Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS211373.roa
File:                     AS211373.roa (raw, json)
Hash identifier:          AYCOtxPAyfh+FNhfQlL1XtQgFo7qgStslvh8IcwdPNA=
Subject key identifier:   3C:49:6E:3E:8F:13:B9:32:C0:CA:7C:64:DC:4C:B3:C7:DB:E0:79:98
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       1F98CB0B6EF7BB3F95AD60BB66257FB2AD7FCAAF
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS211373.roa
Signing time:             Wed 04 Oct 2023 11:38:51 +0000
ROA not before:           Wed 04 Oct 2023 11:33:51 +0000
ROA not after:            Wed 02 Oct 2024 11:38:51 +0000
asID:                     211373
IP address blocks:        45.149.100.0/24 maxlen: 24
                          45.149.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:98:cb:0b:6e:f7:bb:3f:95:ad:60:bb:66:25:7f:b2:ad:7f:ca:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Oct  4 11:33:51 2023 GMT
            Not After : Oct  2 11:38:51 2024 GMT
        Subject: CN=3C496E3E8F13B932C0CA7C64DC4CB3C7DBE07998
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:21:d9:ce:e8:42:72:e7:36:77:ce:ef:b5:ab:
                    2d:29:63:71:ac:11:01:8a:36:3a:4e:6f:bd:77:7f:
                    42:fc:d3:47:2c:12:82:56:3e:eb:65:7d:66:84:ff:
                    b5:83:a5:1e:87:b9:84:c8:1f:51:94:fd:be:dd:1e:
                    bf:69:5d:b4:a8:a1:fb:db:54:83:d6:d1:ff:82:a6:
                    50:dd:1a:b7:c1:39:af:c4:30:e1:0c:c2:84:47:f0:
                    e7:48:02:35:c5:08:28:c8:4e:d1:6b:a4:55:fd:50:
                    e1:31:5c:de:61:82:d2:f9:a7:c6:5a:d6:9a:26:87:
                    e4:ae:42:99:ca:81:bb:b4:c3:a6:2c:fe:06:52:97:
                    b0:88:a6:49:c3:0d:eb:32:15:3c:13:5b:49:89:8f:
                    95:a6:78:6a:28:e8:60:46:81:d0:c5:83:d3:0e:eb:
                    db:c7:d9:d2:e3:1c:f2:da:79:68:c3:19:cf:b8:ac:
                    c9:21:de:83:2b:d8:93:64:d8:60:24:6c:0c:80:a9:
                    9c:27:de:d7:19:a2:c0:fe:35:0b:e2:d8:52:a2:3e:
                    5c:dd:e4:b7:93:ce:ba:81:af:c7:fa:fc:9f:a2:e2:
                    06:d1:f7:82:63:ce:cb:a4:7a:78:29:75:20:bd:6f:
                    db:c8:d3:61:f4:0d:34:4d:cf:fc:b2:c5:a1:ba:a2:
                    55:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:49:6E:3E:8F:13:B9:32:C0:CA:7C:64:DC:4C:B3:C7:DB:E0:79:98
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS211373.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.100.0/24
                  45.149.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:08:39:0e:5a:84:46:f8:50:e9:2c:78:69:98:83:3c:db:a2:
         60:c5:8e:58:02:ba:16:3e:d5:79:58:6e:95:1f:b1:fa:1e:98:
         46:48:f0:43:3f:d3:27:82:bc:73:3f:3f:27:1e:b6:ba:d6:cc:
         f5:86:7e:97:87:f4:bc:48:15:3f:0a:fe:65:8a:13:08:b5:05:
         ee:a4:52:55:49:20:09:78:58:e4:97:94:62:2e:d2:31:3b:54:
         62:eb:ef:51:df:e3:7c:a1:d9:d5:db:6e:58:5b:0d:35:77:38:
         0b:a2:5b:d4:a9:ac:f0:82:c6:dc:86:b3:ad:89:84:d1:85:97:
         17:65:dd:72:97:94:de:49:6e:09:4e:5f:67:3b:9e:09:cf:a0:
         d7:41:f8:68:d1:4b:d3:af:5e:6e:73:fa:55:dd:56:1d:76:21:
         53:a8:80:3b:31:58:99:e8:8c:ce:83:bd:83:3d:1f:fc:75:32:
         6c:8a:54:06:ff:44:b1:6b:d3:e2:de:2a:1d:67:21:d9:ec:b6:
         86:96:a3:de:05:d8:1b:82:2f:24:90:19:dd:3b:11:12:f5:b1:
         95:06:03:72:3c:2f:35:95:a4:a0:8c:62:61:83:ea:84:6c:3e:
         bd:99:4c:06:b6:31:30:7e:e8:2d:fe:16:15:2b:83:18:50:60:
         33:7c:82:12
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUH5jLC273uz+VrWC7ZiV/sq1/yq8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yMzEwMDQxMTMzNTFaFw0yNDEwMDIxMTM4NTFaMDMxMTAvBgNV
BAMTKDNDNDk2RTNFOEYxM0I5MzJDMENBN0M2NERDNENCM0M3REJFMDc5OTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOIdnO6EJy5zZ3zu+1qy0pY3Gs
EQGKNjpOb713f0L800csEoJWPutlfWaE/7WDpR6HuYTIH1GU/b7dHr9pXbSoofvb
VIPW0f+CplDdGrfBOa/EMOEMwoRH8OdIAjXFCCjITtFrpFX9UOExXN5hgtL5p8Za
1pomh+SuQpnKgbu0w6Ys/gZSl7CIpknDDesyFTwTW0mJj5WmeGoo6GBGgdDFg9MO
69vH2dLjHPLaeWjDGc+4rMkh3oMr2JNk2GAkbAyAqZwn3tcZosD+NQvi2FKiPlzd
5LeTzrqBr8f6/J+i4gbR94JjzsukengpdSC9b9vI02H0DTRNz/yyxaG6olWLAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUPEluPo8TuTLAynxk3Eyzx9vgeZgwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjExMzczLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZVk
AwQALZVmMA0GCSqGSIb3DQEBCwUAA4IBAQB7CDkOWoRG+FDpLHhpmIM826JgxY5Y
AroWPtV5WG6VH7H6HphGSPBDP9MngrxzPz8nHra61sz1hn6Xh/S8SBU/Cv5lihMI
tQXupFJVSSAJeFjkl5RiLtIxO1Ri6+9R3+N8odnV225YWw01dzgLolvUqazwgsbc
hrOtiYTRhZcXZd1yl5TeSW4JTl9nO54Jz6DXQfho0UvTr15uc/pV3VYddiFTqIA7
MViZ6IzOg72DPR/8dTJsilQG/0Sxa9Pi3iodZyHZ7LaGlqPeBdgbgi8kkBndOxES
9bGVBgNyPC81laSgjGJhg+qEbD69mUwGtjEwfugt/hYVK4MYUGAzfIIS
-----END CERTIFICATE-----