Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS211373.roa
File:                     AS211373.roa (raw, json)
Hash identifier:          wuP0WSqoDIC7xAU8ydnVt4r0lQ0qWWhtKSw2PI2B84M=
Subject key identifier:   15:94:C4:8B:11:F3:DC:71:32:19:B0:3B:DA:F4:5B:36:43:8F:CF:3A
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       373DF592938BBFECCC17A2DBED78A18BF1CEEA0C
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS211373.roa
Signing time:             Wed 04 Sep 2024 12:05:20 +0000
ROA not before:           Wed 04 Sep 2024 12:00:20 +0000
ROA not after:            Wed 03 Sep 2025 12:05:20 +0000
asID:                     211373
IP address blocks:        45.149.100.0/24 maxlen: 24
                          45.149.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:3d:f5:92:93:8b:bf:ec:cc:17:a2:db:ed:78:a1:8b:f1:ce:ea:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Sep  4 12:00:20 2024 GMT
            Not After : Sep  3 12:05:20 2025 GMT
        Subject: CN=1594C48B11F3DC713219B03BDAF45B36438FCF3A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:7f:fc:3d:e3:44:73:a7:3c:d9:ed:ce:f5:03:
                    26:ed:6d:72:56:ef:4e:88:f4:84:16:28:0f:35:94:
                    ae:d3:73:d8:60:02:d7:df:67:1e:2d:35:0d:36:06:
                    63:eb:2b:08:5d:12:d6:08:75:d5:0f:6a:0d:95:88:
                    e4:c1:25:d2:53:8a:a6:77:17:da:f6:cd:99:ee:fd:
                    3f:df:ed:3b:4c:ec:34:1e:ec:87:ef:30:f1:72:5a:
                    9e:a6:2f:6b:1f:4a:88:7c:32:f1:d1:bf:55:37:4f:
                    c4:84:f7:ac:81:ce:f1:02:be:62:c8:a7:07:d8:dc:
                    2a:eb:c3:36:23:51:f3:8a:56:5b:6f:b4:c8:48:3a:
                    4d:52:5f:ac:fb:78:ae:4a:8d:90:61:11:f7:a6:cf:
                    6c:c2:d0:56:98:38:40:7c:69:c4:c2:73:d8:75:15:
                    3b:72:c6:e4:16:13:c9:f0:c8:80:7e:8a:02:78:8c:
                    3d:84:78:0f:16:d7:f7:c6:67:f3:64:ad:ba:93:15:
                    4b:a9:67:34:2a:24:37:32:06:1d:e7:76:fa:c1:d9:
                    e8:cf:e8:40:86:80:de:24:72:9b:72:27:43:92:40:
                    1f:47:08:ff:05:90:cb:ea:45:6b:ab:f6:3c:e5:85:
                    11:44:61:3c:3d:3d:79:3e:c2:52:f5:5d:ee:6f:52:
                    60:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:94:C4:8B:11:F3:DC:71:32:19:B0:3B:DA:F4:5B:36:43:8F:CF:3A
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS211373.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.100.0/24
                  45.149.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:fc:41:5a:8b:e1:8c:50:c9:d2:ed:12:4a:5e:e8:97:69:8d:
         5b:26:4d:e1:e4:94:b7:6b:40:cf:52:3a:fc:17:91:c5:c8:45:
         d8:ee:2d:e1:7d:b4:e8:8b:56:c9:06:1d:dc:40:3c:07:0b:18:
         2c:cf:8d:4f:e0:b1:0f:db:7c:9d:52:7f:fd:6d:e4:19:02:cf:
         fc:87:75:79:47:24:53:49:cd:db:8e:5d:b3:9b:d8:36:a3:71:
         34:e8:d2:47:61:08:cd:9d:13:ce:1c:87:6c:b6:8e:bd:06:f3:
         6a:fb:0f:61:ff:ce:aa:9f:5a:22:af:31:1b:c5:99:3e:c7:8a:
         2c:a5:c4:f3:f3:e3:3d:24:f3:d2:56:89:09:90:78:8c:e5:14:
         2b:cc:85:1c:1b:3e:d3:d0:b8:89:1c:35:8e:c3:ec:15:ba:fd:
         92:8c:e0:df:d2:f6:1d:e1:04:50:7c:f4:76:47:9b:6b:82:c8:
         71:13:e7:d0:b1:cc:6d:43:98:7b:53:8f:3c:77:19:e1:e7:2f:
         db:d8:a1:bf:93:67:c7:b5:64:d0:3f:d0:e2:be:4f:ce:2f:31:
         d8:86:bb:e9:7e:34:7f:b1:2e:b2:16:fe:82:e0:f7:a2:cc:3f:
         29:f9:84:7a:0d:c5:40:3a:11:61:03:b2:72:8c:41:29:89:81:
         b3:13:29:89
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUNz31kpOLv+zMF6Lb7Xihi/HO6gwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDA5MDQxMjAwMjBaFw0yNTA5MDMxMjA1MjBaMDMxMTAvBgNV
BAMTKDE1OTRDNDhCMTFGM0RDNzEzMjE5QjAzQkRBRjQ1QjM2NDM4RkNGM0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWf/w940RzpzzZ7c71AybtbXJW
706I9IQWKA81lK7Tc9hgAtffZx4tNQ02BmPrKwhdEtYIddUPag2ViOTBJdJTiqZ3
F9r2zZnu/T/f7TtM7DQe7IfvMPFyWp6mL2sfSoh8MvHRv1U3T8SE96yBzvECvmLI
pwfY3CrrwzYjUfOKVltvtMhIOk1SX6z7eK5KjZBhEfemz2zC0FaYOEB8acTCc9h1
FTtyxuQWE8nwyIB+igJ4jD2EeA8W1/fGZ/NkrbqTFUupZzQqJDcyBh3ndvrB2ejP
6ECGgN4kcptyJ0OSQB9HCP8FkMvqRWur9jzlhRFEYTw9PXk+wlL1Xe5vUmB3AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUFZTEixHz3HEyGbA72vRbNkOPzzowHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjExMzczLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZVk
AwQALZVmMA0GCSqGSIb3DQEBCwUAA4IBAQCn/EFai+GMUMnS7RJKXuiXaY1bJk3h
5JS3a0DPUjr8F5HFyEXY7i3hfbToi1bJBh3cQDwHCxgsz41P4LEP23ydUn/9beQZ
As/8h3V5RyRTSc3bjl2zm9g2o3E06NJHYQjNnRPOHIdsto69BvNq+w9h/86qn1oi
rzEbxZk+x4ospcTz8+M9JPPSVokJkHiM5RQrzIUcGz7T0LiJHDWOw+wVuv2SjODf
0vYd4QRQfPR2R5trgshxE+fQscxtQ5h7U488dxnh5y/b2KG/k2fHtWTQP9Divk/O
LzHYhrvpfjR/sS6yFv6C4PeizD8p+YR6DcVAOhFhA7JyjEEpiYGzEymJ
-----END CERTIFICATE-----