8B:50:FF
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       647B82EC03D5FB5FC056C721814642EC8A2889D8
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS212609.roa
Signing time:             Sat 22 Jun 2024 00:00:22 +0000
ROA not before:           Fri 21 Jun 2024 23:55:22 +0000
ROA not after:            Sat 21 Jun 2025 00:00:22 +0000
asID:                     212609
IP address blocks:        191.101.248.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:48:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:7b:82:ec:03:d5:fb:5f:c0:56:c7:21:81:46:42:ec:8a:28:89:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 21 23:55:22 2024 GMT
            Not After : Jun 21 00:00:22 2025 GMT
        Subject: CN=E5E3AE2F086D419306A52176DF9FF1850A8B50FF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:11:d3:32:c0:2e:52:f3:22:c6:0a:34:11:b4:
                    12:46:16:56:d9:51:16:07:95:55:42:f3:d9:b3:7a:
                    3c:ea:3f:e9:f6:4a:d4:d9:a6:7c:72:c7:ce:fe:a2:
                    7f:94:a5:7b:f0:0f:37:2e:a4:f2:c5:1d:e5:08:2b:
                    08:6a:94:8a:4f:f3:3d:8f:ca:1e:68:d5:28:42:51:
                    09:a5:8f:9d:12:44:0f:de:1f:05:1c:41:f0:9f:59:
                    3a:60:fb:ad:52:ca:cd:56:18:ee:b7:cd:60:0b:96:
                    7c:7e:f8:95:61:46:6c:7c:ec:c4:52:20:22:15:5d:
                    d1:8e:1d:c9:12:48:7c:fd:8d:a0:96:86:5c:af:7c:
                    e9:1d:27:45:83:22:7d:bc:3b:11:b8:5a:e9:24:42:
                    0d:ef:a3:fb:bf:26:57:8f:07:39:61:0d:ed:85:46:
                    ea:6a:aa:95:ed:96:16:eb:63:4e:f6:a7:e1:4f:99:
                    1a:dd:85:7c:55:24:9e:db:87:01:1a:9c:55:2d:2a:
                    43:ad:dd:3d:b8:5e:6c:cd:2f:5e:24:44:98:18:be:
                    08:87:a7:72:79:f7:b0:ae:0d:c7:26:f8:c4:28:ab:
                    94:e6:88:40:b3:37:4c:d2:7e:48:ab:bf:51:ad:ad:
                    64:0a:a6:a2:72:ae:66:c6:14:24:6c:fd:67:0e:e1:
                    86:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:E3:AE:2F:08:6D:41:93:06:A5:21:76:DF:9F:F1:85:0A:8B:50:FF
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS212609.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:7c:74:e2:df:49:81:da:e3:0a:f7:67:bd:53:52:5e:43:0f:
         7a:ce:86:8c:ab:d4:ac:e2:0d:c4:23:11:2a:ad:6a:5b:28:e1:
         ee:ed:a0:80:88:c0:c2:b9:7e:83:55:b8:d0:92:9f:d3:60:1d:
         11:39:3f:da:70:42:0c:24:6a:c0:ea:52:27:f5:30:c2:76:19:
         9f:33:96:cd:b4:b4:ed:be:b8:ce:da:16:8a:c6:a5:1e:3b:8e:
         ab:09:b0:5c:64:87:91:02:fc:c9:ec:c4:29:13:c7:81:2f:ca:
         14:2b:29:8c:0c:c4:24:29:0c:d0:31:d5:90:83:fa:69:6a:2e:
         01:b6:24:bc:45:cf:2e:8f:b9:36:cd:da:a4:a9:20:81:fa:ca:
         8a:02:9f:dd:ed:01:48:ff:4b:95:b9:b2:5a:66:dc:38:c8:3c:
         00:d0:ab:1c:4d:60:fb:9e:9e:e7:57:4f:a1:1f:69:3b:c6:19:
         52:41:55:76:d2:04:09:be:c0:0a:ed:e9:02:94:cc:6b:7e:f1:
         2d:61:45:b6:a3:7f:0d:83:11:08:81:dd:47:6a:14:5f:95:8b:
         2f:f6:ef:f4:57:65:d3:ab:c5:f4:7f:45:c6:2d:1c:06:63:1c:
         9a:f7:e0:34:fe:53:46:45:09:9a:a7:a3:51:dd:da:1d:b1:46:
         7c:17:5e:07
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUZHuC7APV+1/AVschgUZC7IooidgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA2MjEyMzU1MjJaFw0yNTA2MjEwMDAwMjJaMDMxMTAvBgNV
BAMTKEU1RTNBRTJGMDg2RDQxOTMwNkE1MjE3NkRGOUZGMTg1MEE4QjUwRkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKEdMywC5S8yLGCjQRtBJGFlbZ
URYHlVVC89mzejzqP+n2StTZpnxyx87+on+UpXvwDzcupPLFHeUIKwhqlIpP8z2P
yh5o1ShCUQmlj50SRA/eHwUcQfCfWTpg+61Sys1WGO63zWALlnx++JVhRmx87MRS
ICIVXdGOHckSSHz9jaCWhlyvfOkdJ0WDIn28OxG4WukkQg3vo/u/JlePBzlhDe2F
RupqqpXtlhbrY072p+FPmRrdhXxVJJ7bhwEanFUtKkOt3T24XmzNL14kRJgYvgiH
p3J597CuDccm+MQoq5TmiECzN0zSfkirv1GtrWQKpqJyrmbGFCRs/WcO4YYjAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU5eOuLwhtQZMGpSF235/xhQqLUP8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjEyNjA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2X4
MA0GCSqGSIb3DQEBCwUAA4IBAQCGfHTi30mB2uMK92e9U1JeQw96zoaMq9Ss4g3E
IxEqrWpbKOHu7aCAiMDCuX6DVbjQkp/TYB0ROT/acEIMJGrA6lIn9TDCdhmfM5bN
tLTtvrjO2haKxqUeO46rCbBcZIeRAvzJ7MQpE8eBL8oUKymMDMQkKQzQMdWQg/pp
ai4BtiS8Rc8uj7k2zdqkqSCB+sqKAp/d7QFI/0uVubJaZtw4yDwA0KscTWD7np7n
V0+hH2k7xhlSQVV20gQJvsAK7ekClMxrfvEtYUW2o38NgxEIgd1HahRflYsv9u/0
V2XTq8X0f0XGLRwGYxya9+A0/lNGRQmap6NR3dodsUZ8F14H
-----END CERTIFICATE-----