Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211440.roa
File:                     AS211440.roa (raw, json)
Hash identifier:          K1GMW/z8RPWA/doqrv15nAjgYaUyZMyBLln1xKrF77o=
Subject key identifier:   77:A6:9E:16:6C:48:C4:10:4A:09:AF:21:29:9B:F8:B6:96:86:4A:06
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6940CC0C90973B186DB77497012930013938989F
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211440.roa
Signing time:             Mon 28 Apr 2025 15:54:04 +0000
ROA not before:           Mon 28 Apr 2025 15:49:04 +0000
ROA not after:            Mon 27 Apr 2026 15:54:04 +0000
asID:                     211440
IP address blocks:        179.61.250.0/24 maxlen: 24
                          181.214.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:40:cc:0c:90:97:3b:18:6d:b7:74:97:01:29:30:01:39:38:98:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr 28 15:49:04 2025 GMT
            Not After : Apr 27 15:54:04 2026 GMT
        Subject: CN=77A69E166C48C4104A09AF21299BF8B696864A06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:59:91:b1:11:c2:53:0f:08:c8:e5:ce:66:88:
                    5e:59:c1:1e:b0:a2:a3:a3:c9:17:02:1b:73:3b:19:
                    c4:c0:5a:fc:2d:98:e3:a6:7d:0b:da:5e:b9:1a:84:
                    ca:57:4d:af:a0:38:64:75:f7:7b:42:8f:ed:03:a5:
                    93:22:68:0f:a4:84:f2:3b:07:a0:b2:be:de:34:52:
                    3c:64:e7:c0:6e:1d:ab:df:8b:9c:1b:00:66:ab:2c:
                    f0:1d:6e:19:a1:40:4a:00:b9:7d:d5:bf:67:40:85:
                    88:5d:35:1c:6b:14:2b:4f:83:a3:29:1d:96:c4:93:
                    db:61:d8:62:1f:4a:01:6f:0a:85:c4:a0:5e:21:66:
                    dd:2d:45:88:2b:8a:bf:43:11:9e:57:c7:fc:d5:fa:
                    d1:24:81:0f:66:71:b5:48:02:68:7c:58:c9:fe:fb:
                    51:9a:25:15:37:76:b5:90:77:71:49:f2:9a:a0:d4:
                    c6:56:74:65:68:ca:fa:f1:24:f0:e6:c7:ca:d9:c1:
                    d0:cc:67:71:f2:9a:7b:99:4b:e0:02:ba:df:f4:77:
                    0f:15:2c:fe:bd:e6:f2:b9:2e:7c:c6:1f:f0:60:f7:
                    43:aa:d1:d8:44:4e:c2:d4:43:7d:9a:cf:a6:f8:22:
                    ac:b3:7a:24:8f:24:0e:b4:2b:89:00:b5:84:e3:9d:
                    26:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:A6:9E:16:6C:48:C4:10:4A:09:AF:21:29:9B:F8:B6:96:86:4A:06
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211440.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.250.0/24
                  181.214.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:e7:af:5e:e3:51:61:46:ab:99:53:d7:d2:0d:dd:1c:68:73:
         66:a3:15:d0:96:5d:32:c1:3b:83:47:31:c0:a1:f1:43:6a:c1:
         79:ba:19:e4:17:35:f5:2c:3a:be:0f:33:f6:ca:69:fe:f7:02:
         05:37:5c:e9:13:52:7f:ae:62:f4:b4:a4:68:19:b3:bc:a0:19:
         92:5f:6b:81:ec:e7:5f:d1:c1:6b:cd:c7:e4:f1:43:d7:2b:66:
         b5:fc:df:ed:a5:0b:ae:9b:fd:f6:66:7f:04:eb:fa:81:51:d2:
         b1:b4:e3:7e:24:16:7c:46:5c:82:c0:03:41:19:1a:89:66:e2:
         bc:e3:20:b8:54:a9:e4:65:57:f9:2c:48:44:86:ac:44:45:71:
         00:88:22:d8:c8:55:a1:1d:84:9a:a8:fa:f8:0b:72:d3:c4:1d:
         67:d0:01:95:7c:7d:df:35:eb:eb:3d:b7:0e:b2:60:9b:1d:21:
         c6:48:e4:02:dc:40:cc:a5:94:17:81:0b:5a:6c:7f:93:c5:8a:
         13:51:91:00:4b:e9:a4:69:a6:c5:a1:f7:1e:5b:f3:33:f9:c4:
         90:b8:8c:44:97:ee:02:0a:ef:8a:ba:3d:50:39:be:17:45:81:
         24:81:10:90:bd:f7:5c:5a:70:40:bf:8b:fd:ed:69:e9:8d:31:
         07:9d:a7:89
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUaUDMDJCXOxhtt3SXASkwATk4mJ8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA0MjgxNTQ5MDRaFw0yNjA0MjcxNTU0MDRaMDMxMTAvBgNV
BAMTKDc3QTY5RTE2NkM0OEM0MTA0QTA5QUYyMTI5OUJGOEI2OTY4NjRBMDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYWZGxEcJTDwjI5c5miF5ZwR6w
oqOjyRcCG3M7GcTAWvwtmOOmfQvaXrkahMpXTa+gOGR193tCj+0DpZMiaA+khPI7
B6Cyvt40Ujxk58BuHavfi5wbAGarLPAdbhmhQEoAuX3Vv2dAhYhdNRxrFCtPg6Mp
HZbEk9th2GIfSgFvCoXEoF4hZt0tRYgrir9DEZ5Xx/zV+tEkgQ9mcbVIAmh8WMn+
+1GaJRU3drWQd3FJ8pqg1MZWdGVoyvrxJPDmx8rZwdDMZ3HymnuZS+ACut/0dw8V
LP695vK5LnzGH/Bg90Oq0dhETsLUQ32az6b4IqyzeiSPJA60K4kAtYTjnSYlAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUd6aeFmxIxBBKCa8hKZv4tpaGSgYwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjExNDQwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsz36
AwQAtda8MA0GCSqGSIb3DQEBCwUAA4IBAQB5569e41FhRquZU9fSDd0caHNmoxXQ
ll0ywTuDRzHAofFDasF5uhnkFzX1LDq+DzP2ymn+9wIFN1zpE1J/rmL0tKRoGbO8
oBmSX2uB7Odf0cFrzcfk8UPXK2a1/N/tpQuum/32Zn8E6/qBUdKxtON+JBZ8RlyC
wANBGRqJZuK84yC4VKnkZVf5LEhEhqxERXEAiCLYyFWhHYSaqPr4C3LTxB1n0AGV
fH3fNevrPbcOsmCbHSHGSOQC3EDMpZQXgQtabH+TxYoTUZEAS+mkaabFofceW/Mz
+cSQuIxEl+4CCu+Kuj1QOb4XRYEkgRCQvfdcWnBAv4v97WnpjTEHnaeJ
-----END CERTIFICATE-----