Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS213908.roa
File:                     AS213908.roa (raw, json)
Hash identifier:          wEcBr92vzR4kjMQEsYcqkaimECO9B6QY/N0qri4wvgg=
Subject key identifier:   27:31:E6:ED:1A:3B:CD:D8:E9:AC:BE:20:BB:1C:90:F0:96:45:6F:0B
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       400421C6446D408F13203157D4FF9F5CCC70D2B0
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS213908.roa
Signing time:             Fri 17 Jan 2025 13:11:49 +0000
ROA not before:           Fri 17 Jan 2025 13:06:49 +0000
ROA not after:            Fri 16 Jan 2026 13:11:49 +0000
asID:                     213908
IP address blocks:        37.221.78.0/24 maxlen: 24
                          37.221.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:04:21:c6:44:6d:40:8f:13:20:31:57:d4:ff:9f:5c:cc:70:d2:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Jan 17 13:06:49 2025 GMT
            Not After : Jan 16 13:11:49 2026 GMT
        Subject: CN=2731E6ED1A3BCDD8E9ACBE20BB1C90F096456F0B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:17:eb:73:57:e1:60:e7:31:32:e0:9b:bf:31:
                    49:ab:e0:c0:8c:b2:d9:87:40:0f:68:2c:2f:0c:e1:
                    c0:8a:fb:4d:dc:ff:a6:29:d4:0c:32:c6:ae:9c:92:
                    34:58:7a:57:12:5d:08:89:e6:8a:6e:45:65:36:43:
                    8f:3e:21:19:c7:16:b9:7b:21:c8:c1:b0:28:c9:2d:
                    cd:89:46:bd:0a:20:c4:e1:fc:42:03:93:27:78:44:
                    ca:3b:d4:35:51:cf:ef:ac:0c:8b:5e:33:38:31:23:
                    f6:8c:e2:be:2d:07:71:8b:fa:ff:44:0f:6a:e6:85:
                    ab:af:12:90:00:20:ee:a0:f9:73:b1:9a:33:56:b5:
                    29:9c:4a:17:76:83:d2:eb:f2:81:30:4b:fe:e0:7f:
                    87:b6:b6:fe:36:61:6e:13:90:77:09:37:86:19:a9:
                    77:cc:69:c5:7a:92:bf:3d:2e:c3:c0:9b:80:ca:b4:
                    ef:ff:1c:bd:3f:04:8b:67:ba:5e:aa:dd:4b:14:fb:
                    eb:30:4e:b5:f3:b9:d0:3f:a8:ea:c9:cc:a6:a0:70:
                    77:c3:d3:c3:03:52:2c:f8:92:59:af:74:51:37:19:
                    61:3b:21:92:0f:ba:9f:e4:ff:bf:d3:6f:14:c6:fd:
                    e0:4f:13:59:ae:83:59:19:c5:cd:7b:51:d3:32:e9:
                    45:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:31:E6:ED:1A:3B:CD:D8:E9:AC:BE:20:BB:1C:90:F0:96:45:6F:0B
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS213908.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.221.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         09:6d:08:5d:a9:95:40:7f:2e:9c:c2:ac:b4:25:19:fd:36:ae:
         b0:c5:a5:38:91:16:4a:d9:72:9e:a5:99:9c:52:59:7d:f6:c2:
         5c:01:04:9e:4f:e1:14:34:42:90:7f:2a:f7:ed:c8:57:b1:64:
         c9:fc:9a:a6:c2:4f:cb:3f:8d:10:cd:53:7d:28:56:94:91:61:
         8e:36:8c:37:45:cd:1f:7b:99:78:c8:14:ce:c6:bb:f8:bf:83:
         15:36:63:ce:ab:1c:b2:b8:ba:60:4b:e7:f1:14:a5:8d:c6:bc:
         ff:95:75:77:ff:f2:36:2f:15:b6:84:87:d9:0c:18:6c:36:20:
         34:02:8a:ca:f4:f2:9e:97:8d:73:55:7c:e6:2d:6a:d0:c0:37:
         d6:f0:83:d0:f3:08:a1:1f:87:2f:6e:8c:8b:06:7e:77:b6:ed:
         50:88:25:41:86:f7:43:32:0c:00:1f:ae:df:1d:22:83:df:4e:
         6f:46:8d:20:d4:fb:62:30:3f:25:23:2e:cc:54:9e:92:62:d0:
         57:1a:49:1e:70:f5:19:d1:a5:da:76:83:b5:3d:c5:f7:90:44:
         f9:09:97:3d:bd:81:01:91:43:fd:03:2d:b0:e3:a4:cf:3f:b3:
         b4:8e:01:70:fd:d2:e0:6e:73:a1:c0:4b:cc:72:b6:0a:6a:45:
         f6:49:9b:b6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUQAQhxkRtQI8TIDFX1P+fXMxw0rAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTAxMTcxMzA2NDlaFw0yNjAxMTYxMzExNDlaMDMxMTAvBgNV
BAMTKDI3MzFFNkVEMUEzQkNERDhFOUFDQkUyMEJCMUM5MEYwOTY0NTZGMEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1F+tzV+Fg5zEy4Ju/MUmr4MCM
stmHQA9oLC8M4cCK+03c/6Yp1Awyxq6ckjRYelcSXQiJ5opuRWU2Q48+IRnHFrl7
IcjBsCjJLc2JRr0KIMTh/EIDkyd4RMo71DVRz++sDIteMzgxI/aM4r4tB3GL+v9E
D2rmhauvEpAAIO6g+XOxmjNWtSmcShd2g9Lr8oEwS/7gf4e2tv42YW4TkHcJN4YZ
qXfMacV6kr89LsPAm4DKtO//HL0/BItnul6q3UsU++swTrXzudA/qOrJzKagcHfD
08MDUiz4klmvdFE3GWE7IZIPup/k/7/TbxTG/eBPE1mug1kZxc17UdMy6UXNAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUJzHm7Ro7zdjprL4guxyQ8JZFbwswHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjEzOTA4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBJd1O
MA0GCSqGSIb3DQEBCwUAA4IBAQAJbQhdqZVAfy6cwqy0JRn9Nq6wxaU4kRZK2XKe
pZmcUll99sJcAQSeT+EUNEKQfyr37chXsWTJ/Jqmwk/LP40QzVN9KFaUkWGONow3
Rc0fe5l4yBTOxrv4v4MVNmPOqxyyuLpgS+fxFKWNxrz/lXV3//I2LxW2hIfZDBhs
NiA0AorK9PKel41zVXzmLWrQwDfW8IPQ8wihH4cvboyLBn53tu1QiCVBhvdDMgwA
H67fHSKD305vRo0g1PtiMD8lIy7MVJ6SYtBXGkkecPUZ0aXadoO1PcX3kET5CZc9
vYEBkUP9Ay2w46TPP7O0jgFw/dLgbnOhwEvMcrYKakX2SZu2
-----END CERTIFICATE-----