Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS212249.roa
File:                     AS212249.roa (raw, json)
Hash identifier:          /e2+AX50bUVQXQLW6qHnF+2r7KfT7N/eX+wwFMbTOCo=
Subject key identifier:   8F:AE:A5:2B:98:34:7E:E8:7E:CE:22:DD:A8:2D:EF:FC:8B:03:97:DF
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       5EDF58E627B51D7FA89E94581178A7B4DE9B5D80
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS212249.roa
Signing time:             Wed 15 Jan 2025 16:37:17 +0000
ROA not before:           Wed 15 Jan 2025 16:32:17 +0000
ROA not after:            Wed 14 Jan 2026 16:37:17 +0000
asID:                     212249
IP address blocks:        141.98.113.0/24 maxlen: 24
                          141.98.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:df:58:e6:27:b5:1d:7f:a8:9e:94:58:11:78:a7:b4:de:9b:5d:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Jan 15 16:32:17 2025 GMT
            Not After : Jan 14 16:37:17 2026 GMT
        Subject: CN=8FAEA52B98347EE87ECE22DDA82DEFFC8B0397DF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:f4:74:b1:45:60:eb:26:24:ac:a1:91:ea:b4:
                    7f:71:99:00:52:89:ce:db:a1:d7:71:56:e5:c8:0b:
                    d7:45:90:aa:05:d2:0d:80:47:82:97:1c:83:4b:9a:
                    43:eb:f6:e4:d8:4f:8d:fb:1c:ad:fe:97:13:b4:cc:
                    07:51:6c:c0:4e:b7:15:42:0d:2a:b9:b4:b6:45:f5:
                    13:3e:1e:53:81:ce:fb:d5:ac:ac:55:1e:02:f3:26:
                    04:d7:ec:01:10:1d:1c:47:0d:ab:81:59:00:32:7b:
                    9e:88:da:94:ee:b2:27:36:e4:37:2b:f7:27:e5:97:
                    bb:97:ae:3a:ec:7b:d6:67:84:6f:5b:c8:98:cc:7c:
                    22:1b:72:af:42:81:a1:fa:84:49:6b:35:a2:54:78:
                    f3:b9:4e:a8:56:01:e5:83:27:9b:77:03:62:3c:15:
                    cd:c0:c4:a6:6e:5b:9a:07:d6:6d:ba:f5:6e:ec:62:
                    f2:af:e7:05:66:94:b5:9f:39:60:a8:62:21:55:c2:
                    79:32:f9:5e:8f:cc:cd:f9:90:59:b9:30:0f:67:98:
                    fc:93:4e:48:7d:15:60:5d:db:33:32:48:2a:f5:86:
                    dd:c0:3d:bd:34:2a:5e:31:e5:1f:b4:b8:58:76:72:
                    d1:32:e8:e3:0a:fb:3a:18:41:5c:9d:31:5e:4d:c1:
                    b7:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:AE:A5:2B:98:34:7E:E8:7E:CE:22:DD:A8:2D:EF:FC:8B:03:97:DF
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS212249.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.113.0-141.98.114.255

    Signature Algorithm: sha256WithRSAEncryption
         1a:72:ab:49:8a:9f:2a:e9:77:80:d6:ef:ca:76:80:8b:e0:6c:
         cd:92:c3:13:20:1c:35:76:5c:fd:da:e0:ca:ca:49:90:53:34:
         19:e9:e5:fa:98:11:fd:9f:40:84:e1:f1:bf:bf:7e:ba:0e:c3:
         0a:46:e8:06:45:0a:a3:54:3f:41:7c:82:72:ff:73:a4:a7:4e:
         89:a5:5b:c6:11:ac:0f:a6:4e:b1:e1:33:28:e1:29:6f:00:38:
         d5:57:39:4d:55:ee:c5:dd:79:ea:36:f4:09:1d:67:09:d5:69:
         c1:86:a7:99:b6:49:08:8d:01:08:c4:aa:94:ba:bd:49:9c:50:
         a5:fb:ba:bf:6e:b1:61:7f:b2:58:dd:b6:43:fa:9d:b3:c9:ff:
         1f:d5:62:30:3b:73:97:4d:a9:36:69:77:82:30:4b:7a:bb:1a:
         c9:0a:1f:38:3d:5f:0e:06:03:f2:5f:80:8c:a9:53:1b:8f:c5:
         00:11:8b:01:8f:01:b9:28:8e:55:14:bf:ce:6d:47:08:cd:f0:
         9b:91:69:36:82:64:70:c9:13:35:da:af:9c:b3:f0:30:85:e2:
         25:24:4b:96:77:18:b4:6a:75:15:b1:47:e7:0d:cd:4f:24:1c:
         25:12:dd:10:b0:50:54:64:65:70:28:8b:99:ac:c1:8c:db:8c:
         24:a8:e8:f2
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgIUXt9Y5ie1HX+onpRYEXintN6bXYAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTAxMTUxNjMyMTdaFw0yNjAxMTQxNjM3MTdaMDMxMTAvBgNV
BAMTKDhGQUVBNTJCOTgzNDdFRTg3RUNFMjJEREE4MkRFRkZDOEIwMzk3REYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx9HSxRWDrJiSsoZHqtH9xmQBS
ic7boddxVuXIC9dFkKoF0g2AR4KXHINLmkPr9uTYT437HK3+lxO0zAdRbMBOtxVC
DSq5tLZF9RM+HlOBzvvVrKxVHgLzJgTX7AEQHRxHDauBWQAye56I2pTusic25Dcr
9yfll7uXrjrse9ZnhG9byJjMfCIbcq9CgaH6hElrNaJUePO5TqhWAeWDJ5t3A2I8
Fc3AxKZuW5oH1m269W7sYvKv5wVmlLWfOWCoYiFVwnky+V6PzM35kFm5MA9nmPyT
Tkh9FWBd2zMySCr1ht3APb00Kl4x5R+0uFh2ctEy6OMK+zoYQVydMV5NwbeTAgMB
AAGjggISMIICDjAdBgNVHQ4EFgQUj66lK5g0fuh+ziLdqC3v/IsDl98wHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjEyMjQ5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBACN
YnEDBACNYnIwDQYJKoZIhvcNAQELBQADggEBABpyq0mKnyrpd4DW78p2gIvgbM2S
wxMgHDV2XP3a4MrKSZBTNBnp5fqYEf2fQITh8b+/froOwwpG6AZFCqNUP0F8gnL/
c6SnTomlW8YRrA+mTrHhMyjhKW8AONVXOU1V7sXdeeo29AkdZwnVacGGp5m2SQiN
AQjEqpS6vUmcUKX7ur9usWF/sljdtkP6nbPJ/x/VYjA7c5dNqTZpd4IwS3q7GskK
Hzg9Xw4GA/JfgIypUxuPxQARiwGPAbkojlUUv85tRwjN8JuRaTaCZHDJEzXar5yz
8DCF4iUkS5Z3GLRqdRWxR+cNzU8kHCUS3RCwUFRkZXAoi5mswYzbjCSo6PI=
-----END CERTIFICATE-----