Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214481.roa
File:                     AS214481.roa (raw, json)
Hash identifier:          zRcJjdT/JYsb4ZkkFf3VpXKYzlOFOoJwMQo8OrY1rZs=
Subject key identifier:   DF:03:12:84:57:43:F0:A2:74:1A:F0:A7:B5:C9:0D:9B:4F:61:CA:95
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       150B7D5B1CC11728399AD76A1A45B6C58C4703
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214481.roa
Signing time:             Tue 13 Aug 2024 19:27:40 +0000
ROA not before:           Tue 13 Aug 2024 19:22:40 +0000
ROA not after:            Tue 12 Aug 2025 19:27:40 +0000
asID:                     214481
IP address blocks:        191.96.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:0b:7d:5b:1c:c1:17:28:39:9a:d7:6a:1a:45:b6:c5:8c:47:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug 13 19:22:40 2024 GMT
            Not After : Aug 12 19:27:40 2025 GMT
        Subject: CN=DF0312845743F0A2741AF0A7B5C90D9B4F61CA95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:32:03:9c:d5:7f:3b:be:cd:66:66:2f:ec:6e:
                    57:43:24:3f:d5:0f:02:d1:93:c0:14:72:1f:d4:dc:
                    8d:c3:a1:d4:2d:4f:34:e7:2b:e0:f9:70:04:ef:ef:
                    d5:a7:3c:ec:df:1a:da:52:13:82:f9:7e:cc:eb:2d:
                    7a:53:6a:86:00:99:52:ee:7b:b6:a2:c3:87:00:7b:
                    5a:81:67:31:96:f5:f3:c6:ca:01:01:68:f4:93:35:
                    bd:1f:0f:32:b0:21:bb:20:9c:0f:29:7e:e5:28:c1:
                    0d:b9:ac:f3:a1:e2:4a:c0:34:c4:b7:1b:5e:eb:54:
                    d4:5c:5c:51:a2:9d:f5:83:37:e9:05:0b:22:6e:2a:
                    7b:4c:07:8e:15:3b:ae:11:8a:d9:1c:8c:30:34:a7:
                    1d:5d:85:24:fa:23:f2:df:08:74:db:0f:a9:10:45:
                    82:6a:f7:a7:54:56:cd:a8:63:c3:33:a9:02:24:dd:
                    3c:62:51:3b:54:83:47:57:78:63:85:5d:13:34:c3:
                    ee:87:97:07:f9:4d:d7:49:ca:3a:04:5d:be:35:6d:
                    1e:a1:75:18:e0:d6:20:07:54:c0:8d:25:3f:5d:5a:
                    9e:d8:e5:ad:8e:d8:6a:34:9f:ec:e5:80:e1:87:56:
                    f6:0c:e7:16:6f:59:b0:e8:b1:1e:da:53:07:96:de:
                    83:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:03:12:84:57:43:F0:A2:74:1A:F0:A7:B5:C9:0D:9B:4F:61:CA:95
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214481.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:a6:ba:b1:47:f5:cf:31:2c:af:9f:a6:ab:3c:58:bc:2f:6b:
         30:c5:e0:4a:db:ea:8c:31:42:29:55:5d:cf:b3:06:55:6d:b9:
         8e:36:a2:64:74:6c:9b:d7:d4:e9:2e:b9:68:49:dc:e5:a8:11:
         24:32:06:d7:a3:1e:99:6a:b6:f2:c1:1e:9f:1c:58:55:c1:57:
         1d:79:2e:33:e8:6d:b1:72:63:04:3a:95:1b:9f:d0:4c:a2:0c:
         4d:60:43:e8:34:99:cf:64:ac:27:69:91:5f:96:59:6b:d1:9f:
         32:8f:76:f4:1b:58:3c:d9:91:ee:d3:9a:d6:72:15:28:53:1d:
         2d:5d:32:41:97:45:03:7a:4c:95:77:0e:e8:e8:67:4e:0f:a0:
         01:4f:42:f8:22:64:a1:6c:54:08:ef:a7:8d:34:f8:a3:85:d4:
         be:be:2a:b7:e2:76:94:c6:76:ea:08:04:94:ea:3d:35:f8:70:
         35:d0:00:f5:c7:0b:5d:6d:e5:fb:72:ed:87:ee:e5:7f:d1:e6:
         7b:ff:73:20:2e:fb:56:e7:64:6f:0c:b3:91:96:bb:17:e1:bb:
         40:9c:d5:ad:1c:04:be:df:83:f6:94:23:6b:71:65:89:f6:2a:
         c7:c4:23:f7:06:ac:96:70:32:ed:b0:45:30:28:a3:16:e7:17:
         20:8a:38:07
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgITFQt9WxzBFyg5mtdqGkW2xYxHAzANBgkqhkiG9w0BAQsF
ADAzMTEwLwYDVQQDEyg2MWIxYmI0NDQ3NzE4ZjE2YjNkMzY2NzVkMjA1YzRkZWE0
MWJiYTBhMB4XDTI0MDgxMzE5MjI0MFoXDTI1MDgxMjE5Mjc0MFowMzExMC8GA1UE
AxMoREYwMzEyODQ1NzQzRjBBMjc0MUFGMEE3QjVDOTBEOUI0RjYxQ0E5NTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOgyA5zVfzu+zWZmL+xuV0MkP9UP
AtGTwBRyH9TcjcOh1C1PNOcr4PlwBO/v1ac87N8a2lITgvl+zOstelNqhgCZUu57
tqLDhwB7WoFnMZb188bKAQFo9JM1vR8PMrAhuyCcDyl+5SjBDbms86HiSsA0xLcb
XutU1FxcUaKd9YM36QULIm4qe0wHjhU7rhGK2RyMMDSnHV2FJPoj8t8IdNsPqRBF
gmr3p1RWzahjwzOpAiTdPGJRO1SDR1d4Y4VdEzTD7oeXB/lN10nKOgRdvjVtHqF1
GODWIAdUwI0lP11antjlrY7YajSf7OWA4YdW9gznFm9ZsOixHtpTB5beg1sCAwEA
AaOCAgowggIGMB0GA1UdDgQWBBTfAxKEV0PwonQa8Ke1yQ2bT2HKlTAfBgNVHSME
GDAWgBRhsbtER3GPFrPTZnXSBcTepBu6CjAOBgNVHQ8BAf8EBAMCB4AwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5u
ZXQvcmVwb3NpdG9yeS81Mzc0NTllNy0yYTgzLTQzZDEtOWFhMS01ODQxN2FiYWM0
YjYvMS82MUIxQkI0NDQ3NzE4RjE2QjNEMzY2NzVEMjA1QzRERUE0MUJCQTBBLmNy
bDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvWWJHN1JFZHhqeGF6MDJaMTBnWEUzcVFi
dWdvLmNlcjB7BggrBgEFBQcBCwRvMG0wawYIKwYBBQUHMAuGX3JzeW5jOi8vcnN5
bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00
M2QxLTlhYTEtNTg0MTdhYmFjNGI2LzEvQVMyMTQ0ODEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/YAsw
DQYJKoZIhvcNAQELBQADggEBABSmurFH9c8xLK+fpqs8WLwvazDF4Erb6owxQilV
Xc+zBlVtuY42omR0bJvX1OkuuWhJ3OWoESQyBtejHplqtvLBHp8cWFXBVx15LjPo
bbFyYwQ6lRuf0EyiDE1gQ+g0mc9krCdpkV+WWWvRnzKPdvQbWDzZke7TmtZyFShT
HS1dMkGXRQN6TJV3DujoZ04PoAFPQvgiZKFsVAjvp400+KOF1L6+KrfidpTGduoI
BJTqPTX4cDXQAPXHC11t5fty7Yfu5X/R5nv/cyAu+1bnZG8Ms5GWuxfhu0Cc1a0c
BL7fg/aUI2txZYn2KsfEI/cGrJZwMu2wRTAooxbnFyCKOAc=
-----END CERTIFICATE-----