Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS211459.roa
File:                     AS211459.roa (raw, json)
Hash identifier:          0HfNNyMWmtc0ZkfHjqWRPMc/3Onlr5Mkatd+oeSNGgU=
Subject key identifier:   63:DA:90:12:96:23:A6:D9:4C:59:A3:89:67:FB:CD:3C:66:28:51:5A
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       1CD5B01126CE79592502D2B524F79FC600A97CCF
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS211459.roa
Signing time:             Thu 04 Sep 2025 13:44:25 +0000
ROA not before:           Thu 04 Sep 2025 13:39:25 +0000
ROA not after:            Thu 03 Sep 2026 13:44:25 +0000
asID:                     211459
IP address blocks:        212.115.100.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 04:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:d5:b0:11:26:ce:79:59:25:02:d2:b5:24:f7:9f:c6:00:a9:7c:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Sep  4 13:39:25 2025 GMT
            Not After : Sep  3 13:44:25 2026 GMT
        Subject: CN=63DA90129623A6D94C59A38967FBCD3C6628515A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:58:2d:87:f2:5a:99:15:ab:79:f3:87:68:d2:
                    7b:06:6c:b2:60:85:2e:85:5a:c8:67:ee:df:17:c6:
                    e2:01:53:74:b5:5b:93:08:8d:4f:49:bb:42:b0:f8:
                    77:37:55:fa:d7:ad:1a:59:81:12:57:3e:11:84:a2:
                    57:e0:13:cd:2f:9d:09:c5:58:43:e2:04:bd:f2:74:
                    35:a4:74:43:b2:40:23:22:c9:ba:88:a2:01:27:b9:
                    45:10:5e:d0:86:e3:7f:f4:3d:f3:45:c5:cb:f3:ed:
                    c1:92:ca:a5:78:b8:76:98:0b:45:a2:35:44:c2:1f:
                    e0:de:a3:12:d6:8d:5e:b4:cb:26:2f:b2:51:23:39:
                    55:66:de:fc:20:db:94:6a:da:1e:18:92:a5:69:a2:
                    ab:c0:99:d4:14:1b:80:60:19:98:2a:8b:1b:8f:49:
                    a4:39:24:5d:26:c6:f9:8d:85:7a:ca:b3:58:43:f1:
                    5a:b9:10:4f:e6:15:1b:75:7f:10:dc:51:71:68:9e:
                    52:bb:f8:be:7a:dc:38:0b:ae:44:db:8a:91:73:90:
                    0b:1d:0d:1a:d8:a2:f1:fd:af:8d:29:2b:96:e7:ee:
                    09:b0:e6:16:da:50:32:e9:30:c5:26:2a:85:fb:42:
                    f8:f0:8a:50:4d:0b:3d:b3:6c:c7:29:41:4e:9d:94:
                    94:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:DA:90:12:96:23:A6:D9:4C:59:A3:89:67:FB:CD:3C:66:28:51:5A
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS211459.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.115.100.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1e:cf:02:c2:55:11:c0:bd:09:b0:03:86:a7:2e:64:6f:18:2a:
         67:4a:df:d5:52:53:92:5e:c4:43:a0:ab:0b:c8:e2:a7:61:28:
         ab:b3:a6:32:8b:5f:26:94:de:1e:c7:29:41:6f:3a:17:67:4d:
         f0:a1:be:64:9d:08:3a:df:91:42:81:6d:78:5c:e3:c2:08:97:
         e3:f1:9f:31:e1:9f:b6:f0:b8:97:d0:c8:bc:e0:8d:14:95:8d:
         9d:60:6d:55:57:b2:cd:8a:ed:93:75:f5:20:b1:1d:56:a7:3e:
         d7:7b:32:f8:ad:bd:e5:54:64:43:7c:36:70:f1:68:ce:46:88:
         76:e9:2d:ea:52:3f:1f:85:72:24:5e:19:64:32:fd:3f:f3:c4:
         6e:4f:a5:b6:da:57:a4:54:4b:6b:96:28:cf:93:6b:2d:37:fb:
         2c:b7:e6:5d:f4:8b:5b:0f:06:83:4c:46:43:bf:c6:26:05:21:
         3e:7f:d9:0f:00:8e:b7:03:6f:71:1f:fe:37:a1:2c:58:32:a8:
         2f:45:b3:56:9f:87:44:04:cc:ae:8a:e5:7f:ec:5b:11:b8:18:
         36:ef:c9:fa:8a:23:4c:cf:72:47:7e:81:3a:86:ae:0c:88:14:
         42:59:3a:25:8c:fe:cc:9e:12:5e:51:34:6f:e1:ac:a2:35:44:
         e9:f7:4c:ad
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUHNWwESbOeVklAtK1JPefxgCpfM8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTA5MDQxMzM5MjVaFw0yNjA5MDMxMzQ0MjVaMDMxMTAvBgNV
BAMTKDYzREE5MDEyOTYyM0E2RDk0QzU5QTM4OTY3RkJDRDNDNjYyODUxNUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7WC2H8lqZFat584do0nsGbLJg
hS6FWshn7t8XxuIBU3S1W5MIjU9Ju0Kw+Hc3VfrXrRpZgRJXPhGEolfgE80vnQnF
WEPiBL3ydDWkdEOyQCMiybqIogEnuUUQXtCG43/0PfNFxcvz7cGSyqV4uHaYC0Wi
NUTCH+DeoxLWjV60yyYvslEjOVVm3vwg25Rq2h4YkqVpoqvAmdQUG4BgGZgqixuP
SaQ5JF0mxvmNhXrKs1hD8Vq5EE/mFRt1fxDcUXFonlK7+L563DgLrkTbipFzkAsd
DRrYovH9r40pK5bn7gmw5hbaUDLpMMUmKoX7QvjwilBNCz2zbMcpQU6dlJT1AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUY9qQEpYjptlMWaOJZ/vNPGYoUVowHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjExNDU5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1HNk
MA0GCSqGSIb3DQEBCwUAA4IBAQAezwLCVRHAvQmwA4anLmRvGCpnSt/VUlOSXsRD
oKsLyOKnYSirs6Yyi18mlN4exylBbzoXZ03wob5knQg635FCgW14XOPCCJfj8Z8x
4Z+28LiX0Mi84I0UlY2dYG1VV7LNiu2TdfUgsR1Wpz7XezL4rb3lVGRDfDZw8WjO
Roh26S3qUj8fhXIkXhlkMv0/88RuT6W22lekVEtrlijPk2stN/sst+Zd9ItbDwaD
TEZDv8YmBSE+f9kPAI63A29xH/43oSxYMqgvRbNWn4dEBMyuiuV/7FsRuBg278n6
iiNMz3JHfoE6hq4MiBRCWToljP7MnhJeUTRv4ayiNUTp90yt
-----END CERTIFICATE-----