Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS211567.roa
File:                     AS211567.roa (raw, json)
Hash identifier:          iK0TYJAzoZ5eAM5l2xKG3wDioMwf0eNKmuSQE76ieVM=
Subject key identifier:   86:49:0D:DB:18:E6:3E:6C:AE:43:96:90:C3:21:B2:D9:D4:93:DE:77
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       7C3FD47F46AC3CDDAB6E52767BD7013B8659E72A
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS211567.roa
Signing time:             Fri 28 Mar 2025 11:00:47 +0000
ROA not before:           Fri 28 Mar 2025 10:55:47 +0000
ROA not after:            Fri 27 Mar 2026 11:00:47 +0000
asID:                     211567
IP address blocks:        31.40.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:3f:d4:7f:46:ac:3c:dd:ab:6e:52:76:7b:d7:01:3b:86:59:e7:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Mar 28 10:55:47 2025 GMT
            Not After : Mar 27 11:00:47 2026 GMT
        Subject: CN=86490DDB18E63E6CAE439690C321B2D9D493DE77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:49:9f:b7:16:0f:11:87:02:8e:2f:2a:f3:ae:
                    d2:30:c6:df:74:83:d7:35:bb:f5:9d:53:8d:e0:f3:
                    8c:35:5e:74:1f:cf:17:2e:f2:d4:9e:f6:f7:77:b0:
                    cd:9c:6f:45:cf:2e:44:4c:c0:9e:2e:ce:26:16:90:
                    11:84:77:56:79:d1:ad:d6:62:c1:e9:ae:da:cb:df:
                    ba:e5:4a:ea:9d:ee:6c:f1:56:c6:76:8b:29:1c:89:
                    37:65:24:ca:d9:ef:8c:a5:96:c4:d7:1c:d3:5e:5d:
                    4c:fd:39:40:d4:5e:e4:95:dc:32:72:52:de:b0:c7:
                    25:57:b5:8a:ae:8a:30:68:ea:f3:88:3f:65:49:b4:
                    79:85:d6:94:3e:15:ef:cd:fe:10:c9:d2:74:2d:d7:
                    a6:04:a8:cc:0d:9c:53:bf:48:62:14:85:a7:2d:99:
                    9f:d1:63:d0:cf:23:77:b8:9e:08:22:4e:6a:7c:90:
                    40:17:3b:74:2b:fd:e6:43:fe:90:63:91:f2:1d:7f:
                    2d:be:60:ee:fc:3b:d2:72:14:05:cd:42:ef:51:79:
                    5f:96:0b:df:a8:a9:88:bd:7b:96:7c:6a:16:5b:ef:
                    55:bc:46:9e:0d:05:12:db:94:65:8e:d3:a6:60:1c:
                    5f:1d:36:50:22:6a:80:98:eb:31:a5:a6:7e:47:74:
                    09:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:49:0D:DB:18:E6:3E:6C:AE:43:96:90:C3:21:B2:D9:D4:93:DE:77
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS211567.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:1c:cc:36:64:40:e8:1e:98:0e:c8:be:d7:ae:f6:42:23:a3:
         61:6b:53:53:a9:a7:18:66:b5:e4:6c:53:63:7d:c4:45:2a:c1:
         50:8b:6a:af:96:33:4c:0a:f8:49:29:ba:f5:80:6d:d3:00:88:
         15:f3:1f:42:82:f0:a6:5b:22:74:81:27:9e:f6:be:01:3c:5f:
         59:95:dd:9b:34:69:bc:54:0a:82:b1:ca:e3:7f:4f:56:ad:4d:
         3b:17:60:7e:f3:03:3b:46:4e:f8:d9:55:40:e5:ee:bb:3d:9d:
         e2:6d:1d:5f:86:cd:e7:95:8c:1a:a7:9f:a7:a6:56:a6:16:2b:
         89:9e:f1:8d:0b:d7:66:0a:f5:7e:bb:3b:63:11:1c:dd:4c:c1:
         4d:a4:b2:c8:c5:19:4c:8d:9e:e4:02:92:e3:e7:6b:80:d9:ad:
         4a:b9:c0:be:09:5d:e6:6a:bb:02:5e:68:5a:f4:f0:56:de:b4:
         9a:98:7c:cf:82:70:78:05:88:53:66:72:3c:95:c1:4e:6a:bc:
         00:08:46:dc:e4:04:e7:d1:3a:6c:4c:b5:7c:db:76:bb:57:fd:
         db:21:6a:f5:1c:12:68:b2:a9:09:7f:fc:77:68:b8:1c:56:0d:
         90:85:e6:60:62:71:ec:a6:64:4c:ad:05:92:b4:a5:c7:a1:48:
         55:66:3c:7b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUfD/Uf0asPN2rblJ2e9cBO4ZZ5yowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTAzMjgxMDU1NDdaFw0yNjAzMjcxMTAwNDdaMDMxMTAvBgNV
BAMTKDg2NDkwRERCMThFNjNFNkNBRTQzOTY5MEMzMjFCMkQ5RDQ5M0RFNzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjSZ+3Fg8RhwKOLyrzrtIwxt90
g9c1u/WdU43g84w1XnQfzxcu8tSe9vd3sM2cb0XPLkRMwJ4uziYWkBGEd1Z50a3W
YsHprtrL37rlSuqd7mzxVsZ2iykciTdlJMrZ74yllsTXHNNeXUz9OUDUXuSV3DJy
Ut6wxyVXtYquijBo6vOIP2VJtHmF1pQ+Fe/N/hDJ0nQt16YEqMwNnFO/SGIUhact
mZ/RY9DPI3e4nggiTmp8kEAXO3Qr/eZD/pBjkfIdfy2+YO78O9JyFAXNQu9ReV+W
C9+oqYi9e5Z8ahZb71W8Rp4NBRLblGWO06ZgHF8dNlAiaoCY6zGlpn5HdAmlAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUhkkN2xjmPmyuQ5aQwyGy2dST3ncwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjExNTY3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyjG
MA0GCSqGSIb3DQEBCwUAA4IBAQCRHMw2ZEDoHpgOyL7XrvZCI6Nha1NTqacYZrXk
bFNjfcRFKsFQi2qvljNMCvhJKbr1gG3TAIgV8x9CgvCmWyJ0gSee9r4BPF9Zld2b
NGm8VAqCscrjf09WrU07F2B+8wM7Rk742VVA5e67PZ3ibR1fhs3nlYwap5+nplam
FiuJnvGNC9dmCvV+uztjERzdTMFNpLLIxRlMjZ7kApLj52uA2a1KucC+CV3marsC
Xmha9PBW3rSamHzPgnB4BYhTZnI8lcFOarwACEbc5ATn0TpsTLV823a7V/3bIWr1
HBJosqkJf/x3aLgcVg2QheZgYnHspmRMrQWStKXHoUhVZjx7
-----END CERTIFICATE-----