Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS211440.roa
File:                     AS211440.roa (raw, json)
Hash identifier:          9bOnY1cAVhBBGHQIEMrd5VkBb1s/cfMPcWLgPAaZiXI=
Subject key identifier:   5A:27:0F:01:49:8F:CF:8A:AD:98:B9:72:51:CA:BB:F2:6C:90:84:65
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       545652DAB0491C30C30A16642FFA65B594691686
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS211440.roa
Signing time:             Thu 17 Apr 2025 09:54:01 +0000
ROA not before:           Thu 17 Apr 2025 09:49:01 +0000
ROA not after:            Thu 16 Apr 2026 09:54:01 +0000
asID:                     211440
IP address blocks:        147.79.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 May 2025 16:09:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:56:52:da:b0:49:1c:30:c3:0a:16:64:2f:fa:65:b5:94:69:16:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 17 09:49:01 2025 GMT
            Not After : Apr 16 09:54:01 2026 GMT
        Subject: CN=5A270F01498FCF8AAD98B97251CABBF26C908465
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:83:34:a2:73:bd:c0:bc:19:32:67:86:a1:56:
                    9c:14:85:de:a7:7c:bf:d8:46:59:60:0b:f6:3a:6b:
                    18:3e:49:1f:fb:e4:80:21:9a:3c:68:a2:c4:0d:71:
                    0a:a2:98:11:7d:02:99:fd:84:71:e4:a8:03:24:48:
                    63:1b:09:83:8d:ce:54:e2:f3:18:2c:99:93:e1:12:
                    73:57:09:42:01:ac:67:ca:df:4a:80:c8:37:2d:71:
                    cd:92:90:38:f0:0c:62:f7:af:8a:a3:d9:2c:99:86:
                    14:da:fe:7e:00:80:80:39:a3:48:e4:1e:22:74:a4:
                    eb:cf:90:df:48:c0:23:c4:83:25:4e:71:a0:7e:f4:
                    72:3e:2c:05:d9:2c:48:3e:57:82:e0:d9:b5:44:2f:
                    2a:ec:69:da:cd:4f:a5:6c:4c:3e:b1:b8:64:5e:97:
                    81:8f:9b:29:d3:27:0d:92:b4:b6:af:14:67:3a:92:
                    fb:b0:38:c5:f6:01:44:d6:81:79:ab:2c:74:06:54:
                    c5:12:c3:f6:73:c2:5e:7b:3b:c6:7e:42:7a:33:7d:
                    4c:0a:d2:98:a0:c4:b9:3f:c0:34:85:a8:57:9c:5a:
                    bb:79:78:16:2c:32:e9:94:a9:4b:8e:70:1e:b5:b9:
                    97:23:aa:77:fb:dd:a2:3e:31:45:2a:2f:35:cc:0b:
                    4b:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:27:0F:01:49:8F:CF:8A:AD:98:B9:72:51:CA:BB:F2:6C:90:84:65
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS211440.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.79.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:c5:f7:18:d1:9e:5a:f5:06:83:b2:f5:e2:25:ba:b6:2e:4f:
         f4:cd:7e:45:32:c2:f8:33:86:4e:a0:57:6e:1d:2f:3a:34:aa:
         f1:ec:c5:49:d5:88:56:55:93:57:81:5d:ae:8b:01:47:71:12:
         66:77:65:03:28:23:54:49:47:3f:02:50:46:40:23:ed:6f:3b:
         0b:86:8a:14:6d:ea:14:d1:e8:c6:6b:b4:27:a0:be:e1:15:a5:
         73:4c:bc:9e:47:17:11:4c:e5:62:69:67:ee:ef:b3:0d:dc:b6:
         60:02:11:6e:de:92:0e:48:6b:89:38:d7:94:ee:69:fe:74:75:
         12:c4:42:bf:d3:d9:e9:eb:4b:c8:bd:7e:9e:d5:37:b0:71:80:
         7b:e2:42:96:e5:b9:93:55:a4:53:0a:d2:1f:d4:1f:c3:8d:a9:
         9d:39:c9:07:24:8c:c4:0f:b2:8a:65:4f:0b:6d:7d:8e:a6:6b:
         b7:23:00:1a:57:66:fb:40:2f:da:be:80:78:67:11:84:ec:aa:
         9c:df:6d:29:48:97:b5:f7:af:79:af:e2:0b:61:83:89:a6:5b:
         84:bf:bd:c5:96:71:cd:5e:57:1c:be:fd:d8:67:cb:a8:4d:e9:
         4a:51:36:9b:82:11:e0:ec:b2:27:e9:f8:a6:75:26:21:83:b2:
         a7:7c:58:e4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUVFZS2rBJHDDDChZkL/pltZRpFoYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA0MTcwOTQ5MDFaFw0yNjA0MTYwOTU0MDFaMDMxMTAvBgNV
BAMTKDVBMjcwRjAxNDk4RkNGOEFBRDk4Qjk3MjUxQ0FCQkYyNkM5MDg0NjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIgzSic73AvBkyZ4ahVpwUhd6n
fL/YRllgC/Y6axg+SR/75IAhmjxoosQNcQqimBF9Apn9hHHkqAMkSGMbCYONzlTi
8xgsmZPhEnNXCUIBrGfK30qAyDctcc2SkDjwDGL3r4qj2SyZhhTa/n4AgIA5o0jk
HiJ0pOvPkN9IwCPEgyVOcaB+9HI+LAXZLEg+V4Lg2bVELyrsadrNT6VsTD6xuGRe
l4GPmynTJw2StLavFGc6kvuwOMX2AUTWgXmrLHQGVMUSw/Zzwl57O8Z+QnozfUwK
0pigxLk/wDSFqFecWrt5eBYsMumUqUuOcB61uZcjqnf73aI+MUUqLzXMC0s/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUWicPAUmPz4qtmLlyUcq78myQhGUwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjExNDQwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk08G
MA0GCSqGSIb3DQEBCwUAA4IBAQByxfcY0Z5a9QaDsvXiJbq2Lk/0zX5FMsL4M4ZO
oFduHS86NKrx7MVJ1YhWVZNXgV2uiwFHcRJmd2UDKCNUSUc/AlBGQCPtbzsLhooU
beoU0ejGa7QnoL7hFaVzTLyeRxcRTOViaWfu77MN3LZgAhFu3pIOSGuJONeU7mn+
dHUSxEK/09np60vIvX6e1TewcYB74kKW5bmTVaRTCtIf1B/DjamdOckHJIzED7KK
ZU8LbX2Opmu3IwAaV2b7QC/avoB4ZxGE7Kqc320pSJe19695r+ILYYOJpluEv73F
lnHNXlccvv3YZ8uoTelKUTabghHg7LIn6fimdSYhg7KnfFjk
-----END CERTIFICATE-----