Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS211411.roa
File:                     AS211411.roa (raw, json)
Hash identifier:          4/JYiyNf2OEon1QNW/VnBCYBss++k7bYeGxJuAVzCjY=
Subject key identifier:   2B:B3:1A:4C:90:89:0C:A9:37:0B:B1:E5:A3:85:5E:B3:9D:FF:45:0E
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       3DE1FA51BBC7C70871D235CAE401062E77A81638
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS211411.roa
Signing time:             Sat 24 May 2025 12:14:23 +0000
ROA not before:           Sat 24 May 2025 12:09:23 +0000
ROA not after:            Sat 23 May 2026 12:14:23 +0000
asID:                     211411
IP address blocks:        2a0f:85c1:c47::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Jun 2025 08:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:e1:fa:51:bb:c7:c7:08:71:d2:35:ca:e4:01:06:2e:77:a8:16:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: May 24 12:09:23 2025 GMT
            Not After : May 23 12:14:23 2026 GMT
        Subject: CN=2BB31A4C90890CA9370BB1E5A3855EB39DFF450E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:07:91:f2:64:66:c0:23:5b:4b:0e:15:ad:96:
                    d4:2a:f4:02:a0:46:1d:d7:e8:7e:30:5a:0e:91:69:
                    9d:78:32:df:2b:d6:85:ec:02:e6:97:59:01:8c:62:
                    fa:1e:0c:c8:73:28:d1:cb:c3:04:a3:13:d3:a4:81:
                    ed:4d:87:90:91:67:3c:59:10:31:df:59:26:0e:c4:
                    38:43:43:85:6d:f2:17:12:06:b4:0b:4f:50:b7:dd:
                    c5:68:45:68:01:4b:77:ac:6b:46:d7:2e:9c:c4:79:
                    ca:b1:7c:3a:bd:e1:32:06:c0:2b:a8:fc:a0:c1:dc:
                    8a:a1:de:28:ef:ee:57:f2:ab:8a:25:da:2d:10:b0:
                    b8:8c:6d:ea:30:ab:d0:b9:76:45:6d:4f:5e:52:97:
                    f2:14:fd:36:a0:b2:b7:3e:48:2f:be:b8:d1:8d:0a:
                    78:c4:73:1c:80:9d:87:de:ca:d0:2c:c6:4f:8d:d6:
                    a3:d9:a1:66:5b:8c:b5:dc:b7:38:96:96:2f:8d:19:
                    b4:80:ce:bd:14:2e:b4:b9:77:1e:aa:bf:4b:56:8c:
                    08:9b:46:2f:b0:c9:46:d5:f1:69:67:af:83:c5:40:
                    80:de:fb:f4:ae:31:15:99:6a:8b:d5:68:cc:31:36:
                    2f:3f:ab:3e:c5:75:1c:ba:a9:4c:fa:22:49:57:7a:
                    60:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:B3:1A:4C:90:89:0C:A9:37:0B:B1:E5:A3:85:5E:B3:9D:FF:45:0E
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS211411.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:c47::/48

    Signature Algorithm: sha256WithRSAEncryption
         ba:f0:78:4b:32:ac:44:1d:f5:3d:55:6f:1f:33:6b:a0:a1:42:
         8a:2f:c7:c9:bd:ba:bb:03:33:c6:25:44:2d:25:f5:c0:8c:d7:
         ed:08:21:c4:8a:17:4e:d2:0f:74:8d:f0:ab:e6:47:75:f8:50:
         6f:3a:ed:16:86:b5:e2:28:4c:3a:59:af:dc:79:8f:3b:b0:64:
         ee:df:8c:3a:26:88:19:3f:c1:de:8f:51:dc:6f:cb:e5:55:6d:
         42:54:c0:02:44:af:9e:7d:3e:5b:b2:79:06:b4:e9:c6:61:58:
         fd:a6:b9:6f:b2:cf:e1:8f:52:f8:a4:73:6e:f2:31:b2:70:3d:
         10:12:00:3c:a6:5d:71:17:9f:6b:56:d7:c5:f0:a8:ca:21:ca:
         8e:e8:cd:cf:56:89:25:fc:70:87:b1:af:27:61:4f:aa:1b:15:
         c0:88:ec:97:f5:ed:eb:7f:d3:25:16:2d:f6:12:b1:ce:9c:a9:
         42:f4:53:ee:60:58:ac:d8:ab:c2:f8:e8:fa:12:8e:dd:19:c1:
         8a:fd:62:c0:44:c2:5a:ba:a4:f5:91:7b:fa:66:0b:f6:98:83:
         6b:f1:d9:e7:1b:06:af:90:33:33:27:87:23:6b:66:65:3e:19:
         7a:86:9d:f2:77:5d:00:7a:3c:57:a9:4f:f5:67:74:40:0b:17:
         5c:87:03:62
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUPeH6UbvHxwhx0jXK5AEGLneoFjgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA1MjQxMjA5MjNaFw0yNjA1MjMxMjE0MjNaMDMxMTAvBgNV
BAMTKDJCQjMxQTRDOTA4OTBDQTkzNzBCQjFFNUEzODU1RUIzOURGRjQ1MEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfB5HyZGbAI1tLDhWtltQq9AKg
Rh3X6H4wWg6RaZ14Mt8r1oXsAuaXWQGMYvoeDMhzKNHLwwSjE9Okge1Nh5CRZzxZ
EDHfWSYOxDhDQ4Vt8hcSBrQLT1C33cVoRWgBS3esa0bXLpzEecqxfDq94TIGwCuo
/KDB3Iqh3ijv7lfyq4ol2i0QsLiMbeowq9C5dkVtT15Sl/IU/Tagsrc+SC++uNGN
CnjEcxyAnYfeytAsxk+N1qPZoWZbjLXctziWli+NGbSAzr0ULrS5dx6qv0tWjAib
Ri+wyUbV8Wlnr4PFQIDe+/SuMRWZaovVaMwxNi8/qz7FdRy6qUz6IklXemBTAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUK7MaTJCJDKk3C7Hlo4Ves53/RQ4wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjExNDExLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQxHMA0GCSqGSIb3DQEBCwUAA4IBAQC68HhLMqxEHfU9VW8fM2ugoUKKL8fJvbq7
AzPGJUQtJfXAjNftCCHEihdO0g90jfCr5kd1+FBvOu0WhrXiKEw6Wa/ceY87sGTu
34w6JogZP8Hej1Hcb8vlVW1CVMACRK+efT5bsnkGtOnGYVj9prlvss/hj1L4pHNu
8jGycD0QEgA8pl1xF59rVtfF8KjKIcqO6M3PVokl/HCHsa8nYU+qGxXAiOyX9e3r
f9MlFi32ErHOnKlC9FPuYFis2KvC+Oj6Eo7dGcGK/WLARMJauqT1kXv6Zgv2mINr
8dnnGwavkDMzJ4cja2ZlPhl6hp3yd10AejxXqU/1Z3RACxdchwNi
-----END CERTIFICATE-----