Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS212687.roa
File:                     AS212687.roa (raw, json)
Hash identifier:          jrhLKdNpeFzFpVGsRueWvhZqaZHzuuyXBZJ40zpa0iM=
Subject key identifier:   EE:36:08:F8:84:21:60:AF:8A:45:E1:20:F8:C6:EB:10:48:36:CF:C8
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       0E1BF0EFD5C3C4E8E5A21564FE8E9EFF7A5B2FCF
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS212687.roa
Signing time:             Wed 31 Jan 2024 08:05:10 +0000
ROA not before:           Wed 31 Jan 2024 08:00:10 +0000
ROA not after:            Wed 29 Jan 2025 08:05:10 +0000
asID:                     212687
IP address blocks:        179.61.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:1b:f0:ef:d5:c3:c4:e8:e5:a2:15:64:fe:8e:9e:ff:7a:5b:2f:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:10 2024 GMT
            Not After : Jan 29 08:05:10 2025 GMT
        Subject: CN=EE3608F8842160AF8A45E120F8C6EB104836CFC8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:42:c0:84:eb:2d:54:4d:c2:28:a3:16:d6:40:
                    f3:dd:07:aa:23:b5:ef:eb:13:6d:c0:9e:ae:3e:04:
                    51:56:83:ba:f0:75:36:6b:cb:49:9c:25:9a:62:80:
                    cb:03:f7:25:b9:93:1a:7a:30:f0:ad:d2:05:c6:75:
                    63:03:da:5a:8d:03:ad:ef:96:be:0c:03:00:2c:07:
                    77:ea:df:eb:f1:b5:c4:ce:b9:74:f6:69:ae:e1:bb:
                    99:71:63:c9:ed:78:49:95:4c:fa:85:72:6f:65:10:
                    50:c7:89:1e:49:b5:f5:3e:78:c1:02:b5:10:45:d6:
                    b5:4b:12:0e:f2:60:6d:5a:7b:ed:bd:0c:92:a7:85:
                    e3:d8:84:82:07:6c:68:91:59:54:c9:8a:af:70:07:
                    e1:83:33:71:c7:61:5f:2b:9c:46:4c:0b:12:d5:16:
                    59:2e:66:65:4b:92:69:04:c7:8b:f5:67:ec:2d:a0:
                    e2:c5:46:b3:8d:7f:18:ce:5f:84:3b:b9:ea:22:85:
                    b2:3c:a6:0e:64:04:fc:c6:9b:27:2c:1d:a7:50:87:
                    92:94:97:65:87:b2:a0:6e:7e:21:de:1a:ae:c0:20:
                    bc:61:40:09:75:ac:e3:bd:90:5a:7a:99:f4:ab:7a:
                    b3:4e:ba:2d:40:36:38:23:7d:4b:e7:37:d6:5e:bd:
                    c3:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:36:08:F8:84:21:60:AF:8A:45:E1:20:F8:C6:EB:10:48:36:CF:C8
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS212687.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:22:a6:d0:33:d3:b3:f9:a0:06:e3:fc:cc:a2:e6:31:49:39:
         00:ee:f5:d9:ca:dd:d5:f5:75:1a:fa:fa:f1:46:ee:e1:f8:57:
         49:64:03:1a:5c:23:7c:94:78:e5:c3:cc:db:21:09:17:93:07:
         fd:72:bd:c2:60:50:b7:cd:08:56:98:eb:51:09:37:18:c7:1d:
         37:fc:1b:e6:2c:05:98:a7:d3:3b:34:a0:2f:bc:35:ca:b3:af:
         43:34:f5:3c:da:a6:48:03:32:85:b1:12:ee:43:cb:aa:51:1b:
         97:94:5a:a0:f2:be:fb:3e:05:b6:50:66:c6:e8:f1:38:78:a5:
         88:f3:b5:9f:a0:9a:bd:d7:70:ac:7f:c8:8f:a0:ff:fc:51:1f:
         d0:11:a0:aa:97:3b:ad:20:95:5a:17:8b:65:50:f8:10:a4:5a:
         86:8c:80:75:d5:ec:ed:47:27:74:2f:12:a3:2d:a2:21:64:d1:
         48:1d:c3:47:f7:bd:cd:ca:cd:7f:dd:1c:70:68:96:b1:0f:8d:
         0e:b8:dd:0f:6c:5d:f0:bf:ff:b7:c4:cd:c8:1a:dd:22:be:75:
         b1:78:a0:c3:94:88:2a:63:c9:90:e3:8d:e8:6e:9a:c6:e8:0c:
         d5:ff:3c:7e:5c:7c:10:bf:4b:da:90:4a:32:36:8d:b0:d7:13:
         4f:56:0b:f2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUDhvw79XDxOjlohVk/o6e/3pbL88wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMTBaFw0yNTAxMjkwODA1MTBaMDMxMTAvBgNV
BAMTKEVFMzYwOEY4ODQyMTYwQUY4QTQ1RTEyMEY4QzZFQjEwNDgzNkNGQzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxQsCE6y1UTcIooxbWQPPdB6oj
te/rE23Anq4+BFFWg7rwdTZry0mcJZpigMsD9yW5kxp6MPCt0gXGdWMD2lqNA63v
lr4MAwAsB3fq3+vxtcTOuXT2aa7hu5lxY8nteEmVTPqFcm9lEFDHiR5JtfU+eMEC
tRBF1rVLEg7yYG1ae+29DJKnhePYhIIHbGiRWVTJiq9wB+GDM3HHYV8rnEZMCxLV
FlkuZmVLkmkEx4v1Z+wtoOLFRrONfxjOX4Q7ueoihbI8pg5kBPzGmycsHadQh5KU
l2WHsqBufiHeGq7AILxhQAl1rOO9kFp6mfSrerNOui1ANjgjfUvnN9ZevcNlAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU7jYI+IQhYK+KReEg+MbrEEg2z8gwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjEyNjg3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsz2G
MA0GCSqGSIb3DQEBCwUAA4IBAQBlIqbQM9Oz+aAG4/zMouYxSTkA7vXZyt3V9XUa
+vrxRu7h+FdJZAMaXCN8lHjlw8zbIQkXkwf9cr3CYFC3zQhWmOtRCTcYxx03/Bvm
LAWYp9M7NKAvvDXKs69DNPU82qZIAzKFsRLuQ8uqURuXlFqg8r77PgW2UGbG6PE4
eKWI87WfoJq913Csf8iPoP/8UR/QEaCqlzutIJVaF4tlUPgQpFqGjIB11eztRyd0
LxKjLaIhZNFIHcNH973Nys1/3RxwaJaxD40OuN0PbF3wv/+3xM3IGt0ivnWxeKDD
lIgqY8mQ443obprG6AzV/zx+XHwQv0vakEoyNo2w1xNPVgvy
-----END CERTIFICATE-----