Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS212609.roa
File:                     AS212609.roa (raw, json)
Hash identifier:          VH5HdKWxajB4T+PPXvwO0PnjQehZncMtvWvnwwG+Zdk=
Subject key identifier:   45:52:82:EE:6B:8E:BF:7F:66:FE:88:63:ED:64:14:7A:7B:8D:AD:ED
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7327770D4F75F46E7C06A89968A550814573EFC4
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS212609.roa
Signing time:             Tue 23 Apr 2024 13:08:49 +0000
ROA not before:           Tue 23 Apr 2024 13:03:49 +0000
ROA not after:            Tue 22 Apr 2025 13:08:49 +0000
asID:                     212609
IP address blocks:        191.101.248.0/24 maxlen: 24
                          191.101.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:27:77:0d:4f:75:f4:6e:7c:06:a8:99:68:a5:50:81:45:73:ef:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr 23 13:03:49 2024 GMT
            Not After : Apr 22 13:08:49 2025 GMT
        Subject: CN=455282EE6B8EBF7F66FE8863ED64147A7B8DADED
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:df:bc:3f:e2:70:74:e2:08:0c:1d:21:bb:1c:
                    2f:3d:b5:f0:f5:5b:04:85:1e:05:2a:5a:f2:da:1b:
                    c4:c8:4e:77:8b:90:fd:3c:8d:5c:46:e1:72:ce:fb:
                    1a:8a:fe:69:e3:03:4c:ae:e8:bb:7f:53:d7:22:36:
                    69:db:53:33:c9:12:42:e3:57:cd:8f:e7:a9:39:bf:
                    1a:5b:30:6a:e4:b5:56:8b:b1:df:d7:2a:a6:71:e4:
                    ba:89:9e:da:ee:68:3b:ae:0b:2a:1c:02:eb:a2:2f:
                    5d:a6:f2:f7:87:06:2e:d0:dc:3a:ff:c8:e4:7a:26:
                    37:f8:fc:6d:ef:00:2a:9a:d9:ed:7a:47:e6:d3:91:
                    a0:ca:67:1d:98:36:52:c6:01:30:29:2f:18:ba:2b:
                    e8:78:b3:f9:26:6e:fd:62:80:3e:f0:f2:46:b5:9a:
                    62:b2:18:af:5e:13:9e:7e:98:32:21:68:44:51:6d:
                    90:a4:4e:de:d9:0d:36:9d:84:58:e6:b9:e5:1e:8f:
                    b6:85:85:57:98:9b:4d:94:53:52:e5:35:11:e4:7d:
                    b0:93:4c:8f:91:64:84:03:00:1a:db:54:d5:5b:ca:
                    6b:c5:f2:fe:ec:f8:40:79:62:45:c8:53:4c:0d:20:
                    78:e7:c2:42:80:7f:14:cf:d1:b4:3a:cd:81:89:d4:
                    59:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:52:82:EE:6B:8E:BF:7F:66:FE:88:63:ED:64:14:7A:7B:8D:AD:ED
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS212609.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.248.0/24
                  191.101.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:79:40:8f:3a:16:95:06:86:c7:91:ac:c1:90:06:a6:71:53:
         e4:7a:44:04:ee:8c:61:34:54:eb:bb:9e:09:10:92:33:91:5d:
         91:f2:af:6d:56:45:31:40:b0:23:9d:eb:32:35:0c:54:e5:3b:
         85:dc:0a:4b:9d:3b:82:56:53:ad:86:b5:18:0b:da:71:eb:71:
         a3:dd:c4:ba:24:ab:00:e2:8f:f8:20:d7:f1:9d:c5:bc:f2:89:
         87:0f:d8:5e:2a:54:f4:a2:8e:15:70:d5:8b:c7:5d:2c:a8:c6:
         1f:cd:42:6f:5b:6f:0f:62:55:b0:11:7e:f7:b4:4d:88:42:a6:
         8b:90:48:4e:93:c7:ce:84:ad:24:ee:b0:b0:1e:ac:44:35:8a:
         b9:7e:c8:94:3b:08:be:00:0a:ca:04:91:25:68:28:22:99:28:
         eb:c0:55:dd:29:87:ee:91:7f:3f:61:5d:35:37:9e:26:4e:92:
         58:84:d4:cb:da:0a:36:66:5f:a3:ff:c9:82:c2:53:5c:36:e7:
         91:0d:ae:c4:0f:50:99:fd:54:94:c8:9a:ec:cd:28:53:c8:ba:
         b0:29:f9:28:2a:98:9a:6e:91:c0:52:dd:25:6b:e7:5e:4f:9c:
         2e:50:43:8c:5f:8c:5b:e5:84:7a:8a:3b:ac:95:06:e5:07:2e:
         93:65:78:71
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUcyd3DU919G58BqiZaKVQgUVz78QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA0MjMxMzAzNDlaFw0yNTA0MjIxMzA4NDlaMDMxMTAvBgNV
BAMTKDQ1NTI4MkVFNkI4RUJGN0Y2NkZFODg2M0VENjQxNDdBN0I4REFERUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC237w/4nB04ggMHSG7HC89tfD1
WwSFHgUqWvLaG8TITneLkP08jVxG4XLO+xqK/mnjA0yu6Lt/U9ciNmnbUzPJEkLj
V82P56k5vxpbMGrktVaLsd/XKqZx5LqJntruaDuuCyocAuuiL12m8veHBi7Q3Dr/
yOR6Jjf4/G3vACqa2e16R+bTkaDKZx2YNlLGATApLxi6K+h4s/kmbv1igD7w8ka1
mmKyGK9eE55+mDIhaERRbZCkTt7ZDTadhFjmueUej7aFhVeYm02UU1LlNRHkfbCT
TI+RZIQDABrbVNVbymvF8v7s+EB5YkXIU0wNIHjnwkKAfxTP0bQ6zYGJ1Fm9AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQURVKC7muOv39m/ohj7WQUenuNre0wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjEyNjA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAv2X4
AwQAv2X7MA0GCSqGSIb3DQEBCwUAA4IBAQCUeUCPOhaVBobHkazBkAamcVPkekQE
7oxhNFTru54JEJIzkV2R8q9tVkUxQLAjnesyNQxU5TuF3ApLnTuCVlOthrUYC9px
63Gj3cS6JKsA4o/4INfxncW88omHD9heKlT0oo4VcNWLx10sqMYfzUJvW28PYlWw
EX73tE2IQqaLkEhOk8fOhK0k7rCwHqxENYq5fsiUOwi+AArKBJElaCgimSjrwFXd
KYfukX8/YV01N54mTpJYhNTL2go2Zl+j/8mCwlNcNueRDa7ED1CZ/VSUyJrszShT
yLqwKfkoKpiabpHAUt0la+deT5wuUEOMX4xb5YR6ijuslQblBy6TZXhx
-----END CERTIFICATE-----