Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS212609.roa
File:                     AS212609.roa (raw, json)
Hash identifier:          +ojoec118Tufpxyv5UHuE3tizGyw3AKbe+UX54pJKVw=
Subject key identifier:   27:81:6C:72:79:F3:9B:3E:B5:D3:77:42:F4:29:61:4C:3A:EF:53:55
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6C90D3A04F1D4B5FC3582BFA52F94BE7143CE3DE
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS212609.roa
Signing time:             Tue 18 Mar 2025 14:13:06 +0000
ROA not before:           Tue 18 Mar 2025 14:08:06 +0000
ROA not after:            Tue 17 Mar 2026 14:13:06 +0000
asID:                     212609
IP address blocks:        191.96.250.0/24 maxlen: 24
                          191.101.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:90:d3:a0:4f:1d:4b:5f:c3:58:2b:fa:52:f9:4b:e7:14:3c:e3:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 18 14:08:06 2025 GMT
            Not After : Mar 17 14:13:06 2026 GMT
        Subject: CN=27816C7279F39B3EB5D37742F429614C3AEF5355
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:dd:ea:d3:32:d6:07:08:e3:6c:c6:40:e7:7e:
                    6b:af:d2:87:71:94:d8:f9:78:b0:4f:03:e9:07:7c:
                    0b:28:6d:b2:49:f1:f7:50:54:ee:ae:d3:af:b2:27:
                    c9:60:d8:37:fd:bc:56:71:b1:c8:d0:36:12:7f:ce:
                    94:27:93:02:b9:8a:97:b2:83:a1:07:59:fa:8a:d1:
                    54:9d:26:fa:ad:c7:5f:72:1b:e3:ef:1e:5d:9b:1c:
                    39:65:ab:ac:e7:94:6a:28:f8:d0:0e:8b:f5:c5:5f:
                    7f:05:70:97:66:45:4c:83:d8:33:3a:b0:4c:98:e6:
                    7f:d6:c5:ab:50:10:15:a9:f6:90:3e:f5:0e:cc:73:
                    e8:b2:57:bb:38:64:e3:a0:a2:eb:81:4f:2f:fb:6e:
                    56:7c:b8:86:be:67:58:f5:7e:36:80:53:45:a4:c7:
                    e8:21:f3:45:2d:4a:9e:bb:be:e6:6b:74:2c:32:49:
                    90:f2:d2:11:c2:d7:70:ec:91:34:28:98:d9:a0:05:
                    d8:f3:27:b9:3a:3a:25:e9:65:43:eb:2b:43:72:fd:
                    94:b0:08:c5:7e:c7:40:c9:b1:7d:78:dc:7a:3c:dc:
                    6a:2e:6f:48:bb:5f:18:42:d7:b4:47:6a:f8:db:99:
                    59:b4:ff:b7:76:77:1f:e0:38:18:20:36:2e:69:14:
                    a4:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:81:6C:72:79:F3:9B:3E:B5:D3:77:42:F4:29:61:4C:3A:EF:53:55
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS212609.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.250.0/24
                  191.101.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:b6:ab:80:2e:52:d0:ea:1a:e4:1a:af:ef:b0:87:0a:81:09:
         0b:5f:c1:c9:e7:22:10:d3:5c:bc:b7:4f:ee:61:e6:ad:22:47:
         11:a4:f0:6f:fa:d3:27:98:5c:d1:c2:dd:05:9c:2c:f3:b2:6c:
         1f:07:75:70:d2:59:64:48:a3:12:c3:12:d4:0e:ea:af:74:09:
         a6:ed:04:ab:68:aa:87:70:81:32:ab:39:b1:47:15:62:df:eb:
         5c:4f:be:cc:a5:0d:be:68:e2:21:0d:bf:bc:84:ac:b7:e1:de:
         5e:39:cf:19:de:2c:d9:f2:bc:cd:fb:2e:2d:27:82:ab:8e:f1:
         8c:69:72:59:6c:af:5a:bd:f3:f6:e2:a7:94:c8:62:49:5e:06:
         cf:31:d0:54:0f:02:a3:90:44:f9:90:35:73:9e:f1:dd:c4:26:
         0a:1b:66:72:bf:78:31:b7:3a:cd:8d:c2:4e:82:17:2a:3d:c2:
         74:7e:aa:69:71:46:c0:8e:7b:a4:9b:14:88:23:2f:8c:48:cd:
         9f:92:91:bb:54:fc:2e:e4:51:02:82:d7:8e:42:7d:90:60:10:
         55:30:e8:a0:85:f8:14:1e:cf:54:5e:5f:57:4f:8b:58:af:a2:
         10:cb:8f:b3:6d:6e:32:e6:d2:9c:2b:05:81:c2:7b:ce:1c:a4:
         3d:02:88:03
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUbJDToE8dS1/DWCv6UvlL5xQ8494wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAzMTgxNDA4MDZaFw0yNjAzMTcxNDEzMDZaMDMxMTAvBgNV
BAMTKDI3ODE2QzcyNzlGMzlCM0VCNUQzNzc0MkY0Mjk2MTRDM0FFRjUzNTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa3erTMtYHCONsxkDnfmuv0odx
lNj5eLBPA+kHfAsobbJJ8fdQVO6u06+yJ8lg2Df9vFZxscjQNhJ/zpQnkwK5ipey
g6EHWfqK0VSdJvqtx19yG+PvHl2bHDllq6znlGoo+NAOi/XFX38FcJdmRUyD2DM6
sEyY5n/WxatQEBWp9pA+9Q7Mc+iyV7s4ZOOgouuBTy/7blZ8uIa+Z1j1fjaAU0Wk
x+gh80UtSp67vuZrdCwySZDy0hHC13DskTQomNmgBdjzJ7k6OiXpZUPrK0Ny/ZSw
CMV+x0DJsX143Ho83Goub0i7XxhC17RHavjbmVm0/7d2dx/gOBggNi5pFKQ3AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUJ4Fscnnzmz6103dC9ClhTDrvU1UwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjEyNjA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAv2D6
AwQAv2X4MA0GCSqGSIb3DQEBCwUAA4IBAQBKtquALlLQ6hrkGq/vsIcKgQkLX8HJ
5yIQ01y8t0/uYeatIkcRpPBv+tMnmFzRwt0FnCzzsmwfB3Vw0llkSKMSwxLUDuqv
dAmm7QSraKqHcIEyqzmxRxVi3+tcT77MpQ2+aOIhDb+8hKy34d5eOc8Z3izZ8rzN
+y4tJ4KrjvGMaXJZbK9avfP24qeUyGJJXgbPMdBUDwKjkET5kDVznvHdxCYKG2Zy
v3gxtzrNjcJOghcqPcJ0fqppcUbAjnukmxSIIy+MSM2fkpG7VPwu5FECgteOQn2Q
YBBVMOighfgUHs9UXl9XT4tYr6IQy4+zbW4y5tKcKwWBwnvOHKQ9AogD
-----END CERTIFICATE-----