Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS213945.roa
File:                     AS213945.roa (raw, json)
Hash identifier:          Dfw/TMx4yeEHp3tqbG5JTH0MlnMovsQATMtSRFx2n+Q=
Subject key identifier:   75:17:B0:1B:E0:A1:26:AF:51:82:6E:A5:B6:44:12:DF:B6:6A:73:F9
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       4B398C2BDD06838AF43C21CF9785954014F948A3
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS213945.roa
Signing time:             Tue 18 Mar 2025 12:54:00 +0000
ROA not before:           Tue 18 Mar 2025 12:49:00 +0000
ROA not after:            Tue 17 Mar 2026 12:54:00 +0000
asID:                     213945
IP address blocks:        92.249.60.0/24 maxlen: 24
                          217.18.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:39:8c:2b:dd:06:83:8a:f4:3c:21:cf:97:85:95:40:14:f9:48:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Mar 18 12:49:00 2025 GMT
            Not After : Mar 17 12:54:00 2026 GMT
        Subject: CN=7517B01BE0A126AF51826EA5B64412DFB66A73F9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:e2:b1:5a:37:df:d9:aa:02:11:25:f0:fc:7c:
                    88:ee:c2:54:c4:2f:78:6f:6f:82:c3:d4:fb:a9:1b:
                    6f:d1:be:32:84:9d:0b:23:2c:5d:8f:16:52:80:d5:
                    a3:af:c6:e1:64:5d:bb:d7:03:51:93:31:ae:0c:f8:
                    45:93:c6:7f:a4:3f:6e:50:9c:c9:58:9d:91:27:b5:
                    bb:ef:d2:7d:8b:51:79:c4:14:13:15:e8:31:33:dc:
                    86:06:d6:f1:3f:77:35:86:9f:73:44:38:c5:59:4b:
                    a3:5b:9c:2f:c3:62:54:0b:bf:37:a0:77:bb:4d:d9:
                    b9:bb:12:c6:37:ba:d3:12:44:b0:19:8d:be:3d:a1:
                    99:f9:9d:8b:12:15:5f:52:80:31:5d:c0:bf:3b:c0:
                    ce:bf:58:81:57:8c:81:4f:db:1e:5d:d4:03:71:7f:
                    d6:0b:cc:8a:f1:df:55:b3:26:5f:d6:c8:47:f5:88:
                    a9:d1:f6:e1:a6:d5:1a:bf:74:1d:8e:1d:55:1b:73:
                    db:66:49:cc:eb:a2:c6:86:0e:a3:bc:28:35:02:55:
                    5f:56:fa:d3:f2:55:72:a3:5d:99:2a:71:44:2d:9f:
                    66:3a:ef:83:94:2a:de:c8:3d:0e:4c:2b:e9:39:ba:
                    46:00:2b:33:7a:9e:da:9d:26:d5:7b:e0:a3:97:51:
                    b3:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:17:B0:1B:E0:A1:26:AF:51:82:6E:A5:B6:44:12:DF:B6:6A:73:F9
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS213945.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.249.60.0/24
                  217.18.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:c5:d8:5e:9b:42:4b:a8:b0:61:f0:69:cc:91:8e:29:f9:5b:
         5a:2c:e4:d3:81:11:20:ed:35:57:70:8f:42:2d:ba:77:6f:ea:
         d6:d4:81:89:fc:68:0a:96:5b:be:e1:20:63:71:6c:cc:44:b1:
         07:f8:44:73:db:08:52:ae:4b:93:9f:d7:36:52:f4:8d:57:f5:
         19:bb:6f:16:d9:45:82:36:67:5a:21:6a:9e:e4:2d:a4:16:20:
         a3:81:f5:b7:5a:84:ec:23:10:44:52:e2:f8:d5:fa:f8:e5:78:
         c2:82:d7:13:10:19:27:7d:9e:19:84:9d:c6:30:89:18:1c:ab:
         69:10:3e:d6:d3:3a:d1:64:8f:24:0c:82:fd:f9:e0:13:32:33:
         a6:e8:74:bb:9a:2d:c6:d9:27:92:40:b8:bb:28:aa:43:c8:00:
         a5:91:60:8f:f8:42:34:4e:f9:72:0d:49:f2:ab:5c:a7:de:0d:
         99:e3:59:ba:9c:2e:5a:40:66:38:f9:2d:59:aa:cb:40:59:d6:
         b0:38:54:bb:e3:f4:94:90:82:c5:1e:c3:0c:83:80:69:13:2b:
         fb:72:55:be:c2:e8:d8:1e:ac:cc:3a:c6:3d:c5:ec:79:0d:a0:
         f5:d5:6f:7d:3d:bd:e8:6d:39:48:34:8d:5c:56:9a:ad:13:2f:
         f1:86:05:1c
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUSzmMK90Gg4r0PCHPl4WVQBT5SKMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTAzMTgxMjQ5MDBaFw0yNjAzMTcxMjU0MDBaMDMxMTAvBgNV
BAMTKDc1MTdCMDFCRTBBMTI2QUY1MTgyNkVBNUI2NDQxMkRGQjY2QTczRjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCY4rFaN9/ZqgIRJfD8fIjuwlTE
L3hvb4LD1PupG2/RvjKEnQsjLF2PFlKA1aOvxuFkXbvXA1GTMa4M+EWTxn+kP25Q
nMlYnZEntbvv0n2LUXnEFBMV6DEz3IYG1vE/dzWGn3NEOMVZS6NbnC/DYlQLvzeg
d7tN2bm7EsY3utMSRLAZjb49oZn5nYsSFV9SgDFdwL87wM6/WIFXjIFP2x5d1ANx
f9YLzIrx31WzJl/WyEf1iKnR9uGm1Rq/dB2OHVUbc9tmSczrosaGDqO8KDUCVV9W
+tPyVXKjXZkqcUQtn2Y674OUKt7IPQ5MK+k5ukYAKzN6ntqdJtV74KOXUbN1AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUdRewG+ChJq9Rgm6ltkQS37Zqc/kwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjEzOTQ1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXPk8
AwQA2RLRMA0GCSqGSIb3DQEBCwUAA4IBAQCgxdhem0JLqLBh8GnMkY4p+VtaLOTT
gREg7TVXcI9CLbp3b+rW1IGJ/GgKllu+4SBjcWzMRLEH+ERz2whSrkuTn9c2UvSN
V/UZu28W2UWCNmdaIWqe5C2kFiCjgfW3WoTsIxBEUuL41fr45XjCgtcTEBknfZ4Z
hJ3GMIkYHKtpED7W0zrRZI8kDIL9+eATMjOm6HS7mi3G2SeSQLi7KKpDyAClkWCP
+EI0TvlyDUnyq1yn3g2Z41m6nC5aQGY4+S1ZqstAWdawOFS74/SUkILFHsMMg4Bp
Eyv7clW+wujYHqzMOsY9xex5DaD11W99Pb3obTlINI1cVpqtEy/xhgUc
-----END CERTIFICATE-----