Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS211373.roa
File:                     AS211373.roa (raw, json)
Hash identifier:          NRxS5a+99Zci9OPFXSubsZXM/Ys4g8gOQmOV9dIJQ7g=
Subject key identifier:   EB:7E:D8:B6:49:1B:F5:3D:1F:B8:7D:78:EB:22:7B:D0:2B:CA:4D:B4
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       3091028B58EA31678737ED8190B0F4006A098BF6
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS211373.roa
Signing time:             Thu 02 Oct 2025 07:05:22 +0000
ROA not before:           Thu 02 Oct 2025 07:00:22 +0000
ROA not after:            Thu 01 Oct 2026 07:05:22 +0000
asID:                     211373
IP address blocks:        95.135.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Oct 2025 15:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:91:02:8b:58:ea:31:67:87:37:ed:81:90:b0:f4:00:6a:09:8b:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Oct  2 07:00:22 2025 GMT
            Not After : Oct  1 07:05:22 2026 GMT
        Subject: CN=EB7ED8B6491BF53D1FB87D78EB227BD02BCA4DB4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:46:52:06:80:51:59:b8:89:0e:7a:67:2a:f0:
                    c5:52:ca:8c:5a:21:23:6f:03:d1:4d:bf:60:d5:b9:
                    f8:5f:26:48:40:b1:25:97:b8:a4:c8:d3:e7:d1:2a:
                    c8:cf:75:3f:c9:18:72:59:56:66:55:2a:f8:ba:0c:
                    69:9d:bd:cf:24:13:87:3f:95:59:69:1b:9f:61:da:
                    13:7e:e8:2a:60:ea:e2:b2:79:c9:f8:4e:89:b8:ac:
                    72:da:f2:08:15:7e:0a:39:9c:99:fd:b8:5f:3e:79:
                    e0:64:90:86:c8:15:b2:0c:51:bc:f3:32:79:fd:c8:
                    60:fd:1c:c3:b6:fb:68:28:4b:15:f8:19:9e:3b:3d:
                    f7:ee:d3:31:d6:d3:dd:2d:e0:0b:7c:dd:4a:0e:1b:
                    8d:12:fc:19:b7:fa:63:60:2a:77:f8:6d:65:89:32:
                    0e:6d:2f:62:5a:1e:79:35:26:91:0e:01:bb:d3:59:
                    2f:71:0b:52:69:c8:3c:38:37:f9:bf:f5:fb:9d:2d:
                    3e:58:c5:07:db:cd:52:3d:f1:74:e3:08:8b:47:1c:
                    a6:14:bb:29:a8:bc:62:df:52:ba:42:ef:84:d6:8b:
                    ca:e4:7a:23:1b:f7:04:4b:81:99:c9:42:ca:28:8f:
                    79:6f:39:69:40:da:50:6d:57:c8:57:6c:1c:dd:32:
                    c3:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:7E:D8:B6:49:1B:F5:3D:1F:B8:7D:78:EB:22:7B:D0:2B:CA:4D:B4
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS211373.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.135.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:db:cb:7f:fa:eb:1f:b4:ce:b0:66:21:81:e6:c9:14:c5:d6:
         d9:23:cb:b6:68:1b:9d:fb:b3:50:39:bd:93:4d:19:0e:12:7b:
         74:0d:7d:52:f4:17:36:cc:da:69:9d:eb:38:ca:84:5b:3b:11:
         ac:f1:c7:9a:8d:df:18:56:56:c2:b9:c7:7e:d5:f7:62:74:81:
         d4:3d:a4:95:04:e2:94:a3:b7:ac:8b:dc:69:9c:6a:ab:5d:1d:
         cc:b1:d6:95:95:58:b2:46:0d:5d:f3:f0:43:bd:1d:6b:af:c8:
         b6:96:16:c9:1a:c6:92:4e:3d:e7:48:dc:5d:17:85:db:5c:f5:
         4c:cd:48:cb:84:d3:2d:82:f9:26:50:49:1a:a2:28:94:b4:e1:
         5a:b8:f2:ba:08:bb:f6:e7:d8:2a:3f:76:00:ca:4e:1e:f6:76:
         6f:61:8e:7c:47:dd:00:f1:07:95:d2:c2:de:fd:81:02:14:c6:
         5f:0f:ad:ee:f7:4c:9e:fe:e7:ba:18:36:34:5b:9a:2d:4f:08:
         ff:1f:99:94:4b:b5:03:cb:be:95:1a:97:cb:72:ac:a9:97:5d:
         17:31:3b:0b:7f:f3:77:0d:74:b8:ad:77:2b:66:93:05:ed:08:
         be:e1:dc:01:f6:cb:5d:29:e0:44:b3:93:5e:54:d0:cf:44:05:
         ce:6c:36:09
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUMJECi1jqMWeHN+2BkLD0AGoJi/YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTEwMDIwNzAwMjJaFw0yNjEwMDEwNzA1MjJaMDMxMTAvBgNV
BAMTKEVCN0VEOEI2NDkxQkY1M0QxRkI4N0Q3OEVCMjI3QkQwMkJDQTREQjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbRlIGgFFZuIkOemcq8MVSyoxa
ISNvA9FNv2DVufhfJkhAsSWXuKTI0+fRKsjPdT/JGHJZVmZVKvi6DGmdvc8kE4c/
lVlpG59h2hN+6Cpg6uKyecn4Tom4rHLa8ggVfgo5nJn9uF8+eeBkkIbIFbIMUbzz
Mnn9yGD9HMO2+2goSxX4GZ47Pffu0zHW090t4At83UoOG40S/Bm3+mNgKnf4bWWJ
Mg5tL2JaHnk1JpEOAbvTWS9xC1JpyDw4N/m/9fudLT5YxQfbzVI98XTjCItHHKYU
uymovGLfUrpC74TWi8rkeiMb9wRLgZnJQsooj3lvOWlA2lBtV8hXbBzdMsPPAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU637Ytkkb9T0fuH146yJ70CvKTbQwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjExMzczLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4ev
MA0GCSqGSIb3DQEBCwUAA4IBAQAG28t/+usftM6wZiGB5skUxdbZI8u2aBud+7NQ
Ob2TTRkOEnt0DX1S9Bc2zNppnes4yoRbOxGs8ceajd8YVlbCucd+1fdidIHUPaSV
BOKUo7esi9xpnGqrXR3MsdaVlViyRg1d8/BDvR1rr8i2lhbJGsaSTj3nSNxdF4Xb
XPVMzUjLhNMtgvkmUEkaoiiUtOFauPK6CLv259gqP3YAyk4e9nZvYY58R90A8QeV
0sLe/YECFMZfD63u90ye/ue6GDY0W5otTwj/H5mUS7UDy76VGpfLcqypl10XMTsL
f/N3DXS4rXcrZpMF7Qi+4dwB9stdKeBEs5NeVNDPRAXObDYJ
-----END CERTIFICATE-----