Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS211895.roa
File:                     AS211895.roa (raw, json)
Hash identifier:          DMjqmGz8BX3MVloELqKFR9ZTufjZvm2gdbSZNAXlr2M=
Subject key identifier:   C9:63:26:5F:6B:8D:12:BC:74:CA:62:AF:16:28:D1:4A:14:83:BB:EF
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       1CD9B1ABA4C8E96AB8BC6E538C4CC45F30322429
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS211895.roa
Signing time:             Thu 31 Oct 2024 13:43:27 +0000
ROA not before:           Thu 31 Oct 2024 13:38:27 +0000
ROA not after:            Thu 30 Oct 2025 13:43:27 +0000
asID:                     211895
IP address blocks:        91.198.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:d9:b1:ab:a4:c8:e9:6a:b8:bc:6e:53:8c:4c:c4:5f:30:32:24:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Oct 31 13:38:27 2024 GMT
            Not After : Oct 30 13:43:27 2025 GMT
        Subject: CN=C963265F6B8D12BC74CA62AF1628D14A1483BBEF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:7d:4c:87:af:00:4e:05:35:ad:20:30:a6:ed:
                    e8:a6:ed:4f:c5:66:19:e8:5d:e5:19:1f:78:1b:f4:
                    b9:55:93:09:76:c1:63:c4:74:2e:b5:07:d6:7d:a6:
                    75:50:a8:c7:3a:4f:92:73:4f:8b:af:e3:61:09:d2:
                    6c:f8:9e:60:40:bf:18:55:b2:0f:61:a3:f7:97:62:
                    9e:01:9e:16:c5:54:8a:fa:8b:86:19:d8:d2:38:80:
                    e7:23:29:6b:a1:1d:5f:84:b7:d8:aa:67:7a:64:25:
                    35:9a:ec:b3:c4:05:9d:31:f4:88:8a:cc:61:a0:53:
                    b2:02:65:a9:b7:8e:00:de:ac:86:87:a3:f1:4b:62:
                    0e:5b:4c:61:c7:9d:cb:43:3f:6a:56:fb:fc:cf:33:
                    c0:8e:c8:a9:dd:51:26:a0:73:72:ec:92:0d:59:be:
                    1e:cc:6d:54:6d:b2:9b:c1:41:f5:53:3f:11:ad:99:
                    29:42:a6:c8:8a:bf:cc:03:9d:36:a8:fe:d7:d7:06:
                    9c:30:b6:fa:e2:05:63:2a:24:ee:5e:d8:ba:e0:12:
                    7d:a0:49:ce:04:9d:a1:7b:c5:42:de:12:88:2d:70:
                    0f:00:42:d4:39:90:b4:d8:81:69:eb:75:68:19:18:
                    01:5f:fa:7d:53:c8:42:79:d8:8e:b3:22:ff:19:1b:
                    f1:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:63:26:5F:6B:8D:12:BC:74:CA:62:AF:16:28:D1:4A:14:83:BB:EF
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS211895.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:0d:4a:a6:52:af:0e:ea:2b:7e:e6:cc:61:12:ac:1b:4c:1d:
         14:c8:41:71:03:d6:51:b1:3b:11:b0:35:72:5d:9a:ba:76:5f:
         9a:38:d8:f3:f4:10:5a:07:ef:74:d0:0d:54:cc:c3:4f:4a:83:
         91:10:d7:ff:7c:b7:37:d3:d1:cd:06:1a:a8:1a:2c:f7:8a:b0:
         3d:b6:ef:e9:92:a8:a7:f2:a7:b8:30:0e:9a:2d:0b:d3:3f:56:
         4b:de:dc:62:c7:72:0b:9b:41:fe:35:0f:95:32:91:f0:ab:9f:
         72:3c:99:c9:e8:c5:a5:b8:20:7e:d9:ee:58:9d:c1:b0:34:dc:
         1b:33:72:24:ac:09:05:f8:dc:ea:80:06:8d:db:e1:43:9f:b2:
         80:88:8c:28:61:e5:57:45:bd:ee:dc:e1:67:c5:b5:c5:62:93:
         51:34:2f:7f:ad:d0:7e:ab:cc:d3:81:65:7f:c9:db:1c:21:b6:
         08:db:c7:f8:d6:9c:9e:17:5c:6a:27:ce:d7:c1:5d:f7:68:76:
         9f:5d:22:c6:15:73:14:9a:d4:56:19:2a:36:37:a9:fe:a9:73:
         3f:61:fc:60:2a:e0:23:56:fb:8b:5a:24:08:70:ee:47:23:1e:
         a0:fe:e1:79:86:1a:31:9e:cd:18:53:37:74:89:8b:82:ec:5c:
         51:17:da:8a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUHNmxq6TI6Wq4vG5TjEzEXzAyJCkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDEwMzExMzM4MjdaFw0yNTEwMzAxMzQzMjdaMDMxMTAvBgNV
BAMTKEM5NjMyNjVGNkI4RDEyQkM3NENBNjJBRjE2MjhEMTRBMTQ4M0JCRUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8fUyHrwBOBTWtIDCm7eim7U/F
ZhnoXeUZH3gb9LlVkwl2wWPEdC61B9Z9pnVQqMc6T5JzT4uv42EJ0mz4nmBAvxhV
sg9ho/eXYp4BnhbFVIr6i4YZ2NI4gOcjKWuhHV+Et9iqZ3pkJTWa7LPEBZ0x9IiK
zGGgU7ICZam3jgDerIaHo/FLYg5bTGHHnctDP2pW+/zPM8COyKndUSagc3Lskg1Z
vh7MbVRtspvBQfVTPxGtmSlCpsiKv8wDnTao/tfXBpwwtvriBWMqJO5e2LrgEn2g
Sc4EnaF7xULeEogtcA8AQtQ5kLTYgWnrdWgZGAFf+n1TyEJ52I6zIv8ZG/HpAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUyWMmX2uNErx0ymKvFijRShSDu+8wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjExODk1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8ZN
MA0GCSqGSIb3DQEBCwUAA4IBAQAIDUqmUq8O6it+5sxhEqwbTB0UyEFxA9ZRsTsR
sDVyXZq6dl+aONjz9BBaB+900A1UzMNPSoORENf/fLc309HNBhqoGiz3irA9tu/p
kqin8qe4MA6aLQvTP1ZL3txix3ILm0H+NQ+VMpHwq59yPJnJ6MWluCB+2e5YncGw
NNwbM3IkrAkF+NzqgAaN2+FDn7KAiIwoYeVXRb3u3OFnxbXFYpNRNC9/rdB+q8zT
gWV/ydscIbYI28f41pyeF1xqJ87XwV33aHafXSLGFXMUmtRWGSo2N6n+qXM/Yfxg
KuAjVvuLWiQIcO5HIx6g/uF5hhoxns0YUzd0iYuC7FxRF9qK
-----END CERTIFICATE-----