Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS213451.roa
File:                     AS213451.roa (raw, json)
Hash identifier:          GSlvZYpJs4+8IrDUak3LCXYt4o/8Vm875TkYWBdksfI=
Subject key identifier:   8A:98:37:99:5E:63:C2:1A:B8:85:13:7A:D6:08:E7:34:63:2A:52:06
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       69D79E2FF770053889EC831E150F755E2134F24C
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS213451.roa
Signing time:             Fri 28 Mar 2025 20:23:45 +0000
ROA not before:           Fri 28 Mar 2025 20:18:45 +0000
ROA not after:            Fri 27 Mar 2026 20:23:45 +0000
asID:                     213451
IP address blocks:        191.101.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:d7:9e:2f:f7:70:05:38:89:ec:83:1e:15:0f:75:5e:21:34:f2:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 28 20:18:45 2025 GMT
            Not After : Mar 27 20:23:45 2026 GMT
        Subject: CN=8A9837995E63C21AB885137AD608E734632A5206
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:4f:2b:fd:12:15:7d:8e:1d:41:60:94:f9:91:
                    06:28:01:f2:5b:15:c3:6d:d5:08:b5:5d:8e:43:c0:
                    a2:d7:1a:27:ca:79:78:2d:30:01:5f:8f:43:57:2a:
                    82:01:65:c3:86:d9:8b:5c:b4:9a:f0:d9:0b:69:fa:
                    94:19:b6:46:b1:61:38:5f:cf:1c:d2:1f:b2:57:44:
                    f6:e8:a3:b4:1a:9e:60:cd:f7:56:bc:81:79:ea:54:
                    b3:c1:df:72:54:5b:00:40:ff:df:2c:bc:d3:ad:1a:
                    27:66:ca:a9:6a:06:27:47:88:48:3e:e6:be:2e:1d:
                    45:35:bc:72:3e:21:a5:9e:35:10:3c:54:f7:34:10:
                    c9:b6:50:d6:ac:56:02:9d:9c:9e:6b:2b:02:56:a0:
                    e4:89:6c:b0:22:b2:47:fc:9c:c1:b6:27:42:62:01:
                    70:7f:8f:44:98:02:85:05:df:9d:59:b2:af:fb:29:
                    4e:d2:8e:4d:4c:df:56:3f:7c:19:e6:12:c7:e7:ee:
                    73:8f:d5:a8:03:e2:30:be:df:7e:d1:52:1e:ae:04:
                    c4:06:06:1e:1a:db:09:72:31:3c:e4:44:69:97:f1:
                    96:7c:dd:a8:91:a0:ed:e4:3d:3c:6a:ab:08:6d:b9:
                    82:4b:85:c1:d6:a2:d0:3c:25:bb:72:10:34:cf:63:
                    fd:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:98:37:99:5E:63:C2:1A:B8:85:13:7A:D6:08:E7:34:63:2A:52:06
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS213451.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:8e:f9:5d:a9:1b:60:31:8a:56:b6:20:15:5c:6b:be:f8:4c:
         6e:b2:89:f1:35:e7:2a:6c:97:4b:17:29:1c:f8:d8:23:a8:86:
         44:ec:74:5b:52:e7:96:b3:6b:1b:32:ad:cd:6c:35:de:48:82:
         77:08:60:d2:46:f6:90:dd:4f:b1:55:d3:e3:80:fd:e2:a4:9d:
         9c:36:12:ac:28:db:51:87:82:4b:4a:b9:7c:6c:1d:c3:e7:5f:
         41:aa:4e:14:19:4c:db:b1:f6:4e:fd:f3:34:64:29:2d:c2:fe:
         7d:9b:df:24:70:57:6b:74:0a:d9:da:b4:5d:fb:a6:a7:c6:b1:
         ad:61:a1:e4:5a:4a:b6:8c:d0:fd:78:96:3b:a3:3e:5e:55:5e:
         95:86:46:72:f9:2c:00:80:6a:ba:ff:72:58:b1:dc:d4:e6:f8:
         63:1c:c3:c6:05:eb:18:32:57:07:7f:e4:64:3b:43:7c:a7:c6:
         72:1f:62:f8:a0:84:cb:b8:d7:f0:f2:fa:c0:b6:81:f0:f2:da:
         b7:60:7d:3e:f7:bd:9d:c2:20:c6:b5:39:56:b1:1d:62:f5:72:
         9e:5e:45:a8:09:97:b1:11:00:f9:94:53:2d:1e:e8:37:f9:66:
         f6:e9:bb:6e:93:a9:36:f4:16:fc:94:eb:e3:c4:59:6b:ee:0b:
         d3:d1:fb:23
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUadeeL/dwBTiJ7IMeFQ91XiE08kwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAzMjgyMDE4NDVaFw0yNjAzMjcyMDIzNDVaMDMxMTAvBgNV
BAMTKDhBOTgzNzk5NUU2M0MyMUFCODg1MTM3QUQ2MDhFNzM0NjMyQTUyMDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDATyv9EhV9jh1BYJT5kQYoAfJb
FcNt1Qi1XY5DwKLXGifKeXgtMAFfj0NXKoIBZcOG2YtctJrw2Qtp+pQZtkaxYThf
zxzSH7JXRPboo7QanmDN91a8gXnqVLPB33JUWwBA/98svNOtGidmyqlqBidHiEg+
5r4uHUU1vHI+IaWeNRA8VPc0EMm2UNasVgKdnJ5rKwJWoOSJbLAiskf8nMG2J0Ji
AXB/j0SYAoUF351Zsq/7KU7Sjk1M31Y/fBnmEsfn7nOP1agD4jC+337RUh6uBMQG
Bh4a2wlyMTzkRGmX8ZZ83aiRoO3kPTxqqwhtuYJLhcHWotA8JbtyEDTPY/2/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUipg3mV5jwhq4hRN61gjnNGMqUgYwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjEzNDUxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2Ud
MA0GCSqGSIb3DQEBCwUAA4IBAQBejvldqRtgMYpWtiAVXGu++ExusonxNecqbJdL
Fykc+NgjqIZE7HRbUueWs2sbMq3NbDXeSIJ3CGDSRvaQ3U+xVdPjgP3ipJ2cNhKs
KNtRh4JLSrl8bB3D519Bqk4UGUzbsfZO/fM0ZCktwv59m98kcFdrdArZ2rRd+6an
xrGtYaHkWkq2jND9eJY7oz5eVV6VhkZy+SwAgGq6/3JYsdzU5vhjHMPGBesYMlcH
f+RkO0N8p8ZyH2L4oITLuNfw8vrAtoHw8tq3YH0+972dwiDGtTlWsR1i9XKeXkWo
CZexEQD5lFMtHug3+Wb26btuk6k29Bb8lOvjxFlr7gvT0fsj
-----END CERTIFICATE-----