Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS211749.roa
File:                     AS211749.roa (raw, json)
Hash identifier:          UYPd5N52Sj3qRega51axMum7vTLCKsSp8a0jgjCue0U=
Subject key identifier:   BE:D1:0E:93:00:81:FB:74:CA:A5:0C:1C:FA:E6:6D:00:EF:DB:73:2A
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       323383AE6220366C471304B2B9D3F423F283B399
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS211749.roa
Signing time:             Mon 10 Mar 2025 22:21:37 +0000
ROA not before:           Mon 10 Mar 2025 22:16:37 +0000
ROA not after:            Mon 09 Mar 2026 22:21:37 +0000
asID:                     211749
IP address blocks:        2a0f:85c1:ba4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:33:83:ae:62:20:36:6c:47:13:04:b2:b9:d3:f4:23:f2:83:b3:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Mar 10 22:16:37 2025 GMT
            Not After : Mar  9 22:21:37 2026 GMT
        Subject: CN=BED10E930081FB74CAA50C1CFAE66D00EFDB732A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:ce:5e:96:ab:af:5b:5d:29:37:f4:a0:c2:79:
                    af:5e:88:5e:72:ca:2b:79:9a:c5:ad:50:71:43:14:
                    13:ad:06:55:2b:99:71:b4:8f:8c:37:c5:cf:31:20:
                    1f:b5:8e:1e:df:ec:9c:ad:3d:e0:5c:ce:42:ae:bd:
                    72:17:ef:fe:7e:37:97:7a:b3:d9:91:4b:87:85:8c:
                    bb:19:1a:a5:4f:05:a8:57:c6:0d:97:fa:55:fc:8f:
                    bb:ec:30:99:3b:35:3e:67:87:eb:9b:f2:74:33:71:
                    4c:9c:26:a7:2d:ed:6d:01:25:c9:82:3c:25:1c:d6:
                    08:c5:c3:b9:69:47:d7:15:9d:00:aa:06:90:50:39:
                    c5:8a:a1:43:7c:bc:a4:e3:a3:70:c4:05:89:3c:79:
                    bb:e6:69:d8:d8:ac:74:cc:f1:7e:a3:3c:ac:e2:51:
                    04:8a:cd:23:36:ec:3c:49:bc:e3:d7:5a:df:a9:07:
                    58:13:d0:ac:4f:4b:e2:36:b4:62:eb:a8:57:a8:6f:
                    f9:56:f2:4a:4d:90:a4:64:57:09:8d:6f:65:57:2f:
                    d9:96:d3:9f:2c:13:5d:35:d7:a5:bc:96:19:fb:e0:
                    98:ae:3b:86:26:a9:1a:9b:21:bd:89:9e:04:ec:fa:
                    49:b6:fa:64:9a:22:c6:f7:32:81:f3:10:91:bb:af:
                    60:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:D1:0E:93:00:81:FB:74:CA:A5:0C:1C:FA:E6:6D:00:EF:DB:73:2A
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS211749.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:ba4::/48

    Signature Algorithm: sha256WithRSAEncryption
         3d:a1:b3:b8:a4:d9:dd:49:cf:3e:97:35:cc:33:1c:1a:85:7b:
         b6:7b:cb:42:8f:e0:38:7d:4c:a4:50:19:d6:45:43:4c:90:98:
         a5:0c:20:4e:ae:1b:4e:0c:17:6f:af:55:b4:aa:0f:38:30:42:
         72:16:c7:03:60:11:8b:b7:d5:58:c6:c8:bd:77:1c:c7:01:b4:
         c0:91:05:52:18:79:25:57:a2:91:de:6f:72:a7:3c:25:c1:8e:
         48:33:25:19:29:fd:ff:76:9b:30:5f:ea:72:f6:a2:6a:9c:6c:
         f6:cc:b1:c6:37:0a:d6:a1:08:8f:38:b7:d1:18:94:97:52:09:
         ac:f3:df:15:ff:15:58:3e:84:c3:fc:b8:7d:e5:c7:da:ec:b1:
         a2:1e:d7:bb:f1:25:e4:2f:a6:30:b7:be:73:05:9a:42:41:81:
         be:0e:7c:71:89:53:d6:23:5a:0b:31:a3:1f:66:fa:31:56:c9:
         f1:2f:d4:17:68:93:1d:1e:42:2f:cc:d3:f8:ae:b3:67:c0:a7:
         31:fc:47:12:67:cc:35:15:a3:0e:b1:1e:3a:34:93:8b:15:bd:
         32:6f:06:5b:3c:12:66:c5:4e:a8:cb:3d:3b:33:0d:17:ce:7f:
         63:a5:05:88:f2:ac:89:67:73:56:69:17:1d:b1:10:ac:ef:d6:
         0c:fc:cb:3a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUMjODrmIgNmxHEwSyudP0I/KDs5kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTAzMTAyMjE2MzdaFw0yNjAzMDkyMjIxMzdaMDMxMTAvBgNV
BAMTKEJFRDEwRTkzMDA4MUZCNzRDQUE1MEMxQ0ZBRTY2RDAwRUZEQjczMkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAzl6Wq69bXSk39KDCea9eiF5y
yit5msWtUHFDFBOtBlUrmXG0j4w3xc8xIB+1jh7f7JytPeBczkKuvXIX7/5+N5d6
s9mRS4eFjLsZGqVPBahXxg2X+lX8j7vsMJk7NT5nh+ub8nQzcUycJqct7W0BJcmC
PCUc1gjFw7lpR9cVnQCqBpBQOcWKoUN8vKTjo3DEBYk8ebvmadjYrHTM8X6jPKzi
UQSKzSM27DxJvOPXWt+pB1gT0KxPS+I2tGLrqFeob/lW8kpNkKRkVwmNb2VXL9mW
058sE10116W8lhn74JiuO4YmqRqbIb2JngTs+km2+mSaIsb3MoHzEJG7r2CLAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUvtEOkwCB+3TKpQwc+uZtAO/bcyowHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjExNzQ5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQukMA0GCSqGSIb3DQEBCwUAA4IBAQA9obO4pNndSc8+lzXMMxwahXu2e8tCj+A4
fUykUBnWRUNMkJilDCBOrhtODBdvr1W0qg84MEJyFscDYBGLt9VYxsi9dxzHAbTA
kQVSGHklV6KR3m9ypzwlwY5IMyUZKf3/dpswX+py9qJqnGz2zLHGNwrWoQiPOLfR
GJSXUgms898V/xVYPoTD/Lh95cfa7LGiHte78SXkL6Ywt75zBZpCQYG+DnxxiVPW
I1oLMaMfZvoxVsnxL9QXaJMdHkIvzNP4rrNnwKcx/EcSZ8w1FaMOsR46NJOLFb0y
bwZbPBJmxU6oyz07Mw0Xzn9jpQWI8qyJZ3NWaRcdsRCs79YM/Ms6
-----END CERTIFICATE-----