Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211415.roa
File:                     AS211415.roa (raw, json)
Hash identifier:          xoEa5RhX2LzDreWrQ0yfWk722/zLUl6d+hKQL05A4fI=
Subject key identifier:   D0:9E:5B:F9:5A:69:0C:48:B7:A5:42:2D:B7:56:6F:2D:E1:3C:9E:BC
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3D841496EE2F63127DD87CDE5AA64139D178EF8C
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211415.roa
Signing time:             Fri 08 Aug 2025 00:54:13 +0000
ROA not before:           Fri 08 Aug 2025 00:49:13 +0000
ROA not after:            Fri 07 Aug 2026 00:54:13 +0000
asID:                     211415
IP address blocks:        45.133.177.0/24 maxlen: 24
                          181.215.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:84:14:96:ee:2f:63:12:7d:d8:7c:de:5a:a6:41:39:d1:78:ef:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug  8 00:49:13 2025 GMT
            Not After : Aug  7 00:54:13 2026 GMT
        Subject: CN=D09E5BF95A690C48B7A5422DB7566F2DE13C9EBC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:82:43:dd:4d:8f:60:c7:19:7d:7d:d9:fc:f9:
                    ad:09:20:c3:32:22:d1:a2:f0:b3:3e:cc:ea:f0:cb:
                    ce:7e:bf:02:7e:cd:7d:d2:5a:71:f2:16:10:08:4e:
                    d3:39:51:13:d1:49:f4:d3:6e:ab:7c:f2:40:37:8c:
                    ce:73:00:da:d0:fb:68:9b:e6:8d:b1:c7:ca:be:6b:
                    92:d2:ad:e6:97:e5:83:87:2a:e5:4d:e7:ce:0b:54:
                    35:c2:cb:da:ca:d4:4f:27:39:56:8d:98:5e:cf:32:
                    17:b7:ab:2b:de:9d:8b:26:47:c3:4c:2a:25:7c:cc:
                    aa:8a:1d:ea:87:e7:08:45:16:e8:85:0b:32:3b:aa:
                    28:6a:b8:79:01:00:8e:6b:c2:b6:e7:8d:13:40:92:
                    50:e6:7b:f5:71:ed:82:09:d8:08:53:b3:fa:40:2e:
                    e5:6b:3f:c9:71:41:0c:f8:6a:60:c9:9f:a0:a8:05:
                    6a:bf:bd:34:71:39:0f:1b:b1:41:f7:ea:9d:e4:fb:
                    a0:a5:97:9c:9f:6d:ff:dc:15:93:a4:56:90:7a:a3:
                    59:b8:f4:dc:15:8d:0c:34:98:96:9c:d4:42:cf:17:
                    ec:90:06:77:12:eb:90:57:db:83:19:a8:05:7c:87:
                    b5:d4:6c:d6:6f:f0:1f:81:53:1f:80:40:9d:f7:7f:
                    6b:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:9E:5B:F9:5A:69:0C:48:B7:A5:42:2D:B7:56:6F:2D:E1:3C:9E:BC
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211415.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.177.0/24
                  181.215.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:98:fd:2d:3e:85:7b:7e:5c:34:23:8c:23:45:08:50:dd:7e:
         6a:8d:6e:31:e6:18:5b:5c:d3:68:4c:3f:9b:fe:bd:f5:6a:4d:
         86:32:6b:70:5d:57:68:69:e5:f4:39:c3:69:19:23:fa:e5:da:
         f9:95:87:2d:08:5a:fd:08:e6:ba:c7:e4:2b:fc:ba:66:d1:c4:
         08:89:70:47:8e:9a:e3:29:ae:ce:c9:e1:84:c7:fb:f3:fc:e4:
         6e:e7:5f:cd:50:b8:ae:7d:72:17:ad:f8:75:eb:c6:f3:2a:a7:
         ff:cb:70:8c:af:4f:2a:39:d4:7d:f9:ca:6f:73:e0:ea:e7:57:
         77:6a:0a:cf:01:0b:ad:16:e1:a7:e1:28:9d:6c:a9:b4:dd:6f:
         83:f8:b9:b0:1c:92:24:9f:c5:be:b4:4e:9b:b2:93:5c:46:41:
         f4:87:2c:cd:a2:2d:e5:39:1c:cd:36:c1:aa:23:2c:e7:e5:65:
         62:a7:81:48:66:17:2a:18:f0:18:d7:20:5f:33:77:6a:b6:c0:
         87:40:42:26:b0:44:d4:41:08:91:1f:41:87:7b:36:ae:6d:70:
         3f:7f:ac:73:0b:7a:29:6c:35:f1:9b:00:d2:dc:a3:3a:3b:2d:
         b2:fc:eb:12:81:de:d9:7f:ad:63:20:79:9c:02:be:3c:66:51:
         1e:bf:63:74
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUPYQUlu4vYxJ92HzeWqZBOdF474wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA4MDgwMDQ5MTNaFw0yNjA4MDcwMDU0MTNaMDMxMTAvBgNV
BAMTKEQwOUU1QkY5NUE2OTBDNDhCN0E1NDIyREI3NTY2RjJERTEzQzlFQkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZgkPdTY9gxxl9fdn8+a0JIMMy
ItGi8LM+zOrwy85+vwJ+zX3SWnHyFhAITtM5URPRSfTTbqt88kA3jM5zANrQ+2ib
5o2xx8q+a5LSreaX5YOHKuVN584LVDXCy9rK1E8nOVaNmF7PMhe3qyvenYsmR8NM
KiV8zKqKHeqH5whFFuiFCzI7qihquHkBAI5rwrbnjRNAklDme/Vx7YIJ2AhTs/pA
LuVrP8lxQQz4amDJn6CoBWq/vTRxOQ8bsUH36p3k+6Cll5yfbf/cFZOkVpB6o1m4
9NwVjQw0mJac1ELPF+yQBncS65BX24MZqAV8h7XUbNZv8B+BUx+AQJ33f2uHAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU0J5b+VppDEi3pUItt1ZvLeE8nrwwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjExNDE1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYWx
AwQAtdffMA0GCSqGSIb3DQEBCwUAA4IBAQArmP0tPoV7flw0I4wjRQhQ3X5qjW4x
5hhbXNNoTD+b/r31ak2GMmtwXVdoaeX0OcNpGSP65dr5lYctCFr9COa6x+Qr/Lpm
0cQIiXBHjprjKa7OyeGEx/vz/ORu51/NULiufXIXrfh168bzKqf/y3CMr08qOdR9
+cpvc+Dq51d3agrPAQutFuGn4SidbKm03W+D+LmwHJIkn8W+tE6bspNcRkH0hyzN
oi3lORzNNsGqIyzn5WVip4FIZhcqGPAY1yBfM3dqtsCHQEImsETUQQiRH0GHezau
bXA/f6xzC3opbDXxmwDS3KM6Oy2y/OsSgd7Zf61jIHmcAr48ZlEev2N0
-----END CERTIFICATE-----