Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS211484.roa
File:                     AS211484.roa (raw, json)
Hash identifier:          5wQpGV1Yiv+HKE3aRAacvOiwJOqM43huottP+XK+EuI=
Subject key identifier:   F1:12:59:1A:0B:5A:44:98:08:8C:F9:92:71:6C:A4:22:4B:6D:61:BD
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       6B54D485E0A88D525727DB4BF2CAA22FE91E7EC9
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS211484.roa
Signing time:             Mon 05 May 2025 17:34:47 +0000
ROA not before:           Mon 05 May 2025 17:29:47 +0000
ROA not after:            Mon 04 May 2026 17:34:47 +0000
asID:                     211484
IP address blocks:        155.117.10.0/23 maxlen: 24
                          155.117.252.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 May 2025 16:09:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:54:d4:85:e0:a8:8d:52:57:27:db:4b:f2:ca:a2:2f:e9:1e:7e:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May  5 17:29:47 2025 GMT
            Not After : May  4 17:34:47 2026 GMT
        Subject: CN=F112591A0B5A4498088CF992716CA4224B6D61BD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:06:dc:84:4b:c7:5f:74:09:e7:65:69:c0:60:
                    6f:5c:56:36:84:7f:f4:78:0f:aa:6e:e8:d8:a3:a1:
                    9d:71:a2:7b:17:26:ad:7f:45:6c:55:59:51:7b:06:
                    76:bb:89:0b:a2:3a:89:d3:fc:0b:db:cb:30:cb:27:
                    df:a7:1b:a7:a7:46:23:68:09:ed:9b:02:55:70:e4:
                    92:d3:d9:c5:22:66:b0:8a:c9:3e:91:de:e3:9d:a1:
                    19:13:7d:cb:5c:1c:ab:89:56:1e:eb:38:10:79:97:
                    ad:63:c1:28:83:fb:88:b2:47:b1:2b:aa:35:76:8c:
                    10:61:2f:85:04:bf:98:7e:db:85:39:29:e5:df:2c:
                    c4:95:84:38:fe:02:cc:81:49:39:1a:2a:82:81:2d:
                    25:31:89:be:1d:a4:48:06:6c:ec:ea:89:66:f6:ee:
                    6c:59:8e:7e:3b:3f:38:45:61:dc:9c:1e:25:6f:28:
                    dd:f7:cf:07:4a:08:54:5c:22:65:de:b2:cc:94:71:
                    fa:a2:0c:23:b7:90:d9:b2:d8:47:42:9b:47:dd:3a:
                    a4:3f:3e:0d:9c:e8:bb:ba:a0:4e:da:9a:28:96:71:
                    c3:04:ff:dd:56:bc:b4:3d:cb:a1:89:77:84:f7:f7:
                    ec:dc:8e:77:e3:4b:1d:af:e6:16:ce:e7:82:91:07:
                    66:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:12:59:1A:0B:5A:44:98:08:8C:F9:92:71:6C:A4:22:4B:6D:61:BD
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS211484.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.10.0/23
                  155.117.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         65:6a:fc:fa:c5:be:89:1c:7a:6c:c7:d0:9e:73:54:e2:82:ea:
         29:30:ba:bf:66:89:2c:70:7d:30:aa:15:9a:13:02:1e:d5:30:
         5a:e0:0a:66:5c:22:04:b7:6d:b0:ea:88:9b:9f:0e:50:ca:8f:
         d8:ac:6e:2f:41:8f:c3:71:37:67:97:93:be:93:2d:44:6d:3b:
         30:15:b9:75:f8:75:71:d0:22:f2:f3:97:39:ae:47:f5:bf:94:
         f1:08:a2:9c:cc:d7:d0:dc:c1:a8:c5:87:5c:ef:1b:3a:3d:31:
         c0:61:a8:57:cf:2a:95:6b:2b:62:80:19:5f:82:c3:1a:5f:a0:
         d3:1d:d8:9f:88:b9:79:11:11:c1:09:6a:72:68:7d:d5:6f:fe:
         11:bd:d8:40:ed:05:18:35:aa:34:b0:70:d9:f1:93:3b:d6:e0:
         6e:4b:12:09:27:2c:8f:31:a7:1a:d2:e3:ba:d3:7f:66:cd:81:
         40:f0:13:11:1f:2a:1a:ba:e1:5d:af:fc:de:31:79:70:66:3c:
         c2:2d:ea:3e:73:56:fe:57:72:c3:cf:bf:3f:aa:af:15:aa:37:
         f6:01:3c:91:30:1f:6b:39:fc:c2:17:1a:f4:48:3a:cb:24:55:
         88:70:c3:34:f3:e1:f3:46:55:6b:9e:1d:6a:fa:25:68:a9:b6:
         73:67:7a:68
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUa1TUheCojVJXJ9tL8sqiL+kefskwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA1MDUxNzI5NDdaFw0yNjA1MDQxNzM0NDdaMDMxMTAvBgNV
BAMTKEYxMTI1OTFBMEI1QTQ0OTgwODhDRjk5MjcxNkNBNDIyNEI2RDYxQkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyBtyES8dfdAnnZWnAYG9cVjaE
f/R4D6pu6NijoZ1xonsXJq1/RWxVWVF7Bna7iQuiOonT/AvbyzDLJ9+nG6enRiNo
Ce2bAlVw5JLT2cUiZrCKyT6R3uOdoRkTfctcHKuJVh7rOBB5l61jwSiD+4iyR7Er
qjV2jBBhL4UEv5h+24U5KeXfLMSVhDj+AsyBSTkaKoKBLSUxib4dpEgGbOzqiWb2
7mxZjn47PzhFYdycHiVvKN33zwdKCFRcImXessyUcfqiDCO3kNmy2EdCm0fdOqQ/
Pg2c6Lu6oE7amiiWccME/91WvLQ9y6GJd4T39+zcjnfjSx2v5hbO54KRB2b5AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU8RJZGgtaRJgIjPmScWykIkttYb0wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjExNDg0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBm3UK
AwQBm3X8MA0GCSqGSIb3DQEBCwUAA4IBAQBlavz6xb6JHHpsx9Cec1TiguopMLq/
ZokscH0wqhWaEwIe1TBa4ApmXCIEt22w6oibnw5Qyo/YrG4vQY/DcTdnl5O+ky1E
bTswFbl1+HVx0CLy85c5rkf1v5TxCKKczNfQ3MGoxYdc7xs6PTHAYahXzyqVayti
gBlfgsMaX6DTHdifiLl5ERHBCWpyaH3Vb/4RvdhA7QUYNao0sHDZ8ZM71uBuSxIJ
JyyPMaca0uO6039mzYFA8BMRHyoauuFdr/zeMXlwZjzCLeo+c1b+V3LDz78/qq8V
qjf2ATyRMB9rOfzCFxr0SDrLJFWIcMM08+HzRlVrnh1q+iVoqbZzZ3po
-----END CERTIFICATE-----