Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS212687.roa
File:                     AS212687.roa (raw, json)
Hash identifier:          IEFVBAjvaSKPtu973Rgkx2xXye2xnJiwNRQLSAh4fkM=
Subject key identifier:   80:93:1F:AB:F3:ED:F9:BE:2E:61:90:35:49:1A:77:54:BD:43:EF:BF
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       58A2A4B4BABE7FC204F9FAF26D45395C074A0B86
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS212687.roa
Signing time:             Wed 01 Jan 2025 08:53:49 +0000
ROA not before:           Wed 01 Jan 2025 08:48:49 +0000
ROA not after:            Wed 31 Dec 2025 08:53:49 +0000
asID:                     212687
IP address blocks:        179.61.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:a2:a4:b4:ba:be:7f:c2:04:f9:fa:f2:6d:45:39:5c:07:4a:0b:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan  1 08:48:49 2025 GMT
            Not After : Dec 31 08:53:49 2025 GMT
        Subject: CN=80931FABF3EDF9BE2E619035491A7754BD43EFBF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:82:cf:b3:f2:e2:c9:00:d8:c1:f3:7c:f7:e4:
                    43:d8:b1:18:2c:87:35:b9:37:1d:41:cc:12:79:a7:
                    18:88:a6:70:e1:cf:2e:9c:7a:17:46:16:9c:29:31:
                    bb:33:26:6b:73:de:c4:2b:da:1c:32:ed:e4:53:6e:
                    54:d9:cf:c1:df:26:f5:86:c9:c7:b7:b4:95:d8:1c:
                    ed:66:9d:79:a8:4e:9d:70:31:9e:81:28:c0:df:80:
                    1f:a0:fe:f7:67:68:d2:e0:e5:74:50:1f:8f:81:ef:
                    69:e2:fa:88:bf:ac:85:1a:08:3b:54:3a:66:bf:5d:
                    f8:2b:fe:87:39:49:9d:15:30:0c:ec:b8:ef:44:b0:
                    96:f0:d1:80:87:b5:fa:bc:45:90:d5:bf:97:4b:20:
                    2f:37:63:04:de:40:15:e6:7f:cf:41:ce:f2:f3:7e:
                    41:12:ff:78:27:e0:75:b7:0b:0d:89:2e:87:39:4a:
                    aa:e4:f1:91:d6:4a:30:24:e8:52:cc:a1:be:67:a0:
                    4f:1b:f8:cd:c6:ee:8f:e9:70:4c:ca:e7:ad:62:77:
                    26:aa:57:83:a2:e0:34:40:d3:19:98:3e:cc:a2:8b:
                    3d:32:ad:a8:f8:e1:02:06:d5:9c:50:a8:50:76:dd:
                    3e:57:4e:7b:cb:a1:38:08:cc:e4:85:44:00:44:65:
                    f0:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:93:1F:AB:F3:ED:F9:BE:2E:61:90:35:49:1A:77:54:BD:43:EF:BF
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS212687.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:0c:0b:bd:f9:98:90:32:7f:99:59:85:d9:86:33:ef:0d:ed:
         6f:51:f6:61:69:b5:0b:df:18:7f:f4:7b:b0:99:f2:12:ab:44:
         c0:0b:f4:02:8c:58:82:ad:68:f9:b9:14:57:3d:73:df:01:27:
         72:38:8f:c3:8a:6e:46:87:58:d1:6d:c3:33:a5:f0:49:0c:49:
         ec:82:26:be:6c:63:55:a6:f1:83:5a:49:cd:8a:0e:52:37:70:
         fc:f9:22:4c:ee:93:19:d5:ed:c5:a9:87:85:75:9e:42:14:79:
         d2:ab:2f:c0:5a:73:14:12:2d:49:0c:91:61:d1:72:b7:78:3b:
         25:4f:64:e4:3f:74:6a:f9:a8:d1:e7:3a:5e:2e:0d:ea:e7:51:
         09:82:0b:98:c1:f3:4e:68:e5:a2:18:43:cb:61:56:41:f6:9b:
         dd:81:44:50:b9:64:37:e3:69:cd:60:ce:a6:e9:c4:0c:8a:f2:
         85:25:e7:5f:59:1d:17:10:61:72:06:77:51:1e:f5:b4:49:94:
         c1:29:68:13:30:e1:8c:64:dd:04:25:cd:c7:b8:ed:54:c8:15:
         f0:1f:b1:88:60:3a:c2:0d:5a:42:4a:99:c1:2c:d5:f2:e4:60:
         89:b4:c4:a8:33:2a:86:3a:b4:df:ba:9c:dd:92:d1:ae:09:e3:
         06:8a:81:a0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUWKKktLq+f8IE+frybUU5XAdKC4YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAxMDEwODQ4NDlaFw0yNTEyMzEwODUzNDlaMDMxMTAvBgNV
BAMTKDgwOTMxRkFCRjNFREY5QkUyRTYxOTAzNTQ5MUE3NzU0QkQ0M0VGQkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpgs+z8uLJANjB83z35EPYsRgs
hzW5Nx1BzBJ5pxiIpnDhzy6cehdGFpwpMbszJmtz3sQr2hwy7eRTblTZz8HfJvWG
yce3tJXYHO1mnXmoTp1wMZ6BKMDfgB+g/vdnaNLg5XRQH4+B72ni+oi/rIUaCDtU
Oma/Xfgr/oc5SZ0VMAzsuO9EsJbw0YCHtfq8RZDVv5dLIC83YwTeQBXmf89BzvLz
fkES/3gn4HW3Cw2JLoc5Sqrk8ZHWSjAk6FLMob5noE8b+M3G7o/pcEzK561idyaq
V4Oi4DRA0xmYPsyiiz0yraj44QIG1ZxQqFB23T5XTnvLoTgIzOSFRABEZfCjAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUgJMfq/Pt+b4uYZA1SRp3VL1D778wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjEyNjg3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsz2G
MA0GCSqGSIb3DQEBCwUAA4IBAQBVDAu9+ZiQMn+ZWYXZhjPvDe1vUfZhabUL3xh/
9HuwmfISq0TAC/QCjFiCrWj5uRRXPXPfASdyOI/Dim5Gh1jRbcMzpfBJDEnsgia+
bGNVpvGDWknNig5SN3D8+SJM7pMZ1e3FqYeFdZ5CFHnSqy/AWnMUEi1JDJFh0XK3
eDslT2TkP3Rq+ajR5zpeLg3q51EJgguYwfNOaOWiGEPLYVZB9pvdgURQuWQ342nN
YM6m6cQMivKFJedfWR0XEGFyBndRHvW0SZTBKWgTMOGMZN0EJc3HuO1UyBXwH7GI
YDrCDVpCSpnBLNXy5GCJtMSoMyqGOrTfupzdktGuCeMGioGg
-----END CERTIFICATE-----