Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211588.roa
File:                     AS211588.roa (raw, json)
Hash identifier:          B1WUpAVmFtq4/rf7go7r9r4rnMj+DW07R0D94dts9kY=
Subject key identifier:   71:61:15:F2:81:DC:8A:3F:3A:63:BE:35:5E:93:52:B4:82:84:98:35
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       344FF8A9C221F0B74DE667ADFA78AE2AF85F1E68
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211588.roa
Signing time:             Wed 24 Sep 2025 00:55:07 +0000
ROA not before:           Wed 24 Sep 2025 00:50:07 +0000
ROA not after:            Wed 23 Sep 2026 00:55:07 +0000
asID:                     211588
IP address blocks:        5.181.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:4f:f8:a9:c2:21:f0:b7:4d:e6:67:ad:fa:78:ae:2a:f8:5f:1e:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Sep 24 00:50:07 2025 GMT
            Not After : Sep 23 00:55:07 2026 GMT
        Subject: CN=716115F281DC8A3F3A63BE355E9352B482849835
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:e7:d5:b5:17:14:20:7c:65:10:7f:3e:12:d5:
                    c4:a4:9a:5f:dc:6e:6d:f7:5b:37:79:0b:6e:f2:c8:
                    56:da:46:8f:70:2c:40:0a:94:24:46:2b:0e:26:4c:
                    6f:fb:c8:6a:50:01:8f:a9:31:80:0a:7a:05:67:81:
                    e8:28:db:44:0a:28:22:6c:bb:7a:0b:43:e9:4f:44:
                    f6:e1:45:c8:72:3a:d4:c2:7c:7a:fc:ec:9a:51:94:
                    6a:22:b6:f3:4f:42:b8:55:42:d4:be:77:d6:24:fc:
                    c3:01:67:42:3b:50:1e:76:16:85:13:30:0a:cc:fb:
                    d0:b1:65:0a:3c:ea:48:90:4f:15:87:07:6f:44:22:
                    2a:48:15:cb:ec:c4:e9:26:44:55:9b:23:01:20:ff:
                    2c:0e:3b:44:47:21:1a:e5:42:5d:73:6b:af:97:ee:
                    37:cb:4b:8e:f7:d1:12:da:0a:4b:b6:22:10:2b:ac:
                    b0:7e:7a:db:af:35:68:ef:0a:42:0b:db:a0:4c:a0:
                    15:5a:f1:3f:31:8e:82:7a:07:e2:8e:2c:22:0b:21:
                    98:7b:52:7d:2d:40:fd:c3:ce:04:4d:c3:57:17:2a:
                    80:7e:68:c9:f7:5c:e9:3c:df:5d:34:3b:2e:c2:69:
                    d9:36:5f:dc:ed:2f:d2:7a:f5:29:18:65:c2:8c:cc:
                    16:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:61:15:F2:81:DC:8A:3F:3A:63:BE:35:5E:93:52:B4:82:84:98:35
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211588.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:e7:4d:8c:5a:ad:db:a9:3b:19:29:3a:46:0e:65:84:30:e2:
         48:2a:f1:64:36:ec:73:0f:b1:17:5a:0e:dd:70:89:a2:23:27:
         b8:1b:49:f2:84:27:48:e8:93:91:7f:a5:92:fa:ad:fe:ab:00:
         92:9b:a0:6c:e8:c9:a9:39:6a:7a:dd:94:93:2e:4e:8b:39:95:
         f6:46:17:5e:4d:6a:c2:eb:2b:b7:01:c5:61:3d:ca:db:44:9f:
         68:c8:c3:f3:59:80:0b:ee:ce:1d:39:0b:39:b4:b2:68:f3:b1:
         18:8b:c7:c7:63:65:5f:e0:62:e9:02:58:83:0a:6b:69:e3:69:
         a2:f6:7d:71:cc:91:d8:ec:77:aa:72:63:6f:41:a9:36:cf:d7:
         8d:51:32:c1:63:17:54:93:40:38:d0:6a:ee:c6:38:3f:33:b3:
         08:55:fa:66:6a:3a:b1:74:2e:3b:70:9e:70:46:8d:d5:e6:ed:
         44:e6:5a:bd:d5:8d:5c:c2:7f:b1:e8:97:6d:f1:5a:c5:9d:72:
         95:60:8a:64:65:4e:3f:a7:e7:4d:54:16:96:6f:81:9e:38:10:
         f6:8e:92:57:9b:a5:3e:01:c5:c1:b5:10:45:5a:af:cc:98:b2:
         f0:dd:77:5e:ce:48:d0:a2:15:b5:7d:d2:4f:ff:89:69:d8:ec:
         c9:9e:cb:3a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUNE/4qcIh8LdN5met+niuKvhfHmgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA5MjQwMDUwMDdaFw0yNjA5MjMwMDU1MDdaMDMxMTAvBgNV
BAMTKDcxNjExNUYyODFEQzhBM0YzQTYzQkUzNTVFOTM1MkI0ODI4NDk4MzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC859W1FxQgfGUQfz4S1cSkml/c
bm33Wzd5C27yyFbaRo9wLEAKlCRGKw4mTG/7yGpQAY+pMYAKegVngego20QKKCJs
u3oLQ+lPRPbhRchyOtTCfHr87JpRlGoitvNPQrhVQtS+d9Yk/MMBZ0I7UB52FoUT
MArM+9CxZQo86kiQTxWHB29EIipIFcvsxOkmRFWbIwEg/ywOO0RHIRrlQl1za6+X
7jfLS4730RLaCku2IhArrLB+etuvNWjvCkIL26BMoBVa8T8xjoJ6B+KOLCILIZh7
Un0tQP3DzgRNw1cXKoB+aMn3XOk83100Oy7Cadk2X9ztL9J69SkYZcKMzBavAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUcWEV8oHcij86Y741XpNStIKEmDUwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjExNTg4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbWG
MA0GCSqGSIb3DQEBCwUAA4IBAQAW502MWq3bqTsZKTpGDmWEMOJIKvFkNuxzD7EX
Wg7dcImiIye4G0nyhCdI6JORf6WS+q3+qwCSm6Bs6MmpOWp63ZSTLk6LOZX2Rhde
TWrC6yu3AcVhPcrbRJ9oyMPzWYAL7s4dOQs5tLJo87EYi8fHY2Vf4GLpAliDCmtp
42mi9n1xzJHY7HeqcmNvQak2z9eNUTLBYxdUk0A40Gruxjg/M7MIVfpmajqxdC47
cJ5wRo3V5u1E5lq91Y1cwn+x6Jdt8VrFnXKVYIpkZU4/p+dNVBaWb4GeOBD2jpJX
m6U+AcXBtRBFWq/MmLLw3XdezkjQohW1fdJP/4lp2OzJnss6
-----END CERTIFICATE-----