Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS211091.roa
File:                     AS211091.roa (raw, json)
Hash identifier:          xmEYonZoYyG+8CgVH4polGCyH6OIeFObwN0F6GRbzH4=
Subject key identifier:   9C:A6:85:6F:C5:0A:8B:2A:B0:3F:26:C5:95:18:B8:73:F9:DB:71:84
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       7758FE5EEEBA782CC1254B5402D97FFB3AA93D09
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS211091.roa
Signing time:             Mon 27 Jan 2025 11:00:42 +0000
ROA not before:           Mon 27 Jan 2025 10:55:42 +0000
ROA not after:            Mon 26 Jan 2026 11:00:42 +0000
asID:                     211091
IP address blocks:        82.23.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:58:fe:5e:ee:ba:78:2c:c1:25:4b:54:02:d9:7f:fb:3a:a9:3d:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan 27 10:55:42 2025 GMT
            Not After : Jan 26 11:00:42 2026 GMT
        Subject: CN=9CA6856FC50A8B2AB03F26C59518B873F9DB7184
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:cd:12:2b:8a:05:5d:9f:d9:57:85:0b:34:3c:
                    4d:7a:0f:aa:30:99:d4:fd:b7:b2:3e:e1:87:d3:fe:
                    d3:8d:66:b2:ec:ef:c7:d4:46:29:89:8b:38:f0:da:
                    2d:fe:69:67:7c:ff:42:4a:6e:a0:d3:ed:7c:9e:19:
                    70:c3:8e:26:dd:f2:4e:01:cf:ca:f7:dd:28:7a:51:
                    dc:f8:31:6d:f0:de:e0:b6:bd:9e:56:8e:25:df:42:
                    44:85:83:08:0e:7d:eb:98:3e:83:25:7c:fb:bb:2a:
                    7c:31:8b:f4:24:38:1f:ca:8a:38:84:9a:98:da:10:
                    32:7f:fb:ca:c0:3e:d6:b5:b8:9b:a7:32:a5:e2:62:
                    e0:ba:31:28:9b:59:cf:84:f0:2a:84:be:8d:ac:76:
                    27:68:fa:da:92:d2:25:4b:10:bf:59:46:3e:84:9d:
                    83:d8:b3:c2:26:24:15:e9:60:cc:5f:ea:be:3d:95:
                    16:20:21:72:42:0f:59:9d:9b:d9:fb:bd:d7:d6:8a:
                    a1:3c:5f:4b:12:d6:81:f6:a4:61:cb:05:98:6f:a1:
                    5d:93:5e:82:31:2c:8a:ed:f0:ed:0a:3a:22:06:57:
                    7c:ad:1b:6c:c1:c1:48:58:e8:c6:b5:30:dd:6d:95:
                    90:44:1b:bb:72:05:0b:2e:c5:c7:7a:de:ed:1d:a5:
                    89:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:A6:85:6F:C5:0A:8B:2A:B0:3F:26:C5:95:18:B8:73:F9:DB:71:84
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS211091.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.23.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:e1:29:3e:41:95:1c:68:2d:7c:cf:88:c6:ed:e5:8c:dd:ce:
         43:fc:fd:c5:a2:be:b2:19:d1:b9:cd:21:ef:bf:dc:09:c3:f1:
         a5:f4:b8:e0:38:54:5c:7f:c6:1f:ca:13:9e:70:83:5e:00:a0:
         b6:60:c4:07:fd:6c:54:f8:ac:3a:6d:fe:bb:63:3a:12:ac:b2:
         78:37:2d:80:39:f5:7a:02:b5:fa:d3:b9:9d:33:80:a4:6f:5f:
         c4:37:86:50:eb:2f:ea:6b:79:fd:b2:48:f5:3a:38:c2:d3:a4:
         e2:ea:41:c4:c7:a8:e4:96:4e:80:f6:2f:37:07:08:05:f0:5a:
         3b:bb:41:9e:52:eb:e7:23:f4:36:52:44:57:0b:65:53:7e:73:
         1f:f8:c8:14:f0:c1:d5:f8:4c:30:ac:da:db:f4:57:74:a2:dd:
         45:a4:ca:d9:c9:2d:b2:56:0e:d1:d4:70:41:80:f9:e4:d7:ea:
         18:bf:5f:ad:cd:f1:5b:bd:4b:d1:a7:98:ef:1b:82:2f:ce:da:
         c1:23:68:fc:b5:89:58:8a:32:c2:47:27:91:06:09:9c:92:88:
         ce:1f:ad:b8:48:3c:9e:69:36:bb:d4:f8:84:f4:72:0c:66:43:
         4b:d3:f8:de:38:d0:17:ef:fa:60:56:e0:32:b4:c5:04:02:57:
         92:e2:ec:a8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUd1j+Xu66eCzBJUtUAtl/+zqpPQkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAxMjcxMDU1NDJaFw0yNjAxMjYxMTAwNDJaMDMxMTAvBgNV
BAMTKDlDQTY4NTZGQzUwQThCMkFCMDNGMjZDNTk1MThCODczRjlEQjcxODQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+zRIrigVdn9lXhQs0PE16D6ow
mdT9t7I+4YfT/tONZrLs78fURimJizjw2i3+aWd8/0JKbqDT7XyeGXDDjibd8k4B
z8r33Sh6Udz4MW3w3uC2vZ5WjiXfQkSFgwgOfeuYPoMlfPu7Knwxi/QkOB/KijiE
mpjaEDJ/+8rAPta1uJunMqXiYuC6MSibWc+E8CqEvo2sdido+tqS0iVLEL9ZRj6E
nYPYs8ImJBXpYMxf6r49lRYgIXJCD1mdm9n7vdfWiqE8X0sS1oH2pGHLBZhvoV2T
XoIxLIrt8O0KOiIGV3ytG2zBwUhY6Ma1MN1tlZBEG7tyBQsuxcd63u0dpYkxAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUnKaFb8UKiyqwPybFlRi4c/nbcYQwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjExMDkxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhfC
MA0GCSqGSIb3DQEBCwUAA4IBAQAX4Sk+QZUcaC18z4jG7eWM3c5D/P3For6yGdG5
zSHvv9wJw/Gl9LjgOFRcf8YfyhOecINeAKC2YMQH/WxU+Kw6bf67YzoSrLJ4Ny2A
OfV6ArX607mdM4Ckb1/EN4ZQ6y/qa3n9skj1OjjC06Ti6kHEx6jklk6A9i83BwgF
8Fo7u0GeUuvnI/Q2UkRXC2VTfnMf+MgU8MHV+EwwrNrb9Fd0ot1FpMrZyS2yVg7R
1HBBgPnk1+oYv1+tzfFbvUvRp5jvG4IvztrBI2j8tYlYijLCRyeRBgmckojOH624
SDyeaTa71PiE9HIMZkNL0/jeONAX7/pgVuAytMUEAleS4uyo
-----END CERTIFICATE-----