Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211432.roa
File:                     AS211432.roa (raw, json)
Hash identifier:          2YhdUcBBPJAv+LkoRGEuhzyq38ekUD9cDJJaNoZHYJ8=
Subject key identifier:   6B:A0:04:32:6C:77:26:25:97:76:5C:B7:83:E9:80:B6:58:A7:D3:F8
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       65A46616856DFF0FBD82CF34C7D1393141F23095
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211432.roa
Signing time:             Fri 15 Aug 2025 08:54:13 +0000
ROA not before:           Fri 15 Aug 2025 08:49:13 +0000
ROA not after:            Fri 14 Aug 2026 08:54:13 +0000
asID:                     211432
IP address blocks:        185.170.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 06:23:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:a4:66:16:85:6d:ff:0f:bd:82:cf:34:c7:d1:39:31:41:f2:30:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug 15 08:49:13 2025 GMT
            Not After : Aug 14 08:54:13 2026 GMT
        Subject: CN=6BA004326C77262597765CB783E980B658A7D3F8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:62:3b:47:71:e2:1c:d6:c6:7e:ac:77:4f:c8:
                    09:b8:06:84:f5:77:84:55:0f:02:6d:9f:07:c8:8e:
                    f1:42:35:de:20:de:8b:33:15:25:54:90:28:28:9c:
                    e1:88:34:8f:b7:0c:24:cd:cf:c8:4b:6f:52:9b:d1:
                    f2:d8:a3:a7:5b:b4:c1:f5:42:0a:5b:ba:36:ac:3f:
                    8e:94:2c:e1:69:79:30:c9:b2:ae:b2:3b:68:58:b0:
                    95:7e:40:90:d9:59:5b:63:d3:13:8c:6a:12:c5:ad:
                    61:00:2f:7d:ab:02:7e:6b:48:7b:68:09:1c:c9:4f:
                    8a:9b:a8:86:72:5e:91:f2:30:c9:28:6d:3e:d6:4c:
                    5e:17:2c:04:7e:f4:a2:7e:a7:16:e9:9b:96:26:ce:
                    f5:cb:41:5b:2b:fa:4e:3c:47:3e:6e:d2:36:d2:7d:
                    61:c4:d6:f1:68:d5:c0:98:e2:7c:25:21:d1:52:47:
                    12:b6:28:f0:5d:2e:c9:2a:2c:84:b3:4d:6c:ec:a4:
                    6a:a2:cd:16:6b:23:70:5e:b4:97:9f:67:82:a2:16:
                    09:21:6b:48:ad:84:0f:ea:81:2c:9f:ba:12:8f:5d:
                    0a:3f:0e:be:db:60:e0:58:72:b4:f1:d4:de:8b:b0:
                    a1:3b:ee:f8:9c:a0:09:26:85:dd:d4:a4:f3:cf:6a:
                    e3:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:A0:04:32:6C:77:26:25:97:76:5C:B7:83:E9:80:B6:58:A7:D3:F8
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.170.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:91:91:74:08:bd:9b:fc:24:1d:64:93:5d:b6:93:76:61:3d:
         b8:42:4b:95:a6:8a:c8:55:27:ed:58:51:7e:53:e5:87:51:34:
         75:4f:cb:9b:a6:27:37:24:ef:01:22:fb:ce:95:9d:b8:c3:f3:
         78:75:fb:15:70:22:6a:8f:ee:54:56:ae:3c:0b:8d:b0:ed:b5:
         1b:ca:a5:de:8e:3f:8e:75:af:6a:61:94:41:fd:b8:7d:0a:aa:
         c6:ee:e1:56:0c:e0:c3:fc:4b:92:94:65:2d:a5:c1:2f:d7:ed:
         df:aa:ff:9a:55:4e:30:d9:cd:3b:99:5a:10:cb:50:88:d6:b1:
         2f:40:c7:c3:59:80:a0:85:e3:b2:40:b9:c2:78:c8:1e:44:36:
         dd:23:15:8b:83:2f:77:63:ab:e5:bd:3a:22:7d:98:0b:b2:0e:
         53:fe:e7:51:53:f9:59:42:96:1a:88:54:c5:b1:20:cf:69:3c:
         e7:3e:be:57:ce:0d:8b:94:5b:f5:29:bd:91:3c:b0:ca:99:d5:
         ba:7b:74:c0:f0:8e:6f:0e:27:6e:72:17:f1:bd:e4:5c:dd:44:
         83:d4:b3:12:dd:c5:0b:b3:d6:76:4e:15:dd:52:02:a6:ed:57:
         b3:46:1d:55:ed:33:ec:31:81:05:77:2c:5b:e4:f7:dd:e9:1c:
         28:9f:b1:e5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUZaRmFoVt/w+9gs80x9E5MUHyMJUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA4MTUwODQ5MTNaFw0yNjA4MTQwODU0MTNaMDMxMTAvBgNV
BAMTKDZCQTAwNDMyNkM3NzI2MjU5Nzc2NUNCNzgzRTk4MEI2NThBN0QzRjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVYjtHceIc1sZ+rHdPyAm4BoT1
d4RVDwJtnwfIjvFCNd4g3oszFSVUkCgonOGINI+3DCTNz8hLb1Kb0fLYo6dbtMH1
QgpbujasP46ULOFpeTDJsq6yO2hYsJV+QJDZWVtj0xOMahLFrWEAL32rAn5rSHto
CRzJT4qbqIZyXpHyMMkobT7WTF4XLAR+9KJ+pxbpm5YmzvXLQVsr+k48Rz5u0jbS
fWHE1vFo1cCY4nwlIdFSRxK2KPBdLskqLISzTWzspGqizRZrI3BetJefZ4KiFgkh
a0ithA/qgSyfuhKPXQo/Dr7bYOBYcrTx1N6LsKE77vicoAkmhd3UpPPPauMPAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUa6AEMmx3JiWXdly3g+mAtlin0/gwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjExNDMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuao4
MA0GCSqGSIb3DQEBCwUAA4IBAQCTkZF0CL2b/CQdZJNdtpN2YT24QkuVporIVSft
WFF+U+WHUTR1T8ubpic3JO8BIvvOlZ24w/N4dfsVcCJqj+5UVq48C42w7bUbyqXe
jj+Oda9qYZRB/bh9CqrG7uFWDODD/EuSlGUtpcEv1+3fqv+aVU4w2c07mVoQy1CI
1rEvQMfDWYCgheOyQLnCeMgeRDbdIxWLgy93Y6vlvToifZgLsg5T/udRU/lZQpYa
iFTFsSDPaTznPr5Xzg2LlFv1Kb2RPLDKmdW6e3TA8I5vDiduchfxveRc3USD1LMS
3cULs9Z2ThXdUgKm7VezRh1V7TPsMYEFdyxb5Pfd6Rwon7Hl
-----END CERTIFICATE-----