Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS211439.roa
File:                     AS211439.roa (raw, json)
Hash identifier:          Rj06j7mDJ/Iqil/EZ+UOJ2lnLIUej3lMeFiKLKTRu9w=
Subject key identifier:   9B:92:C4:16:D5:BB:03:E6:90:F9:95:90:FF:D5:09:D9:D3:5D:F5:DA
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       0B4F9DD33841BE6B2FBB12433B1D7FED58C15FF7
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS211439.roa
Signing time:             Wed 24 Jan 2024 16:33:10 +0000
ROA not before:           Wed 24 Jan 2024 16:28:10 +0000
ROA not after:            Wed 22 Jan 2025 16:33:10 +0000
asID:                     211439
IP address blocks:        194.113.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:4f:9d:d3:38:41:be:6b:2f:bb:12:43:3b:1d:7f:ed:58:c1:5f:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jan 24 16:28:10 2024 GMT
            Not After : Jan 22 16:33:10 2025 GMT
        Subject: CN=9B92C416D5BB03E690F99590FFD509D9D35DF5DA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:c8:39:e6:e8:61:0a:d7:45:87:4f:91:0b:6c:
                    1e:99:67:cf:38:ef:b1:f2:6f:d4:0b:6f:92:1f:7f:
                    a7:c7:ab:34:d5:4e:42:95:90:b3:b1:0b:ab:58:5c:
                    98:a6:c4:7c:0c:7a:ab:02:4b:3f:12:a8:c0:c1:4d:
                    44:61:3d:c2:04:7d:57:b1:eb:c2:33:d1:3b:57:fb:
                    4a:d9:09:d8:bd:37:73:2c:23:0b:41:92:1f:39:ad:
                    21:3a:74:e0:52:85:62:80:8c:08:e1:31:bd:e2:4a:
                    8b:a6:7d:78:78:b2:1c:96:0f:19:9c:32:a1:b4:e5:
                    0e:61:a6:ed:91:13:54:45:34:05:ea:ba:c6:bf:9b:
                    f3:f3:49:3b:2c:1b:ae:bd:49:18:68:e2:19:8c:13:
                    ec:bf:bc:02:00:a8:2c:91:85:65:d3:cc:32:c7:73:
                    ed:5b:83:b7:7c:f9:df:69:96:d4:83:d5:42:23:cc:
                    d6:a2:88:7b:68:c1:ae:92:50:04:a8:b0:b5:2a:a9:
                    3e:5c:13:b0:42:59:ea:31:b8:e4:c2:33:cd:43:cf:
                    a2:9a:97:7d:0b:91:5b:1f:eb:dc:d3:13:a2:76:c3:
                    60:b5:11:af:24:8f:c9:ac:c9:00:1e:ed:0a:9c:42:
                    35:4d:51:e7:2a:41:e1:33:17:a7:74:6f:e0:80:2e:
                    f5:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:92:C4:16:D5:BB:03:E6:90:F9:95:90:FF:D5:09:D9:D3:5D:F5:DA
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS211439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.113.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:f4:55:58:23:0a:3d:84:fc:4f:b9:fb:c7:f3:0d:a3:b2:24:
         74:3b:97:92:54:fb:9d:2d:4b:c7:98:c5:df:a9:bf:5d:06:4f:
         f8:12:d8:73:13:9f:d6:d5:23:f1:7e:2e:7a:dd:1c:86:35:3c:
         0d:e7:38:10:e4:f2:dd:26:5a:b4:51:e4:42:4b:7d:3e:da:cd:
         48:3e:2e:95:a5:e0:69:4a:b9:69:e9:13:f5:e8:84:d7:f1:5f:
         5d:80:24:98:15:f7:a7:b5:74:24:0f:40:a8:a0:39:28:e5:06:
         00:ed:0d:2b:c6:f3:d8:bb:fa:18:66:ec:94:44:02:ca:3f:d5:
         04:0e:da:d1:d5:6b:51:95:ae:b9:14:ff:11:81:82:d5:0c:21:
         4a:25:b5:2c:16:e3:94:6b:02:bf:1c:3b:88:c0:05:bf:19:0a:
         07:02:9c:e8:70:86:15:b2:03:09:58:20:63:70:e9:3c:01:a1:
         b3:87:ac:bb:d9:28:91:2f:56:70:81:c7:45:85:19:5f:ed:f6:
         96:02:78:62:06:7c:2b:1c:3d:41:a7:06:e7:9b:ed:30:12:5a:
         ef:db:77:d0:e3:2c:90:c9:cd:15:a6:0a:ec:6a:b2:38:48:63:
         f3:b1:49:f9:76:2e:3b:24:04:a0:23:5f:18:7d:24:3f:ac:8d:
         d3:fe:28:36
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUC0+d0zhBvmsvuxJDOx1/7VjBX/cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDAxMjQxNjI4MTBaFw0yNTAxMjIxNjMzMTBaMDMxMTAvBgNV
BAMTKDlCOTJDNDE2RDVCQjAzRTY5MEY5OTU5MEZGRDUwOUQ5RDM1REY1REEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeyDnm6GEK10WHT5ELbB6ZZ884
77Hyb9QLb5Iff6fHqzTVTkKVkLOxC6tYXJimxHwMeqsCSz8SqMDBTURhPcIEfVex
68Iz0TtX+0rZCdi9N3MsIwtBkh85rSE6dOBShWKAjAjhMb3iSoumfXh4shyWDxmc
MqG05Q5hpu2RE1RFNAXqusa/m/PzSTssG669SRho4hmME+y/vAIAqCyRhWXTzDLH
c+1bg7d8+d9pltSD1UIjzNaiiHtowa6SUASosLUqqT5cE7BCWeoxuOTCM81Dz6Ka
l30LkVsf69zTE6J2w2C1Ea8kj8msyQAe7QqcQjVNUecqQeEzF6d0b+CALvW5AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUm5LEFtW7A+aQ+ZWQ/9UJ2dNd9dowHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjExNDM5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnHe
MA0GCSqGSIb3DQEBCwUAA4IBAQCQ9FVYIwo9hPxPufvH8w2jsiR0O5eSVPudLUvH
mMXfqb9dBk/4EthzE5/W1SPxfi563RyGNTwN5zgQ5PLdJlq0UeRCS30+2s1IPi6V
peBpSrlp6RP16ITX8V9dgCSYFfentXQkD0CooDko5QYA7Q0rxvPYu/oYZuyURALK
P9UEDtrR1WtRla65FP8RgYLVDCFKJbUsFuOUawK/HDuIwAW/GQoHApzocIYVsgMJ
WCBjcOk8AaGzh6y72SiRL1ZwgcdFhRlf7faWAnhiBnwrHD1Bpwbnm+0wElrv23fQ
4yyQyc0VpgrsarI4SGPzsUn5di47JASgI18YfSQ/rI3T/ig2
-----END CERTIFICATE-----