Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS211405.roa
File:                     AS211405.roa (raw, json)
Hash identifier:          MhqmU+XqptTRw+hbbKKPAPZxht8GaBq58jQxtLIMDko=
Subject key identifier:   68:37:18:D4:43:E8:AB:B8:5A:55:B6:E1:F7:F2:28:6E:4F:2E:51:23
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       496CDA889386B6F5CE17C06615B63B2DD848A191
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS211405.roa
Signing time:             Mon 07 Apr 2025 17:15:01 +0000
ROA not before:           Mon 07 Apr 2025 17:10:01 +0000
ROA not after:            Mon 06 Apr 2026 17:15:01 +0000
asID:                     211405
IP address blocks:        2a14:7581:fec::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:6c:da:88:93:86:b6:f5:ce:17:c0:66:15:b6:3b:2d:d8:48:a1:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Apr  7 17:10:01 2025 GMT
            Not After : Apr  6 17:15:01 2026 GMT
        Subject: CN=683718D443E8ABB85A55B6E1F7F2286E4F2E5123
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:a3:c1:21:eb:09:5c:6a:5c:ac:02:01:e9:31:
                    20:1d:a8:49:76:40:34:1d:2e:d7:35:a4:bd:f0:e4:
                    17:11:fe:e8:2c:d9:76:03:5a:fb:97:f9:87:90:29:
                    66:4f:19:92:fd:d2:fd:29:e8:42:eb:7e:a8:de:86:
                    a1:18:5c:cf:2a:27:14:79:69:c1:f7:f3:d6:bc:64:
                    5a:2c:1e:cd:64:a5:e0:3a:d1:ac:dd:54:b5:8d:5b:
                    cd:39:e8:37:dc:b4:00:b7:11:3b:a9:1d:66:2d:9d:
                    1f:2e:40:e1:51:e4:8e:8b:da:e2:67:f4:5a:46:70:
                    0b:42:91:b2:c2:59:bf:e6:87:d8:bb:07:fe:92:4a:
                    76:02:15:37:f4:e0:f2:80:2a:8a:a7:90:2a:e9:94:
                    50:5e:53:2c:e4:36:4d:e8:b1:02:da:a5:1b:39:53:
                    5c:68:d6:da:85:7b:da:24:da:18:08:05:91:11:da:
                    cc:47:0f:66:12:87:d5:cf:f0:40:90:9b:ba:df:fb:
                    7e:66:03:0d:89:45:d6:04:81:64:73:c1:62:43:82:
                    16:4d:d4:41:42:09:1b:e3:7e:85:a1:91:ef:0a:e1:
                    b1:5c:e2:d9:2a:f9:ef:a8:26:fe:56:34:82:c0:80:
                    05:7d:f7:e5:9d:c5:04:c6:aa:16:77:f4:7d:44:1e:
                    df:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:37:18:D4:43:E8:AB:B8:5A:55:B6:E1:F7:F2:28:6E:4F:2E:51:23
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS211405.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:fec::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:29:f3:8f:72:47:9a:79:5d:8f:a9:0f:2c:84:53:a5:9d:ef:
         49:90:87:31:0e:b2:d7:c4:63:7c:1b:f1:63:18:67:ff:28:b2:
         84:83:41:eb:b0:66:b9:9c:b8:9e:15:cd:62:c6:c3:2f:1d:25:
         0a:73:cf:20:c6:2e:46:d8:9c:0c:7b:46:2e:e5:ef:52:42:22:
         f1:6f:85:33:f1:62:b1:65:14:85:b7:56:03:98:b6:b4:65:1e:
         83:18:49:71:da:27:cc:0c:5f:b8:a1:2b:79:73:1b:e2:cc:88:
         93:e6:6d:4f:8b:5e:c3:7d:93:a1:66:4b:07:d8:f0:3d:de:7e:
         d8:1b:34:7e:22:5b:5a:e2:2d:48:51:fe:81:51:32:f7:a3:91:
         e9:7b:ef:8e:30:66:5f:e1:26:25:5b:53:e6:cb:f8:b4:d6:c5:
         7d:1b:de:77:8f:9b:18:22:eb:19:d6:36:3f:f5:c3:bf:2f:50:
         22:e1:91:2f:c5:60:da:bc:12:2e:22:01:a4:89:53:28:b3:b2:
         3f:22:31:de:ad:cc:3d:a4:97:ec:f5:cc:18:15:85:2b:b2:37:
         b3:6e:ed:9d:3f:c9:0a:95:11:47:77:36:58:24:1f:a2:d8:5d:
         86:6f:50:a9:ae:39:60:7d:d4:1f:5c:cd:d6:f3:15:d2:1e:a8:
         ea:e2:c4:d9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUSWzaiJOGtvXOF8BmFbY7LdhIoZEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTA0MDcxNzEwMDFaFw0yNjA0MDYxNzE1MDFaMDMxMTAvBgNV
BAMTKDY4MzcxOEQ0NDNFOEFCQjg1QTU1QjZFMUY3RjIyODZFNEYyRTUxMjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFo8Eh6wlcalysAgHpMSAdqEl2
QDQdLtc1pL3w5BcR/ugs2XYDWvuX+YeQKWZPGZL90v0p6ELrfqjehqEYXM8qJxR5
acH389a8ZFosHs1kpeA60azdVLWNW8056DfctAC3ETupHWYtnR8uQOFR5I6L2uJn
9FpGcAtCkbLCWb/mh9i7B/6SSnYCFTf04PKAKoqnkCrplFBeUyzkNk3osQLapRs5
U1xo1tqFe9ok2hgIBZER2sxHD2YSh9XP8ECQm7rf+35mAw2JRdYEgWRzwWJDghZN
1EFCCRvjfoWhke8K4bFc4tkq+e+oJv5WNILAgAV99+WdxQTGqhZ39H1EHt8PAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUaDcY1EPoq7haVbbh9/Iobk8uUSMwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjExNDA1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhR1
gQ/sMA0GCSqGSIb3DQEBCwUAA4IBAQBQKfOPckeaeV2PqQ8shFOlne9JkIcxDrLX
xGN8G/FjGGf/KLKEg0HrsGa5nLieFc1ixsMvHSUKc88gxi5G2JwMe0Yu5e9SQiLx
b4Uz8WKxZRSFt1YDmLa0ZR6DGElx2ifMDF+4oSt5cxvizIiT5m1Pi17DfZOhZksH
2PA93n7YGzR+Ilta4i1IUf6BUTL3o5Hpe++OMGZf4SYlW1Pmy/i01sV9G953j5sY
IusZ1jY/9cO/L1Ai4ZEvxWDavBIuIgGkiVMos7I/IjHercw9pJfs9cwYFYUrsjez
bu2dP8kKlRFHdzZYJB+i2F2Gb1CprjlgfdQfXM3W8xXSHqjq4sTZ
-----END CERTIFICATE-----