Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS213608.roa
File:                     AS213608.roa (raw, json)
Hash identifier:          BFImPA5t4BS8xyNWejKNFL1Xut6HQNDjnP4Liie6cGU=
Subject key identifier:   87:27:7C:2F:7F:66:BE:7E:D2:C5:8F:69:53:08:53:93:E0:F5:2F:96
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       51282F183CB39351053EE13704B9E86A23E072FD
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS213608.roa
Signing time:             Mon 13 Jan 2025 12:30:29 +0000
ROA not before:           Mon 13 Jan 2025 12:25:29 +0000
ROA not after:            Mon 12 Jan 2026 12:30:29 +0000
asID:                     213608
IP address blocks:        191.96.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 19:35:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:28:2f:18:3c:b3:93:51:05:3e:e1:37:04:b9:e8:6a:23:e0:72:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 13 12:25:29 2025 GMT
            Not After : Jan 12 12:30:29 2026 GMT
        Subject: CN=87277C2F7F66BE7ED2C58F6953085393E0F52F96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:f3:5f:e6:db:6c:36:ac:d7:78:45:66:2c:0e:
                    2e:18:1e:08:6b:77:e5:30:92:e9:33:5e:37:0a:5e:
                    46:58:88:da:35:e0:a1:19:16:1f:ca:9d:3a:ee:0d:
                    47:1a:21:5a:78:53:be:47:a4:7a:f8:41:0e:70:ec:
                    4a:a3:49:ab:32:bf:46:3c:cc:f3:ca:8f:c9:1c:b2:
                    e9:7c:b0:dc:86:5e:61:54:4a:95:99:20:14:90:59:
                    de:88:e2:30:59:c8:d2:7c:0a:a8:62:98:d9:90:8d:
                    b7:fc:08:79:06:58:58:d1:55:65:c7:b1:c6:bb:2c:
                    0f:57:51:8b:0d:02:9c:93:6b:1c:e1:4f:f1:56:a3:
                    c9:94:64:a7:7f:78:5d:46:67:4d:e5:ed:6b:93:0c:
                    e6:b0:b6:25:6c:4d:cc:9c:e8:1e:46:30:ff:02:d0:
                    99:50:5d:a2:79:cd:aa:53:66:5a:94:dd:23:0a:aa:
                    4b:20:5f:4f:37:86:52:d0:d4:41:42:1d:ac:83:c0:
                    25:58:02:a5:b3:d5:ce:8e:d2:af:c4:51:b8:b0:44:
                    e7:50:9c:6a:1a:f8:c2:3a:b4:17:30:36:6e:b9:0c:
                    81:3f:eb:26:1a:b5:20:b8:87:18:55:78:a5:ca:98:
                    e1:e2:2b:26:8a:34:40:5c:79:5c:40:db:c8:07:71:
                    bf:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:27:7C:2F:7F:66:BE:7E:D2:C5:8F:69:53:08:53:93:E0:F5:2F:96
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS213608.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:81:b2:19:99:13:10:1d:53:58:27:6e:3e:fd:a3:ef:af:fd:
         9c:16:d1:0b:32:d5:72:43:07:53:68:a3:73:66:11:2d:f1:f4:
         55:26:14:f3:d0:15:08:20:1f:6c:14:cc:d3:83:38:7a:a7:cd:
         14:05:62:71:8b:58:f9:fb:8a:60:db:cf:1a:00:f8:b7:7d:f7:
         78:ae:ff:3c:5c:47:58:26:a6:fc:7b:a9:38:03:e9:d5:be:8b:
         1f:d0:c3:9d:10:02:6e:7c:94:42:b7:1e:00:2a:f4:eb:11:55:
         8e:47:62:25:21:a1:29:00:49:61:01:d2:f2:75:43:e7:dc:c2:
         9f:6a:cd:9d:f8:83:29:ac:dd:e4:76:91:a8:08:09:62:43:f0:
         78:7a:67:b9:19:9e:f6:d5:63:af:cf:0a:f4:b4:bb:6d:42:de:
         75:21:84:fc:c3:9b:d2:5a:55:5b:0b:5f:9e:09:44:92:f2:75:
         be:37:b7:19:d3:d8:93:09:5a:42:45:d4:51:6e:f9:2e:31:5f:
         6e:2b:b2:9b:9a:6e:23:1a:eb:f8:90:8b:c5:2f:31:69:28:ae:
         30:08:9d:35:91:dc:9c:57:85:c7:dc:99:42:e9:9f:f4:a3:d2:
         c0:c7:04:01:a5:60:8e:5c:32:31:82:d3:b3:92:cc:d3:66:90:
         ea:b8:ae:d7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUUSgvGDyzk1EFPuE3BLnoaiPgcv0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAxMTMxMjI1MjlaFw0yNjAxMTIxMjMwMjlaMDMxMTAvBgNV
BAMTKDg3Mjc3QzJGN0Y2NkJFN0VEMkM1OEY2OTUzMDg1MzkzRTBGNTJGOTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC481/m22w2rNd4RWYsDi4YHghr
d+UwkukzXjcKXkZYiNo14KEZFh/KnTruDUcaIVp4U75HpHr4QQ5w7EqjSasyv0Y8
zPPKj8kcsul8sNyGXmFUSpWZIBSQWd6I4jBZyNJ8CqhimNmQjbf8CHkGWFjRVWXH
sca7LA9XUYsNApyTaxzhT/FWo8mUZKd/eF1GZ03l7WuTDOawtiVsTcyc6B5GMP8C
0JlQXaJ5zapTZlqU3SMKqksgX083hlLQ1EFCHayDwCVYAqWz1c6O0q/EUbiwROdQ
nGoa+MI6tBcwNm65DIE/6yYatSC4hxhVeKXKmOHiKyaKNEBceVxA28gHcb8TAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUhyd8L39mvn7SxY9pUwhTk+D1L5YwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjEzNjA4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2CV
MA0GCSqGSIb3DQEBCwUAA4IBAQCwgbIZmRMQHVNYJ24+/aPvr/2cFtELMtVyQwdT
aKNzZhEt8fRVJhTz0BUIIB9sFMzTgzh6p80UBWJxi1j5+4pg288aAPi3ffd4rv88
XEdYJqb8e6k4A+nVvosf0MOdEAJufJRCtx4AKvTrEVWOR2IlIaEpAElhAdLydUPn
3MKfas2d+IMprN3kdpGoCAliQ/B4eme5GZ721WOvzwr0tLttQt51IYT8w5vSWlVb
C1+eCUSS8nW+N7cZ09iTCVpCRdRRbvkuMV9uK7Kbmm4jGuv4kIvFLzFpKK4wCJ01
kdycV4XH3JlC6Z/0o9LAxwQBpWCOXDIxgtOzkszTZpDquK7X
-----END CERTIFICATE-----