Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS213945.roa
File:                     AS213945.roa (raw, json)
Hash identifier:          PdhCvWXKkA6wzkZoO1lod+jZRMTmtXsc/Oe15+7v8C0=
Subject key identifier:   E4:B2:D2:9B:14:EB:88:58:96:5E:81:4D:FD:D8:07:48:91:D7:48:F0
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       4BFB380B2C3A09D7BF4014EA60217039B650A0C7
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS213945.roa
Signing time:             Wed 15 Jan 2025 17:18:54 +0000
ROA not before:           Wed 15 Jan 2025 17:13:54 +0000
ROA not after:            Wed 14 Jan 2026 17:18:54 +0000
asID:                     213945
IP address blocks:        217.18.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:fb:38:0b:2c:3a:09:d7:bf:40:14:ea:60:21:70:39:b6:50:a0:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Jan 15 17:13:54 2025 GMT
            Not After : Jan 14 17:18:54 2026 GMT
        Subject: CN=E4B2D29B14EB8858965E814DFDD8074891D748F0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:34:56:db:79:3b:42:7e:b7:c4:1f:9f:5d:23:
                    97:b3:3d:7a:57:a7:41:48:a1:67:67:2d:29:58:18:
                    80:ba:a1:5b:43:1e:2d:f1:84:e0:58:72:1c:e0:30:
                    7f:36:2f:2b:2b:01:73:71:5d:87:73:29:27:3d:f4:
                    c1:79:f2:77:69:5f:dc:2c:93:a2:12:e9:2f:a4:31:
                    3a:c5:74:7f:e6:bc:2a:ca:83:28:bb:cd:6f:e7:cd:
                    36:2a:fe:77:c3:cc:d8:96:0e:57:79:89:5f:11:33:
                    62:f9:02:c7:9c:d2:76:e0:c9:5f:1e:04:f6:ee:df:
                    e1:99:aa:6e:d3:1e:ab:3b:53:97:68:70:2c:95:ff:
                    f5:12:f1:cb:d2:3a:f2:e7:4f:41:4e:49:7c:92:b7:
                    89:ea:01:7f:a6:b0:02:19:c0:ca:dd:d0:35:f1:5d:
                    72:27:35:50:83:95:a5:8d:f8:b2:a7:1c:1b:a8:95:
                    fd:a0:0b:ae:9e:4a:77:26:40:ca:96:33:f1:57:06:
                    8d:71:a7:45:ee:d0:dc:e9:ac:dd:6c:fa:05:44:9a:
                    8f:93:da:83:3d:75:8d:5b:a7:70:c2:8c:fe:a1:ae:
                    3f:22:2b:6c:f8:3d:7f:77:ad:2a:00:5f:52:c2:1a:
                    62:11:01:67:5d:89:7f:af:73:fc:8c:f0:4d:ed:a3:
                    a3:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:B2:D2:9B:14:EB:88:58:96:5E:81:4D:FD:D8:07:48:91:D7:48:F0
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS213945.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.18.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:1c:2f:2c:0c:9e:09:d7:c0:c3:1f:0b:b3:34:f7:36:9b:d5:
         29:3a:66:b9:50:85:e9:0f:29:da:a3:93:56:82:8f:a1:fc:a7:
         4d:a0:4f:20:49:51:af:d2:97:f7:9a:e0:e5:81:3e:94:72:76:
         36:e9:d0:98:00:40:cb:dd:c7:06:2a:ca:55:28:c8:e1:ad:61:
         d1:bd:a6:2e:54:25:b0:1e:24:65:28:41:1f:0d:37:e9:e3:70:
         4f:8f:33:2e:45:e6:9d:ad:c7:64:91:a7:3f:db:66:4a:30:df:
         91:85:60:b0:f5:36:2d:dd:31:c3:60:d3:7f:65:ad:24:a4:61:
         29:4b:70:13:15:32:6d:11:28:2e:a0:28:64:62:28:58:19:9c:
         4c:ae:cc:f6:4e:da:5d:54:70:63:58:16:a3:c3:39:0a:ef:60:
         eb:16:26:c4:0d:66:19:f6:30:80:b5:f3:39:37:86:57:e5:63:
         c9:eb:9f:36:85:ef:6c:f8:3d:f3:a6:06:e4:6d:ff:51:d1:74:
         f9:10:67:5d:d7:de:e0:9a:5f:32:dd:15:38:83:ac:2c:ac:18:
         9a:7f:d9:e7:c0:6c:25:18:32:4a:fe:c8:3a:9d:2d:b0:98:4d:
         b1:e9:6f:69:62:a9:04:90:21:6c:fb:93:66:b3:8b:95:49:64:
         00:55:a5:bc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUS/s4Cyw6Cde/QBTqYCFwObZQoMcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTAxMTUxNzEzNTRaFw0yNjAxMTQxNzE4NTRaMDMxMTAvBgNV
BAMTKEU0QjJEMjlCMTRFQjg4NTg5NjVFODE0REZERDgwNzQ4OTFENzQ4RjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDNFbbeTtCfrfEH59dI5ezPXpX
p0FIoWdnLSlYGIC6oVtDHi3xhOBYchzgMH82LysrAXNxXYdzKSc99MF58ndpX9ws
k6IS6S+kMTrFdH/mvCrKgyi7zW/nzTYq/nfDzNiWDld5iV8RM2L5Asec0nbgyV8e
BPbu3+GZqm7THqs7U5docCyV//US8cvSOvLnT0FOSXySt4nqAX+msAIZwMrd0DXx
XXInNVCDlaWN+LKnHBuolf2gC66eSncmQMqWM/FXBo1xp0Xu0NzprN1s+gVEmo+T
2oM9dY1bp3DCjP6hrj8iK2z4PX93rSoAX1LCGmIRAWddiX+vc/yM8E3to6PDAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU5LLSmxTriFiWXoFN/dgHSJHXSPAwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjEzOTQ1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RLR
MA0GCSqGSIb3DQEBCwUAA4IBAQC1HC8sDJ4J18DDHwuzNPc2m9UpOma5UIXpDyna
o5NWgo+h/KdNoE8gSVGv0pf3muDlgT6UcnY26dCYAEDL3ccGKspVKMjhrWHRvaYu
VCWwHiRlKEEfDTfp43BPjzMuReadrcdkkac/22ZKMN+RhWCw9TYt3THDYNN/Za0k
pGEpS3ATFTJtESguoChkYihYGZxMrsz2TtpdVHBjWBajwzkK72DrFibEDWYZ9jCA
tfM5N4ZX5WPJ6582he9s+D3zpgbkbf9R0XT5EGdd197gml8y3RU4g6wsrBiaf9nn
wGwlGDJK/sg6nS2wmE2x6W9pYqkEkCFs+5Nms4uVSWQAVaW8
-----END CERTIFICATE-----