Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS211748.roa
File:                     AS211748.roa (raw, json)
Hash identifier:          YoxWjmVYMI8QZTMy9/TOhrp8ZC2WpWvq55HhYehmhDM=
Subject key identifier:   C8:E7:80:BA:19:F0:13:9E:36:B6:F3:D5:25:B4:7A:BB:30:8F:7C:90
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       6DB311622461967ED1E26B52AA4121DE2F331916
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS211748.roa
Signing time:             Fri 19 Jul 2024 09:41:53 +0000
ROA not before:           Fri 19 Jul 2024 09:36:53 +0000
ROA not after:            Fri 18 Jul 2025 09:41:53 +0000
asID:                     211748
IP address blocks:        91.199.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:b3:11:62:24:61:96:7e:d1:e2:6b:52:aa:41:21:de:2f:33:19:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jul 19 09:36:53 2024 GMT
            Not After : Jul 18 09:41:53 2025 GMT
        Subject: CN=C8E780BA19F0139E36B6F3D525B47ABB308F7C90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:79:8c:2a:70:26:72:0f:26:66:e9:3d:79:75:
                    cb:b3:0a:7b:bc:e3:3a:39:f4:f7:1d:9f:e9:26:20:
                    a6:da:e5:db:51:2e:95:aa:9a:04:aa:ba:46:84:e3:
                    2b:cc:64:c3:d6:b9:75:42:e7:f5:de:b4:70:44:ce:
                    40:b9:59:68:4e:e3:3c:8b:a8:d5:01:bd:a1:c4:bc:
                    08:1d:33:3a:b3:df:ef:20:41:60:d6:55:9b:ae:4e:
                    84:50:5d:a9:93:aa:7f:4f:55:a9:16:f1:28:2e:fb:
                    4e:91:b0:72:52:9f:f1:f5:e5:53:a7:06:ce:af:c7:
                    7b:c9:33:4d:d4:30:0c:62:89:ff:a1:a7:ac:a4:e6:
                    a1:c9:09:0b:03:e2:5f:18:8f:f0:89:ad:09:6c:3d:
                    6d:e9:67:0a:8d:af:0c:38:9a:ea:9f:8a:57:74:28:
                    32:9a:f7:be:65:b9:ea:6f:ba:99:db:88:da:8b:97:
                    8e:22:61:ec:52:59:cb:6d:11:32:cd:46:3d:c6:2c:
                    fa:1b:0b:32:54:f9:a3:38:6f:e2:e0:be:ec:01:e2:
                    b8:26:35:03:76:9e:64:b0:ff:2e:5f:c9:9d:0b:80:
                    11:09:a8:1f:73:0d:02:62:10:d9:7a:86:91:9b:23:
                    4e:6f:8d:ed:ce:eb:bf:00:95:73:13:82:43:b4:e4:
                    df:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:E7:80:BA:19:F0:13:9E:36:B6:F3:D5:25:B4:7A:BB:30:8F:7C:90
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS211748.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c8:be:29:80:f1:7c:3a:8d:fd:6e:b4:6e:b9:cd:9a:03:f9:24:
         1d:5e:86:e9:d9:60:5b:ed:4a:ec:3a:da:7b:50:30:a8:cb:ea:
         1a:f1:91:50:80:f6:d1:69:71:84:16:9d:e3:61:1c:a4:5b:2b:
         60:ba:87:6f:b2:69:e1:78:75:35:2f:b3:89:fa:6a:63:32:ab:
         21:dd:40:78:a2:93:0e:04:72:d7:84:3f:de:75:66:ea:c0:00:
         c2:3e:7e:01:76:99:ac:a0:69:70:ca:3f:ff:b6:31:52:53:5f:
         95:6e:81:9f:d4:dd:79:6f:ad:54:be:5d:b4:92:e0:d5:45:9f:
         21:f5:9f:fb:7c:2f:a2:d7:f9:b7:59:7c:cb:ff:6d:a9:a7:3d:
         b7:81:17:1f:20:27:8b:5f:5a:78:4a:35:e5:2d:5c:f6:79:e2:
         0a:52:84:0c:e9:93:76:b9:77:ce:65:0f:05:e4:2f:c3:fb:b2:
         e4:39:ca:21:ed:26:7b:a2:6e:f5:69:9f:5a:df:b9:f8:41:99:
         38:1f:42:97:4f:ba:1a:b8:2c:d7:93:37:1d:3e:a5:20:10:e3:
         e8:d5:04:bb:0e:fd:2a:99:73:43:59:c5:3c:c5:b6:4b:8e:91:
         18:f7:be:82:ef:34:2e:a1:02:e5:74:15:46:07:78:14:e7:51:
         fd:a8:8a:71
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUbbMRYiRhln7R4mtSqkEh3i8zGRYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDA3MTkwOTM2NTNaFw0yNTA3MTgwOTQxNTNaMDMxMTAvBgNV
BAMTKEM4RTc4MEJBMTlGMDEzOUUzNkI2RjNENTI1QjQ3QUJCMzA4RjdDOTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCReYwqcCZyDyZm6T15dcuzCnu8
4zo59Pcdn+kmIKba5dtRLpWqmgSqukaE4yvMZMPWuXVC5/XetHBEzkC5WWhO4zyL
qNUBvaHEvAgdMzqz3+8gQWDWVZuuToRQXamTqn9PVakW8Sgu+06RsHJSn/H15VOn
Bs6vx3vJM03UMAxiif+hp6yk5qHJCQsD4l8Yj/CJrQlsPW3pZwqNrww4muqfild0
KDKa975luepvupnbiNqLl44iYexSWcttETLNRj3GLPobCzJU+aM4b+LgvuwB4rgm
NQN2nmSw/y5fyZ0LgBEJqB9zDQJiENl6hpGbI05vje3O678AlXMTgkO05N93AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUyOeAuhnwE542tvPVJbR6uzCPfJAwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjExNzQ4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8em
MA0GCSqGSIb3DQEBCwUAA4IBAQDIvimA8Xw6jf1utG65zZoD+SQdXobp2WBb7Urs
Otp7UDCoy+oa8ZFQgPbRaXGEFp3jYRykWytguodvsmnheHU1L7OJ+mpjMqsh3UB4
opMOBHLXhD/edWbqwADCPn4BdpmsoGlwyj//tjFSU1+VboGf1N15b61Uvl20kuDV
RZ8h9Z/7fC+i1/m3WXzL/22ppz23gRcfICeLX1p4SjXlLVz2eeIKUoQM6ZN2uXfO
ZQ8F5C/D+7LkOcoh7SZ7om71aZ9a37n4QZk4H0KXT7oauCzXkzcdPqUgEOPo1QS7
Dv0qmXNDWcU8xbZLjpEY976C7zQuoQLldBVGB3gU51H9qIpx
-----END CERTIFICATE-----