Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS211826.roa
File:                     AS211826.roa (raw, json)
Hash identifier:          X1rEOqdBGGbLcjwJzfCD/4p2VC5fxQ0l16latGwBlo4=
Subject key identifier:   7D:0D:43:D7:71:9A:45:06:73:50:4C:B4:9E:D2:C1:25:A3:4D:BE:1B
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       59731D195E9C9E4A6158A043775F8FE637510DD2
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS211826.roa
Signing time:             Mon 29 Jan 2024 21:45:04 +0000
ROA not before:           Mon 29 Jan 2024 21:40:04 +0000
ROA not after:            Mon 27 Jan 2025 21:45:04 +0000
asID:                     211826
IP address blocks:        45.153.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:73:1d:19:5e:9c:9e:4a:61:58:a0:43:77:5f:8f:e6:37:51:0d:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jan 29 21:40:04 2024 GMT
            Not After : Jan 27 21:45:04 2025 GMT
        Subject: CN=7D0D43D7719A450673504CB49ED2C125A34DBE1B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:94:03:82:18:e3:ce:7c:9a:17:58:d7:47:86:
                    be:81:32:1a:ae:d2:0d:17:5c:06:1c:df:92:e8:b4:
                    ab:0a:14:85:e7:21:21:3f:02:84:92:b0:1a:ef:7a:
                    94:ac:50:c7:ba:5b:1a:26:62:c7:cd:f4:8c:55:8c:
                    c3:7f:c7:3b:2c:40:ac:b5:0f:cb:89:c1:6f:bb:54:
                    b5:d1:2f:56:95:c1:86:00:3b:16:a8:7d:0c:02:2f:
                    2a:ed:d2:b4:16:cf:02:de:cd:a2:bc:8c:8e:23:5b:
                    12:e8:b1:e0:fd:a4:67:90:3d:e1:6a:bf:9a:84:02:
                    2b:d3:6f:bb:45:03:f3:bd:67:fa:71:67:59:4f:a8:
                    5c:43:96:58:a0:37:5c:eb:13:6c:ed:43:33:ee:87:
                    22:73:ef:b6:1b:6d:78:30:cd:ea:dd:4d:6a:32:0a:
                    38:3e:f8:06:93:2d:14:9e:6c:07:a1:c9:7e:5a:18:
                    91:14:b7:01:4b:d5:03:8d:16:fc:f9:27:a7:7f:e1:
                    05:5f:74:11:be:2a:53:0e:df:38:f6:26:36:93:3b:
                    2a:dc:08:3f:56:10:c1:8a:7e:e2:6d:40:a5:b1:d9:
                    06:85:13:3e:33:0c:a6:4b:21:c1:14:ee:b5:71:5c:
                    1a:8c:81:1f:bc:42:97:f7:fb:e3:b6:37:50:9e:e2:
                    30:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:0D:43:D7:71:9A:45:06:73:50:4C:B4:9E:D2:C1:25:A3:4D:BE:1B
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS211826.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:52:c5:f8:38:ca:8f:dd:0f:f6:79:26:86:03:80:a5:73:e8:
         1c:7e:aa:a9:06:8d:5a:91:de:2f:d8:63:8b:96:26:8c:66:08:
         23:86:21:46:e5:12:d4:67:ce:1e:5d:a1:fe:13:88:3b:ca:67:
         69:50:15:59:c8:5e:30:5f:52:8b:17:b1:93:5d:16:8e:cf:5c:
         4a:b3:59:27:b5:59:ef:ab:7f:16:85:1c:7d:42:f3:42:44:c8:
         ea:c6:b0:ae:7f:0e:d5:a9:b8:01:61:46:cd:cd:e2:fc:fc:92:
         67:db:b0:12:b1:a7:04:dc:44:c2:bb:6e:66:97:df:58:ac:90:
         76:eb:e1:19:c4:bf:62:38:47:8a:e1:42:ae:35:d9:cf:15:16:
         d5:58:db:0e:8e:85:38:db:b6:11:54:ae:9d:06:69:c5:77:e3:
         09:7c:64:c6:da:a7:5e:1b:d9:e2:d1:4e:85:5d:4f:ff:41:b1:
         b7:51:0f:87:ce:4c:cd:a7:58:bb:25:7a:db:a5:5e:56:6b:59:
         93:f3:65:30:ff:06:ea:02:ec:06:c8:d0:5b:47:b6:3f:fd:8b:
         ec:8b:99:28:e5:a4:0a:58:e6:f0:7f:8a:46:21:aa:a3:c5:45:
         ff:82:8d:eb:1c:78:9e:dd:85:8e:09:ca:21:3a:23:e1:a5:f7:
         d6:dd:e5:9f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUWXMdGV6cnkphWKBDd1+P5jdRDdIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDAxMjkyMTQwMDRaFw0yNTAxMjcyMTQ1MDRaMDMxMTAvBgNV
BAMTKDdEMEQ0M0Q3NzE5QTQ1MDY3MzUwNENCNDlFRDJDMTI1QTM0REJFMUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYlAOCGOPOfJoXWNdHhr6BMhqu
0g0XXAYc35LotKsKFIXnISE/AoSSsBrvepSsUMe6WxomYsfN9IxVjMN/xzssQKy1
D8uJwW+7VLXRL1aVwYYAOxaofQwCLyrt0rQWzwLezaK8jI4jWxLoseD9pGeQPeFq
v5qEAivTb7tFA/O9Z/pxZ1lPqFxDlligN1zrE2ztQzPuhyJz77YbbXgwzerdTWoy
Cjg++AaTLRSebAehyX5aGJEUtwFL1QONFvz5J6d/4QVfdBG+KlMO3zj2JjaTOyrc
CD9WEMGKfuJtQKWx2QaFEz4zDKZLIcEU7rVxXBqMgR+8Qpf3++O2N1Ce4jCjAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUfQ1D13GaRQZzUEy0ntLBJaNNvhswHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjExODI2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZkE
MA0GCSqGSIb3DQEBCwUAA4IBAQByUsX4OMqP3Q/2eSaGA4Clc+gcfqqpBo1akd4v
2GOLliaMZggjhiFG5RLUZ84eXaH+E4g7ymdpUBVZyF4wX1KLF7GTXRaOz1xKs1kn
tVnvq38WhRx9QvNCRMjqxrCufw7VqbgBYUbNzeL8/JJn27ASsacE3ETCu25ml99Y
rJB26+EZxL9iOEeK4UKuNdnPFRbVWNsOjoU427YRVK6dBmnFd+MJfGTG2qdeG9ni
0U6FXU//QbG3UQ+HzkzNp1i7JXrbpV5Wa1mT82Uw/wbqAuwGyNBbR7Y//Yvsi5ko
5aQKWObwf4pGIaqjxUX/go3rHHie3YWOCcohOiPhpffW3eWf
-----END CERTIFICATE-----