Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS211008.roa
File:                     AS211008.roa (raw, json)
Hash identifier:          funy0yGuavQpyTWW+yMp3T9g4uOeJ32KOV0XEIipTAI=
Subject key identifier:   D5:84:1D:6C:40:B0:6C:82:1F:8B:62:88:A7:44:4C:FA:37:44:DE:5F
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       61AE8BEE3CC75CE3932FFBBCD7FA1587FF4BE9CE
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS211008.roa
Signing time:             Thu 22 May 2025 03:40:55 +0000
ROA not before:           Thu 22 May 2025 03:35:55 +0000
ROA not after:            Thu 21 May 2026 03:40:55 +0000
asID:                     211008
IP address blocks:        2a0f:85c1:c41::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Jun 2025 23:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:ae:8b:ee:3c:c7:5c:e3:93:2f:fb:bc:d7:fa:15:87:ff:4b:e9:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: May 22 03:35:55 2025 GMT
            Not After : May 21 03:40:55 2026 GMT
        Subject: CN=D5841D6C40B06C821F8B6288A7444CFA3744DE5F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:49:1d:af:69:b4:14:1e:19:1b:6b:f0:47:a8:
                    03:61:02:e8:fa:1d:28:99:f9:4d:29:00:3b:e0:10:
                    4b:cf:04:aa:aa:37:0d:07:c9:3e:44:a1:35:84:6f:
                    44:fd:b7:2b:5b:e1:7c:eb:c1:15:57:7d:63:8f:80:
                    53:da:27:64:de:a9:35:26:99:3d:ba:24:fb:b6:f4:
                    c4:b0:04:50:92:e6:d5:5a:13:a7:4d:15:96:26:cb:
                    06:6a:d2:67:56:d0:ab:52:67:83:2c:b7:bd:b7:51:
                    20:65:53:12:a1:7d:f6:32:89:47:45:89:97:c2:5c:
                    65:db:07:4a:8a:b7:84:8a:f3:f8:c3:97:0a:0a:a4:
                    58:a5:f6:0a:8d:4f:35:65:8a:a7:48:f9:e2:5d:ff:
                    fb:fb:43:1b:a8:25:d5:ba:46:71:3c:ee:da:45:eb:
                    15:dc:e3:63:54:7a:70:8c:79:e0:6f:d8:72:18:60:
                    c2:96:f6:05:97:b7:b6:05:9c:5d:de:9b:f8:3c:4d:
                    be:a5:49:ed:d8:71:f9:ac:ed:c0:88:b7:91:ad:d6:
                    5a:f5:1b:0f:2e:32:68:12:70:68:2f:5a:45:45:b8:
                    d8:c8:90:43:63:64:a5:1f:65:cd:4f:e4:b5:96:6c:
                    f8:2c:40:fd:5a:3c:55:82:8b:85:c9:1e:44:60:ab:
                    72:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:84:1D:6C:40:B0:6C:82:1F:8B:62:88:A7:44:4C:FA:37:44:DE:5F
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS211008.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:c41::/48

    Signature Algorithm: sha256WithRSAEncryption
         bc:cf:8c:dc:29:33:e9:5a:51:e4:03:04:4a:2b:33:84:cc:d0:
         40:c7:6d:ed:f8:3a:0a:f1:90:77:9a:8f:59:ca:ae:0b:7e:c2:
         97:0a:4a:d2:b7:e5:dc:db:4c:3f:f5:c0:fc:88:b2:91:a1:fa:
         46:66:04:d8:6b:cd:e7:1d:6e:89:fb:60:ec:b7:6a:84:2c:bc:
         22:f4:5f:52:5e:f4:94:39:b6:db:8e:7f:a6:a4:1a:9b:80:bb:
         75:60:6d:e7:93:d3:0c:cf:1c:a7:0e:62:69:52:09:5d:a9:c4:
         64:d5:1a:07:b2:0e:05:c3:f1:f7:b9:40:b1:4b:ff:38:0b:5a:
         8f:2f:dc:5b:ea:b0:79:cb:1b:a4:57:d0:59:0a:3e:2f:1c:6c:
         cb:5e:9e:78:a8:d0:b3:7b:62:72:38:b2:6e:03:2a:ee:10:55:
         37:6c:fb:e2:6f:57:3f:ec:ce:fa:43:7e:df:d3:18:a6:15:8e:
         cc:bd:52:8a:f3:0e:37:b6:d9:e6:ab:d3:8a:38:39:4f:97:fd:
         d2:2f:40:4f:e6:f3:96:eb:02:ed:e8:9b:af:c8:6f:19:a7:ba:
         64:11:20:2c:6f:8d:96:6d:6c:79:a9:22:24:54:a3:a9:dd:a1:
         0a:38:d9:f0:b2:ed:aa:c6:4b:b9:0b:e8:3d:85:96:f5:a2:a3:
         71:9a:94:4a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUYa6L7jzHXOOTL/u81/oVh/9L6c4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA1MjIwMzM1NTVaFw0yNjA1MjEwMzQwNTVaMDMxMTAvBgNV
BAMTKEQ1ODQxRDZDNDBCMDZDODIxRjhCNjI4OEE3NDQ0Q0ZBMzc0NERFNUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGSR2vabQUHhkba/BHqANhAuj6
HSiZ+U0pADvgEEvPBKqqNw0HyT5EoTWEb0T9tytb4XzrwRVXfWOPgFPaJ2TeqTUm
mT26JPu29MSwBFCS5tVaE6dNFZYmywZq0mdW0KtSZ4Mst723USBlUxKhffYyiUdF
iZfCXGXbB0qKt4SK8/jDlwoKpFil9gqNTzVliqdI+eJd//v7QxuoJdW6RnE87tpF
6xXc42NUenCMeeBv2HIYYMKW9gWXt7YFnF3em/g8Tb6lSe3Ycfms7cCIt5Gt1lr1
Gw8uMmgScGgvWkVFuNjIkENjZKUfZc1P5LWWbPgsQP1aPFWCi4XJHkRgq3JFAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU1YQdbECwbIIfi2KIp0RM+jdE3l8wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjExMDA4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQxBMA0GCSqGSIb3DQEBCwUAA4IBAQC8z4zcKTPpWlHkAwRKKzOEzNBAx23t+DoK
8ZB3mo9Zyq4LfsKXCkrSt+Xc20w/9cD8iLKRofpGZgTYa83nHW6J+2Dst2qELLwi
9F9SXvSUObbbjn+mpBqbgLt1YG3nk9MMzxynDmJpUgldqcRk1RoHsg4Fw/H3uUCx
S/84C1qPL9xb6rB5yxukV9BZCj4vHGzLXp54qNCze2JyOLJuAyruEFU3bPvib1c/
7M76Q37f0ximFY7MvVKK8w43ttnmq9OKODlPl/3SL0BP5vOW6wLt6JuvyG8Zp7pk
ESAsb42WbWx5qSIkVKOp3aEKONnwsu2qxku5C+g9hZb1oqNxmpRK
-----END CERTIFICATE-----