Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214083.roa
File:                     AS214083.roa (raw, json)
Hash identifier:          ZzLdqJU9G/T+q3tOacSxKhLBGXtjcI6bKUWefvnT/Us=
Subject key identifier:   E2:FE:E0:6E:C5:95:0E:DF:51:4B:B4:05:8B:C2:27:F3:9E:85:C3:34
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       10D9EA61F0B97D8F92D76F918D5475EFC03F64C9
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214083.roa
Signing time:             Sun 08 Dec 2024 10:43:59 +0000
ROA not before:           Sun 08 Dec 2024 10:38:59 +0000
ROA not after:            Sun 07 Dec 2025 10:43:59 +0000
asID:                     214083
IP address blocks:        45.93.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 19:35:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:d9:ea:61:f0:b9:7d:8f:92:d7:6f:91:8d:54:75:ef:c0:3f:64:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Dec  8 10:38:59 2024 GMT
            Not After : Dec  7 10:43:59 2025 GMT
        Subject: CN=E2FEE06EC5950EDF514BB4058BC227F39E85C334
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:b5:47:87:e4:e8:83:27:cc:ab:4c:81:bd:eb:
                    da:3b:d5:61:dc:be:7f:d1:3f:a2:46:12:74:7b:7c:
                    fa:01:e6:df:d6:18:eb:a5:dd:04:7d:66:91:e0:fb:
                    ef:b9:eb:33:c2:09:50:0f:0c:ea:96:7d:0f:f8:76:
                    fd:fb:e9:f9:99:1f:76:f4:19:7c:ba:6c:36:b3:ce:
                    ae:96:d6:68:13:66:b6:84:18:ea:e6:b6:31:4a:0b:
                    d8:3d:0a:47:97:d7:6b:e3:85:ce:d6:36:1c:fe:37:
                    8d:2e:df:9b:13:10:a7:19:11:f6:23:32:c9:59:fd:
                    58:f5:fd:97:4b:d3:3a:94:45:44:27:b4:80:69:64:
                    67:86:df:ae:52:fd:70:ca:f9:63:f1:42:d6:e9:cd:
                    b9:39:4c:1b:f3:da:e6:84:87:29:07:4b:be:ec:1e:
                    9d:38:1e:0a:5c:51:4d:00:01:29:b2:ac:a4:dc:2e:
                    5b:8a:c7:d8:31:be:db:62:35:a2:93:5c:8d:bd:2e:
                    37:e1:8e:cd:ab:13:6c:42:85:d9:cb:b8:cd:c5:04:
                    68:e4:70:e9:e5:f2:e2:4d:85:1d:f9:f7:29:49:41:
                    25:8d:0f:57:57:64:2e:79:24:f8:4d:aa:42:2c:ae:
                    04:96:11:44:73:a8:3d:80:d1:04:dd:e2:2a:a8:2b:
                    79:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:FE:E0:6E:C5:95:0E:DF:51:4B:B4:05:8B:C2:27:F3:9E:85:C3:34
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214083.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.93.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:01:b3:c6:c1:16:6d:d7:12:01:60:7f:46:1d:9f:b0:28:d2:
         21:8f:93:96:1c:96:39:e1:af:01:a4:9e:bc:db:58:83:42:7e:
         f5:70:99:00:1e:0c:0d:40:57:3c:65:12:4a:0c:79:db:32:0c:
         68:f4:6c:7e:cd:1e:c0:1f:57:ad:a1:6c:88:43:51:67:6e:e9:
         49:3e:48:51:e7:52:a6:c9:47:b2:25:b2:9f:38:c6:b3:5e:3e:
         c3:07:e5:70:e3:84:ff:83:aa:c8:5b:17:90:72:c4:8b:74:d1:
         a3:ab:54:48:15:e3:18:7f:fe:b8:92:8c:ce:4d:65:9d:6a:ba:
         51:40:02:87:5c:b9:21:29:a5:50:2e:42:83:4f:6c:a3:62:bc:
         8a:e8:7b:89:15:22:a8:68:a9:ad:27:2d:5b:e4:1f:99:4c:4b:
         0c:45:fc:01:9c:7c:fa:91:9d:de:43:d0:6a:23:9a:4f:e9:8a:
         3e:15:26:75:9b:dc:96:d3:e2:9b:d8:a3:66:f7:28:17:f1:80:
         6b:8b:e5:26:d5:08:fb:8d:24:19:a3:45:5a:83:40:60:a6:ed:
         25:b1:29:fb:93:b3:9a:93:ea:1e:e5:18:2e:40:9f:f7:f7:98:
         66:84:26:8f:1b:b8:4a:33:e6:0c:48:e1:b8:42:c3:63:54:92:
         41:94:3b:c3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUENnqYfC5fY+S12+RjVR178A/ZMkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDEyMDgxMDM4NTlaFw0yNTEyMDcxMDQzNTlaMDMxMTAvBgNV
BAMTKEUyRkVFMDZFQzU5NTBFREY1MTRCQjQwNThCQzIyN0YzOUU4NUMzMzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNtUeH5OiDJ8yrTIG969o71WHc
vn/RP6JGEnR7fPoB5t/WGOul3QR9ZpHg+++56zPCCVAPDOqWfQ/4dv376fmZH3b0
GXy6bDazzq6W1mgTZraEGOrmtjFKC9g9CkeX12vjhc7WNhz+N40u35sTEKcZEfYj
MslZ/Vj1/ZdL0zqURUQntIBpZGeG365S/XDK+WPxQtbpzbk5TBvz2uaEhykHS77s
Hp04HgpcUU0AASmyrKTcLluKx9gxvttiNaKTXI29Ljfhjs2rE2xChdnLuM3FBGjk
cOnl8uJNhR359ylJQSWND1dXZC55JPhNqkIsrgSWEURzqD2A0QTd4iqoK3lJAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU4v7gbsWVDt9RS7QFi8In856FwzQwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE0MDgzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV0s
MA0GCSqGSIb3DQEBCwUAA4IBAQCmAbPGwRZt1xIBYH9GHZ+wKNIhj5OWHJY54a8B
pJ6821iDQn71cJkAHgwNQFc8ZRJKDHnbMgxo9Gx+zR7AH1etoWyIQ1FnbulJPkhR
51KmyUeyJbKfOMazXj7DB+Vw44T/g6rIWxeQcsSLdNGjq1RIFeMYf/64kozOTWWd
arpRQAKHXLkhKaVQLkKDT2yjYryK6HuJFSKoaKmtJy1b5B+ZTEsMRfwBnHz6kZ3e
Q9BqI5pP6Yo+FSZ1m9yW0+Kb2KNm9ygX8YBri+Um1Qj7jSQZo0Vag0Bgpu0lsSn7
k7Oak+oe5RguQJ/395hmhCaPG7hKM+YMSOG4QsNjVJJBlDvD
-----END CERTIFICATE-----