Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS211439.roa
File:                     AS211439.roa (raw, json)
Hash identifier:          yZv32khIxAqM9YBzn8s5+tYpDcDLGdvbD2j0N3aUgE8=
Subject key identifier:   DC:16:77:7A:1B:34:5B:D3:5E:31:D2:7F:11:52:3C:6A:1F:2F:08:82
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       16B0872D57A46333673E32AD6C7906D69D1A13E6
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS211439.roa
Signing time:             Wed 25 Dec 2024 16:53:48 +0000
ROA not before:           Wed 25 Dec 2024 16:48:48 +0000
ROA not after:            Wed 24 Dec 2025 16:53:48 +0000
asID:                     211439
IP address blocks:        194.113.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:49:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:b0:87:2d:57:a4:63:33:67:3e:32:ad:6c:79:06:d6:9d:1a:13:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Dec 25 16:48:48 2024 GMT
            Not After : Dec 24 16:53:48 2025 GMT
        Subject: CN=DC16777A1B345BD35E31D27F11523C6A1F2F0882
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ab:ef:82:f4:c8:90:80:03:f4:98:77:cf:b1:
                    58:fe:5e:9d:95:6e:ee:26:fd:f6:f1:b7:4a:d3:52:
                    26:ac:02:fe:da:fe:b5:ae:3e:07:18:9b:cd:1d:62:
                    13:d6:c3:f7:03:00:f9:59:56:cc:d5:fc:b5:bf:7b:
                    f6:0b:0b:83:8b:fd:a0:14:d4:08:33:ac:cc:76:e2:
                    66:11:80:8d:23:50:a1:38:1e:05:b6:dc:e8:95:1e:
                    fc:2e:0c:df:db:f1:c4:69:8b:ca:d8:a7:f2:a1:69:
                    5a:20:a0:79:2b:d2:00:01:0f:bd:f1:35:da:3f:59:
                    a2:cb:59:65:28:ef:eb:78:90:cc:28:aa:be:b9:1f:
                    28:e3:34:b7:db:82:cf:49:38:e1:0c:90:91:1d:d2:
                    14:df:83:d3:25:8c:c5:fb:61:ff:f6:2a:06:8d:67:
                    23:14:3a:fd:56:99:a4:77:74:50:52:6a:8c:09:3e:
                    c3:d1:7c:cf:c3:e2:68:d9:0e:00:b6:11:5b:82:5b:
                    21:95:07:e7:20:cf:5d:49:5b:97:fc:10:32:8f:f5:
                    a6:ec:de:2e:26:1d:81:d1:01:32:43:9a:d3:48:46:
                    d8:db:5b:62:8c:e0:79:63:63:5c:21:41:f9:63:08:
                    2e:16:7a:ac:4b:72:39:c3:39:e9:59:ee:cb:62:3c:
                    f5:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:16:77:7A:1B:34:5B:D3:5E:31:D2:7F:11:52:3C:6A:1F:2F:08:82
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS211439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.113.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:14:19:50:0e:fd:fd:6d:c4:12:e1:52:cf:a0:c0:a8:8f:33:
         12:19:fe:16:5f:60:4a:70:dc:a9:20:5d:17:27:b5:e1:5b:c9:
         23:73:8c:bb:9f:31:01:f5:c1:08:18:34:a5:8c:0e:05:e7:83:
         c2:70:43:70:5b:1b:9d:22:b7:f1:e3:0d:7d:af:c3:c0:4b:74:
         9e:96:cd:04:14:bc:ee:8e:8c:66:39:c6:91:e1:21:a7:77:d8:
         b1:e6:14:43:67:65:c6:d3:86:05:5a:79:3a:28:2a:38:f4:a8:
         6c:61:93:0a:b3:62:6e:0e:ec:1b:7f:4a:df:92:61:c9:bf:08:
         96:11:8b:29:c3:88:05:97:0f:b5:d1:63:42:a4:60:05:63:2d:
         97:6f:10:75:c0:aa:e9:35:08:a8:c7:36:10:9f:5b:32:a8:5f:
         c1:4e:b5:d0:54:46:cf:33:99:63:fc:43:e3:23:a2:ae:f8:9f:
         1f:63:54:de:79:29:0a:fd:83:25:28:56:d9:fa:26:ae:59:f8:
         f7:99:9b:b5:5a:87:59:c5:b4:d5:88:75:80:1e:6d:51:85:cc:
         12:87:06:d9:76:c6:80:c0:45:ec:5e:92:a8:61:a2:ee:96:f8:
         70:35:40:7d:66:4b:3e:85:52:0e:49:2e:d5:33:75:41:65:72:
         13:f2:17:c9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUFrCHLVekYzNnPjKtbHkG1p0aE+YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDEyMjUxNjQ4NDhaFw0yNTEyMjQxNjUzNDhaMDMxMTAvBgNV
BAMTKERDMTY3NzdBMUIzNDVCRDM1RTMxRDI3RjExNTIzQzZBMUYyRjA4ODIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIq++C9MiQgAP0mHfPsVj+Xp2V
bu4m/fbxt0rTUiasAv7a/rWuPgcYm80dYhPWw/cDAPlZVszV/LW/e/YLC4OL/aAU
1AgzrMx24mYRgI0jUKE4HgW23OiVHvwuDN/b8cRpi8rYp/KhaVogoHkr0gABD73x
Ndo/WaLLWWUo7+t4kMwoqr65HyjjNLfbgs9JOOEMkJEd0hTfg9MljMX7Yf/2KgaN
ZyMUOv1WmaR3dFBSaowJPsPRfM/D4mjZDgC2EVuCWyGVB+cgz11JW5f8EDKP9abs
3i4mHYHRATJDmtNIRtjbW2KM4HljY1whQfljCC4WeqxLcjnDOelZ7stiPPUNAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU3BZ3ehs0W9NeMdJ/EVI8ah8vCIIwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjExNDM5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnHe
MA0GCSqGSIb3DQEBCwUAA4IBAQAiFBlQDv39bcQS4VLPoMCojzMSGf4WX2BKcNyp
IF0XJ7XhW8kjc4y7nzEB9cEIGDSljA4F54PCcENwWxudIrfx4w19r8PAS3Sels0E
FLzujoxmOcaR4SGnd9ix5hRDZ2XG04YFWnk6KCo49KhsYZMKs2JuDuwbf0rfkmHJ
vwiWEYspw4gFlw+10WNCpGAFYy2XbxB1wKrpNQioxzYQn1syqF/BTrXQVEbPM5lj
/EPjI6Ku+J8fY1TeeSkK/YMlKFbZ+iauWfj3mZu1WodZxbTViHWAHm1RhcwShwbZ
dsaAwEXsXpKoYaLulvhwNUB9Zks+hVIOSS7VM3VBZXIT8hfJ
-----END CERTIFICATE-----