Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS212335.roa
File:                     AS212335.roa (raw, json)
Hash identifier:          QU+0UJaq6TK9gy8GrIh+SfASIe5+xOCx+rG9WaNMqjs=
Subject key identifier:   F1:AD:EA:62:1E:EC:63:E6:3B:60:E9:6A:FD:38:E2:E8:92:A7:60:84
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       75E38278AB665D29C620318D457FE5A2BF1C07B5
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS212335.roa
Signing time:             Wed 31 Jan 2024 12:38:39 +0000
ROA not before:           Wed 31 Jan 2024 12:33:39 +0000
ROA not after:            Wed 29 Jan 2025 12:38:39 +0000
asID:                     212335
IP address blocks:        45.142.238.0/23 maxlen: 24
                          45.149.102.0/24 maxlen: 24
                          193.176.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 13:30:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:e3:82:78:ab:66:5d:29:c6:20:31:8d:45:7f:e5:a2:bf:1c:07:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jan 31 12:33:39 2024 GMT
            Not After : Jan 29 12:38:39 2025 GMT
        Subject: CN=F1ADEA621EEC63E63B60E96AFD38E2E892A76084
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ef:85:8c:1d:d8:16:af:6e:af:af:c7:87:4b:
                    f1:93:91:28:90:c0:49:83:7c:94:4f:6a:8a:30:f1:
                    f7:f2:1f:90:b6:83:2e:f6:b0:b9:75:00:26:58:db:
                    5e:b1:1c:d9:f3:de:3b:37:e2:6c:f4:fa:28:ae:b6:
                    b7:e7:b5:c3:29:26:e0:ce:07:01:c9:59:03:30:d5:
                    66:ba:0e:77:89:5d:bb:5f:9c:58:4a:23:24:07:bd:
                    2f:8d:80:a9:ad:b6:a8:f2:48:e5:2b:84:d1:29:e9:
                    13:67:3f:c8:95:9f:9e:c8:6b:d6:27:82:7a:d0:70:
                    66:c4:60:b4:d5:5e:57:b9:e3:91:45:bd:19:3a:cb:
                    0f:81:ff:70:70:c4:7c:17:6b:73:70:c0:f7:10:07:
                    c0:96:f3:2c:9d:3f:90:b2:5a:59:a8:5c:d8:e7:05:
                    83:33:08:ad:dd:75:be:70:c2:d0:c5:ad:70:b3:97:
                    10:8e:2b:a7:92:00:fd:d4:91:5a:76:be:ea:e1:76:
                    f4:7b:82:f5:42:e2:fb:42:be:15:0d:7b:5e:07:68:
                    f8:77:89:33:61:72:86:9a:90:5f:be:4e:c8:44:34:
                    6a:1d:53:b6:66:80:24:4c:6b:95:fb:ad:bf:85:36:
                    43:33:e6:b1:44:b1:16:20:77:09:0e:30:0d:22:e4:
                    d6:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:AD:EA:62:1E:EC:63:E6:3B:60:E9:6A:FD:38:E2:E8:92:A7:60:84
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS212335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.238.0/23
                  45.149.102.0/24
                  193.176.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:55:f6:db:fe:49:4d:08:d4:b4:0f:43:cb:d2:5d:b1:d6:2a:
         6f:9f:e4:a2:86:a0:9e:b1:5d:36:82:d2:48:be:d4:aa:19:4f:
         a8:22:8e:c1:30:1f:e1:64:c0:81:78:f7:40:73:f7:c4:73:87:
         67:58:d2:f6:28:f5:04:dd:90:f0:b1:49:44:85:3d:fd:5c:73:
         c7:c0:28:bb:1e:b5:ec:1a:b0:cc:88:ec:7a:76:bf:e4:b1:7d:
         1c:41:5c:21:fe:59:c5:f8:41:de:ce:04:ef:5f:79:6e:03:ac:
         e1:7e:8c:c3:68:49:38:65:d1:db:27:3c:75:4a:d2:a0:05:fa:
         50:39:1c:92:54:6c:18:20:79:d3:c9:10:d8:20:c1:a3:44:4b:
         ea:33:e5:f5:0a:cb:74:b9:e0:35:5d:73:6a:6c:9c:03:e8:8a:
         08:f3:19:15:e9:ff:04:81:68:a7:5a:f0:6c:d2:34:6d:de:f7:
         69:e8:78:cc:91:9f:82:5f:d9:ee:93:1a:71:44:ab:36:1a:3d:
         29:9f:e6:1e:1a:b4:ae:30:2b:f6:7a:64:a7:b9:3e:ee:ca:ab:
         91:80:e8:95:79:54:b5:54:55:ae:b7:33:ec:04:12:7c:c4:69:
         88:85:28:42:5a:79:1c:05:9d:70:f2:4d:32:88:82:e9:5d:71:
         e3:cd:cd:16
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUdeOCeKtmXSnGIDGNRX/lor8cB7UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDAxMzExMjMzMzlaFw0yNTAxMjkxMjM4MzlaMDMxMTAvBgNV
BAMTKEYxQURFQTYyMUVFQzYzRTYzQjYwRTk2QUZEMzhFMkU4OTJBNzYwODQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD74WMHdgWr26vr8eHS/GTkSiQ
wEmDfJRPaoow8ffyH5C2gy72sLl1ACZY216xHNnz3js34mz0+iiutrfntcMpJuDO
BwHJWQMw1Wa6DneJXbtfnFhKIyQHvS+NgKmttqjySOUrhNEp6RNnP8iVn57Ia9Yn
gnrQcGbEYLTVXle545FFvRk6yw+B/3BwxHwXa3NwwPcQB8CW8yydP5CyWlmoXNjn
BYMzCK3ddb5wwtDFrXCzlxCOK6eSAP3UkVp2vurhdvR7gvVC4vtCvhUNe14HaPh3
iTNhcoaakF++TshENGodU7ZmgCRMa5X7rb+FNkMz5rFEsRYgdwkOMA0i5NYVAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQU8a3qYh7sY+Y7YOlq/Tji6JKnYIQwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjEyMzM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBLY7u
AwQALZVmAwQAwbCAMA0GCSqGSIb3DQEBCwUAA4IBAQAKVfbb/klNCNS0D0PL0l2x
1ipvn+SihqCesV02gtJIvtSqGU+oIo7BMB/hZMCBePdAc/fEc4dnWNL2KPUE3ZDw
sUlEhT39XHPHwCi7HrXsGrDMiOx6dr/ksX0cQVwh/lnF+EHezgTvX3luA6zhfozD
aEk4ZdHbJzx1StKgBfpQORySVGwYIHnTyRDYIMGjREvqM+X1Cst0ueA1XXNqbJwD
6IoI8xkV6f8EgWinWvBs0jRt3vdp6HjMkZ+CX9nukxpxRKs2Gj0pn+YeGrSuMCv2
emSnuT7uyquRgOiVeVS1VFWutzPsBBJ8xGmIhShCWnkcBZ1w8k0yiILpXXHjzc0W
-----END CERTIFICATE-----