Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS212786.roa
File:                     AS212786.roa (raw, json)
Hash identifier:          StkcjL5cGVpxcYtmtrJ7LniFks5jaZLqk1PLDTZnp0o=
Subject key identifier:   D5:E2:E1:D0:32:7C:8E:9B:4D:BE:7B:D1:39:D5:8C:14:96:C1:93:FE
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       2BAA2316CADE33B7480A62D70DEB0B8CEDBA6AE6
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS212786.roa
Signing time:             Thu 12 Jun 2025 14:10:28 +0000
ROA not before:           Thu 12 Jun 2025 14:05:28 +0000
ROA not after:            Thu 11 Jun 2026 14:10:28 +0000
asID:                     212786
IP address blocks:        2a0a:9e05::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Jun 2025 02:36:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:aa:23:16:ca:de:33:b7:48:0a:62:d7:0d:eb:0b:8c:ed:ba:6a:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 12 14:05:28 2025 GMT
            Not After : Jun 11 14:10:28 2026 GMT
        Subject: CN=D5E2E1D0327C8E9B4DBE7BD139D58C1496C193FE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:51:42:9e:ca:71:b1:c4:71:f9:58:90:d0:ee:
                    75:1c:e1:a1:4e:7e:a8:69:46:2c:0c:20:ae:ee:f6:
                    69:54:78:72:52:8b:be:37:22:cd:09:05:58:25:b7:
                    bc:6a:ad:ef:2f:cb:f9:5d:96:5f:71:5c:98:33:c8:
                    5a:06:1a:fa:df:44:13:e4:28:da:e6:5e:dd:f1:c7:
                    de:af:ca:a7:8c:45:1d:86:e1:6a:51:3c:96:2b:c5:
                    ec:c6:84:43:91:bc:92:fa:91:13:2b:05:f7:a0:26:
                    ba:1e:94:dd:88:f0:d8:00:13:fe:45:ca:6b:43:35:
                    7a:7a:67:bc:ae:7b:3e:8f:5d:cd:44:f9:d8:71:a1:
                    b5:1c:1b:2c:b7:2c:82:d3:70:be:5c:5c:17:64:8e:
                    0f:d9:f7:45:d0:c4:58:e0:ed:f6:bc:77:17:85:f6:
                    ab:db:06:e7:46:f7:60:29:90:71:ee:7c:82:db:35:
                    8c:22:bb:7f:24:f2:11:c3:ba:fd:dc:15:6c:c8:a0:
                    d0:81:76:80:fa:fb:06:20:ac:50:c7:c2:15:ff:20:
                    80:c0:7c:e7:26:d4:2b:1d:16:97:d6:f6:b8:bd:e5:
                    64:5f:86:57:7f:86:9b:ba:87:b6:d7:b8:24:8e:d5:
                    98:9c:2e:b8:bb:e0:74:3a:68:02:07:1c:ca:58:ef:
                    f4:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:E2:E1:D0:32:7C:8E:9B:4D:BE:7B:D1:39:D5:8C:14:96:C1:93:FE
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS212786.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:9e05::/32

    Signature Algorithm: sha256WithRSAEncryption
         77:67:27:a8:95:90:95:4f:f2:af:ea:98:8d:07:29:f4:ca:78:
         5c:a7:fc:08:fe:4f:c9:75:1a:1c:d2:39:2e:22:5b:16:f3:2d:
         4e:c4:a4:bc:d3:1b:e5:a5:a6:d7:f0:ad:84:9a:d9:ae:1b:8a:
         d0:bc:6f:c8:27:5f:49:9b:99:ba:0b:7c:5e:0a:33:e0:28:c8:
         bc:50:f5:86:c5:d2:5a:21:5d:91:cd:0a:9d:e8:fb:10:49:38:
         98:27:6f:05:c1:6e:86:b8:6e:b0:78:62:97:8a:79:39:16:ab:
         d6:b1:52:5b:de:41:68:77:5e:f9:70:21:ee:27:98:95:f4:da:
         0c:f9:12:14:04:cd:f5:27:ed:28:68:b2:ae:5e:cf:45:a0:ab:
         ad:9b:ff:98:ef:9f:9d:c8:e3:73:a1:9d:de:b5:7f:24:15:7d:
         df:0f:82:0d:81:21:d0:30:26:b9:f3:92:d8:81:c8:c0:a1:c0:
         d8:51:b4:f7:16:6f:61:2d:3d:3a:6e:93:b3:c5:f5:5d:46:74:
         97:5a:f8:70:b2:e0:d4:aa:d4:46:b1:f1:4c:5b:11:1b:3e:d1:
         94:12:eb:51:0e:4e:f2:2c:47:ca:19:0e:fd:52:47:1b:5b:20:
         e0:fa:70:37:04:dd:af:f2:3a:23:37:e5:61:bd:f8:47:68:65:
         da:00:6d:66
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIUK6ojFsreM7dICmLXDesLjO26auYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MTIxNDA1MjhaFw0yNjA2MTExNDEwMjhaMDMxMTAvBgNV
BAMTKEQ1RTJFMUQwMzI3QzhFOUI0REJFN0JEMTM5RDU4QzE0OTZDMTkzRkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqUUKeynGxxHH5WJDQ7nUc4aFO
fqhpRiwMIK7u9mlUeHJSi743Is0JBVglt7xqre8vy/ldll9xXJgzyFoGGvrfRBPk
KNrmXt3xx96vyqeMRR2G4WpRPJYrxezGhEORvJL6kRMrBfegJroelN2I8NgAE/5F
ymtDNXp6Z7yuez6PXc1E+dhxobUcGyy3LILTcL5cXBdkjg/Z90XQxFjg7fa8dxeF
9qvbBudG92ApkHHufILbNYwiu38k8hHDuv3cFWzIoNCBdoD6+wYgrFDHwhX/IIDA
fOcm1CsdFpfW9ri95WRfhld/hpu6h7bXuCSO1ZicLri74HQ6aAIHHMpY7/RRAgMB
AAGjggILMIICBzAdBgNVHQ4EFgQU1eLh0DJ8jptNvnvROdWMFJbBk/4wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjEyNzg2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgqe
BTANBgkqhkiG9w0BAQsFAAOCAQEAd2cnqJWQlU/yr+qYjQcp9Mp4XKf8CP5PyXUa
HNI5LiJbFvMtTsSkvNMb5aWm1/CthJrZrhuK0LxvyCdfSZuZugt8Xgoz4CjIvFD1
hsXSWiFdkc0Knej7EEk4mCdvBcFuhrhusHhil4p5ORar1rFSW95BaHde+XAh7ieY
lfTaDPkSFATN9SftKGiyrl7PRaCrrZv/mO+fncjjc6Gd3rV/JBV93w+CDYEh0DAm
ufOS2IHIwKHA2FG09xZvYS09Om6Ts8X1XUZ0l1r4cLLg1KrURrHxTFsRGz7RlBLr
UQ5O8ixHyhkO/VJHG1sg4PpwNwTdr/I6IzflYb34R2hl2gBtZg==
-----END CERTIFICATE-----