Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS211567.roa
File:                     AS211567.roa (raw, json)
Hash identifier:          z27Ki4f+J9kTLPtmQ0TeJNEwle4U+zr2P+TgXKWVy4U=
Subject key identifier:   E1:E3:DE:CE:F6:AD:0C:0F:20:17:E8:38:CB:88:90:63:C4:76:31:44
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       551FF1CBF07974AB5EB824C2D2A492F32E1C3A99
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS211567.roa
Signing time:             Wed 15 Jan 2025 16:37:18 +0000
ROA not before:           Wed 15 Jan 2025 16:32:18 +0000
ROA not after:            Wed 14 Jan 2026 16:37:18 +0000
asID:                     211567
IP address blocks:        193.111.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:1f:f1:cb:f0:79:74:ab:5e:b8:24:c2:d2:a4:92:f3:2e:1c:3a:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Jan 15 16:32:18 2025 GMT
            Not After : Jan 14 16:37:18 2026 GMT
        Subject: CN=E1E3DECEF6AD0C0F2017E838CB889063C4763144
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d2:8a:e0:86:6f:04:ec:55:9a:4d:10:c0:4b:
                    8d:ec:62:a0:d3:b4:3b:ae:4d:a7:4a:de:c2:c5:45:
                    74:02:22:83:2e:4a:3c:34:86:a0:89:91:0d:c3:88:
                    aa:eb:2c:92:57:ac:5a:17:fc:5a:13:8a:e4:20:ed:
                    85:36:33:fa:95:70:7f:b5:ba:0c:99:59:51:23:41:
                    f6:1d:e3:7a:94:29:89:ef:87:86:03:23:b7:b6:c9:
                    62:fa:a2:1f:53:8c:32:55:ad:1a:19:a0:43:3c:6d:
                    99:ed:eb:92:3b:1a:0a:38:5b:8e:45:49:71:fa:61:
                    f4:54:88:69:e7:d4:03:cf:78:3f:74:0c:e1:21:bf:
                    5c:0b:9c:d4:38:d7:7a:65:af:7a:e0:6b:dc:0e:d6:
                    6f:eb:2b:1a:a4:1d:10:36:02:d8:37:9f:26:7e:3b:
                    c9:1e:7d:d4:75:c5:a3:4a:5c:72:14:2a:a8:1e:ea:
                    e7:ac:b7:6e:28:ea:21:df:88:3b:3f:ad:84:1c:d6:
                    87:e4:54:62:21:52:05:5f:eb:57:74:2c:05:16:b9:
                    1d:70:56:5b:48:80:e7:9d:77:ea:37:9f:fc:d1:87:
                    e3:c4:c8:99:53:17:7e:ae:c4:4d:5e:bc:d5:b4:9c:
                    29:86:df:eb:69:ff:88:a1:52:65:b1:78:28:09:00:
                    90:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:E3:DE:CE:F6:AD:0C:0F:20:17:E8:38:CB:88:90:63:C4:76:31:44
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS211567.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:12:aa:db:3b:40:9c:a2:22:04:43:82:ed:7f:60:a6:44:d3:
         a2:f5:18:4e:56:21:79:7e:f4:97:e8:4d:80:f7:0f:18:5a:ad:
         32:e6:24:3d:26:40:59:ab:c1:6a:96:ef:04:36:77:8f:76:86:
         c2:25:18:fa:e5:24:9a:88:20:8b:c9:5e:15:1b:9d:e8:3e:c7:
         a9:53:60:e3:1b:46:84:38:27:65:0c:50:4d:ba:c8:f9:6d:21:
         62:24:fa:d0:ad:87:6f:1d:20:4a:2f:28:b5:9a:ce:09:7f:9b:
         34:d0:c5:d9:39:b3:19:a1:7f:cc:79:f4:90:17:64:f9:9e:ee:
         85:b4:46:8c:69:17:4f:7c:e7:24:94:01:7f:dc:8d:a3:ec:6d:
         2a:9a:35:8a:2a:f3:c0:40:3a:80:83:dd:87:61:18:28:86:16:
         74:95:7d:cd:9d:1a:ea:52:9a:7c:62:3e:47:de:21:4a:66:3d:
         fc:22:ec:01:5f:ee:e9:fc:ef:c3:43:8d:9d:41:f9:7d:32:9c:
         7f:91:e7:99:b3:e2:c5:8f:f5:a4:78:bb:70:9e:fe:74:ed:e8:
         28:09:bc:ac:90:c4:5a:27:9e:6d:1a:42:bb:44:02:56:3e:3b:
         e4:74:29:d8:72:70:ee:8d:59:6e:45:9a:c4:8f:77:5b:b6:ea:
         d5:30:c8:86
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUVR/xy/B5dKteuCTC0qSS8y4cOpkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTAxMTUxNjMyMThaFw0yNjAxMTQxNjM3MThaMDMxMTAvBgNV
BAMTKEUxRTNERUNFRjZBRDBDMEYyMDE3RTgzOENCODg5MDYzQzQ3NjMxNDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB0orghm8E7FWaTRDAS43sYqDT
tDuuTadK3sLFRXQCIoMuSjw0hqCJkQ3DiKrrLJJXrFoX/FoTiuQg7YU2M/qVcH+1
ugyZWVEjQfYd43qUKYnvh4YDI7e2yWL6oh9TjDJVrRoZoEM8bZnt65I7Ggo4W45F
SXH6YfRUiGnn1APPeD90DOEhv1wLnNQ413plr3rga9wO1m/rKxqkHRA2Atg3nyZ+
O8kefdR1xaNKXHIUKqge6uest24o6iHfiDs/rYQc1ofkVGIhUgVf61d0LAUWuR1w
VltIgOedd+o3n/zRh+PEyJlTF36uxE1evNW0nCmG3+tp/4ihUmWxeCgJAJBTAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU4ePezvatDA8gF+g4y4iQY8R2MUQwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjExNTY3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW9P
MA0GCSqGSIb3DQEBCwUAA4IBAQCzEqrbO0CcoiIEQ4Ltf2CmRNOi9RhOViF5fvSX
6E2A9w8YWq0y5iQ9JkBZq8Fqlu8ENnePdobCJRj65SSaiCCLyV4VG53oPsepU2Dj
G0aEOCdlDFBNusj5bSFiJPrQrYdvHSBKLyi1ms4Jf5s00MXZObMZoX/MefSQF2T5
nu6FtEaMaRdPfOcklAF/3I2j7G0qmjWKKvPAQDqAg92HYRgohhZ0lX3NnRrqUpp8
Yj5H3iFKZj38IuwBX+7p/O/DQ42dQfl9Mpx/keeZs+LFj/WkeLtwnv507egoCbys
kMRaJ55tGkK7RAJWPjvkdCnYcnDujVluRZrEj3dbturVMMiG
-----END CERTIFICATE-----