Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS210538.roa
File:                     AS210538.roa (raw, json)
Hash identifier:          sAQMLdbEB46/6nA5as2FJ4O+wjWqE6MsVTCC1Jmdg2Y=
Subject key identifier:   14:3A:79:DE:25:E4:B1:75:E8:F0:14:71:36:B4:CE:1C:1F:F6:25:C0
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       0F1B8B1EB6B9919E6005C642DEAE59CD5FF7296E
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS210538.roa
Signing time:             Wed 15 Jan 2025 17:10:30 +0000
ROA not before:           Wed 15 Jan 2025 17:05:30 +0000
ROA not after:            Wed 14 Jan 2026 17:10:30 +0000
asID:                     210538
IP address blocks:        5.133.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:1b:8b:1e:b6:b9:91:9e:60:05:c6:42:de:ae:59:cd:5f:f7:29:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Jan 15 17:05:30 2025 GMT
            Not After : Jan 14 17:10:30 2026 GMT
        Subject: CN=143A79DE25E4B175E8F0147136B4CE1C1FF625C0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:eb:28:f1:38:7b:dd:97:5d:39:38:24:56:ed:
                    49:40:3e:24:76:28:b1:00:c1:92:01:00:f6:8d:b3:
                    8a:b6:e9:7a:44:4e:3b:f3:24:50:ac:d4:ca:82:89:
                    2f:f5:00:6b:49:de:18:4e:44:37:7e:be:d3:5b:94:
                    e0:82:42:19:ab:d0:98:a4:20:fd:4f:79:16:6e:12:
                    ae:57:7f:ca:e6:83:f5:00:74:06:a3:71:1e:7d:fd:
                    d7:5d:cd:4a:b8:0e:68:8a:bc:84:3e:8a:76:26:27:
                    7c:ef:ac:76:f1:64:60:ab:02:82:a7:a5:f8:48:68:
                    af:28:a6:50:8b:2a:c1:20:20:f7:cc:18:b9:2a:69:
                    6b:b0:cb:12:f6:bb:e8:ab:11:30:e5:56:4d:d2:40:
                    8e:42:c9:03:24:30:5f:88:da:67:0e:79:98:c8:ed:
                    ac:25:8f:41:2b:57:e8:3b:1c:7b:29:83:75:c7:f0:
                    15:eb:21:ab:7f:1e:ad:98:11:63:07:6e:60:2d:e3:
                    c0:e6:ec:8f:15:a2:0a:89:22:e4:5f:e4:7b:41:f0:
                    c5:d7:52:bf:b5:c0:6c:37:6a:13:94:29:26:23:c6:
                    8b:f2:b0:0d:42:e2:ba:26:d0:8c:5e:f9:3c:00:2e:
                    77:27:4a:1d:29:fb:17:a6:44:e1:a9:32:bc:0a:ab:
                    fd:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:3A:79:DE:25:E4:B1:75:E8:F0:14:71:36:B4:CE:1C:1F:F6:25:C0
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS210538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:88:f9:51:50:27:6c:7b:90:c7:ac:16:c2:0c:b9:68:ad:f4:
         fb:4b:85:2a:8e:9c:ca:06:02:36:1d:46:ac:fb:4b:b8:ab:3f:
         4c:36:44:8a:bd:6e:b9:58:9e:eb:44:91:8e:7f:1f:af:7c:fd:
         4d:7f:e7:47:6d:2c:b6:2b:2c:fe:14:6f:93:fc:ed:3f:5c:56:
         62:37:59:c1:f8:41:c6:db:22:25:70:26:86:63:60:3c:19:99:
         a6:53:b2:68:85:f6:0e:65:ec:47:4b:14:c4:bb:19:a4:a0:78:
         d1:18:35:ed:9f:f2:05:81:f5:ef:9d:c3:fe:ba:4e:d0:79:a6:
         0e:7d:a9:a1:88:80:3e:5c:d8:81:60:50:c0:68:4b:a1:62:e8:
         7b:2f:24:74:f2:fb:7d:45:48:08:0e:80:b1:3c:c1:87:11:53:
         af:06:55:5c:47:72:8d:84:b8:cb:3d:26:85:e0:5b:b8:9c:ac:
         fa:9f:03:fe:a3:4b:6d:25:ce:9b:b1:26:22:09:ab:c4:90:1b:
         5e:3e:8b:e9:a2:71:94:72:bd:74:13:6a:b3:32:1b:0d:b1:f2:
         3e:eb:07:af:97:92:99:8a:c7:90:16:d1:66:ef:ed:08:53:04:
         98:fa:45:86:b7:3f:02:3f:3f:14:6b:81:22:04:c7:70:8b:12:
         44:c4:03:d6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUDxuLHra5kZ5gBcZC3q5ZzV/3KW4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTAxMTUxNzA1MzBaFw0yNjAxMTQxNzEwMzBaMDMxMTAvBgNV
BAMTKDE0M0E3OURFMjVFNEIxNzVFOEYwMTQ3MTM2QjRDRTFDMUZGNjI1QzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo6yjxOHvdl105OCRW7UlAPiR2
KLEAwZIBAPaNs4q26XpETjvzJFCs1MqCiS/1AGtJ3hhORDd+vtNblOCCQhmr0Jik
IP1PeRZuEq5Xf8rmg/UAdAajcR59/dddzUq4DmiKvIQ+inYmJ3zvrHbxZGCrAoKn
pfhIaK8oplCLKsEgIPfMGLkqaWuwyxL2u+irETDlVk3SQI5CyQMkMF+I2mcOeZjI
7awlj0ErV+g7HHspg3XH8BXrIat/Hq2YEWMHbmAt48Dm7I8VogqJIuRf5HtB8MXX
Ur+1wGw3ahOUKSYjxovysA1C4rom0Ixe+TwALncnSh0p+xemROGpMrwKq/2zAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUFDp53iXksXXo8BRxNrTOHB/2JcAwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjEwNTM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABYVl
MA0GCSqGSIb3DQEBCwUAA4IBAQBqiPlRUCdse5DHrBbCDLlorfT7S4UqjpzKBgI2
HUas+0u4qz9MNkSKvW65WJ7rRJGOfx+vfP1Nf+dHbSy2Kyz+FG+T/O0/XFZiN1nB
+EHG2yIlcCaGY2A8GZmmU7JohfYOZexHSxTEuxmkoHjRGDXtn/IFgfXvncP+uk7Q
eaYOfamhiIA+XNiBYFDAaEuhYuh7LyR08vt9RUgIDoCxPMGHEVOvBlVcR3KNhLjL
PSaF4Fu4nKz6nwP+o0ttJc6bsSYiCavEkBtePovponGUcr10E2qzMhsNsfI+6wev
l5KZiseQFtFm7+0IUwSY+kWGtz8CPz8Ua4EiBMdwixJExAPW
-----END CERTIFICATE-----