Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS212144.roa
File:                     AS212144.roa (raw, json)
Hash identifier:          uz/aTxjBaV3AiFoTqUsXj8UDaK7nC1b+H0O9oVNXyFU=
Subject key identifier:   41:F3:0E:A5:57:0F:86:F1:C2:97:56:F0:54:C0:A9:41:FC:CE:0D:73
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       180466722300A25A1FB5DE73321CF19FE9D5BBAE
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS212144.roa
Signing time:             Thu 12 Jun 2025 14:10:23 +0000
ROA not before:           Thu 12 Jun 2025 14:05:23 +0000
ROA not after:            Thu 11 Jun 2026 14:10:23 +0000
asID:                     212144
IP address blocks:        2a0a:9e03::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 01:56:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:04:66:72:23:00:a2:5a:1f:b5:de:73:32:1c:f1:9f:e9:d5:bb:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 12 14:05:23 2025 GMT
            Not After : Jun 11 14:10:23 2026 GMT
        Subject: CN=41F30EA5570F86F1C29756F054C0A941FCCE0D73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:24:4c:7d:6e:ed:9e:36:94:92:43:59:35:05:
                    58:b7:6a:ed:67:a8:ca:54:86:c5:30:f9:d2:e8:d6:
                    75:6f:c4:82:31:f5:b0:4e:b9:ec:cf:79:6e:6a:9c:
                    e3:3a:83:fe:29:37:62:16:a3:c7:a8:e1:cc:0a:92:
                    56:00:ac:35:36:15:62:eb:b8:c1:35:50:2a:5b:77:
                    a2:b6:e7:ee:17:ea:fc:ef:f7:1f:b3:f5:21:cc:e6:
                    b5:67:ea:d1:35:93:86:39:d9:56:30:e1:ff:e4:33:
                    81:21:f4:34:87:8a:17:33:dc:1f:f7:13:68:e8:e8:
                    96:79:64:0c:54:4e:44:73:a6:27:91:1f:4b:35:f9:
                    a1:d8:2d:b1:3d:66:6a:ff:2f:ff:bd:88:d0:fe:1f:
                    3d:c5:0b:06:e6:49:60:21:17:2e:07:4f:b3:8a:91:
                    22:ed:02:b8:8a:d4:d9:f0:9b:7f:24:8c:6c:ca:3c:
                    35:95:e6:9d:1d:ce:52:5f:97:16:f8:a7:9e:ff:8b:
                    04:ce:88:62:be:a4:68:47:6c:a3:af:42:76:50:b6:
                    ed:5b:00:76:45:cc:f2:98:9f:ee:38:2b:8d:da:08:
                    90:c6:5b:55:f8:a9:21:b9:90:8a:4b:b8:a2:63:35:
                    29:1d:4b:e8:59:40:d9:30:3b:df:19:73:e0:d1:13:
                    82:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:F3:0E:A5:57:0F:86:F1:C2:97:56:F0:54:C0:A9:41:FC:CE:0D:73
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS212144.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:9e03::/32

    Signature Algorithm: sha256WithRSAEncryption
         8a:4e:91:4f:76:02:08:05:f0:cf:88:64:7e:31:a6:0c:e6:88:
         95:f1:19:a2:1e:e2:8f:b9:76:3a:1e:62:29:70:9e:28:ad:c4:
         58:3c:8b:9f:07:fa:fa:f6:95:25:ff:13:3c:01:03:b1:94:da:
         3b:0f:b6:35:c8:44:b6:f4:48:ed:9c:9e:64:53:9d:3b:35:59:
         ca:60:53:7f:55:17:ae:10:a5:e9:84:2d:ad:ea:cb:15:82:b1:
         eb:1b:e0:1c:e1:99:9b:6d:92:82:a4:60:fe:32:2d:95:a7:ac:
         89:0e:ca:69:2e:fa:0e:5b:fa:b2:75:e0:b4:94:d8:b2:de:7d:
         6c:1e:a2:81:4f:84:cf:0e:24:de:84:d1:a4:42:30:ca:9a:5f:
         91:b9:48:8a:9c:80:b5:38:5a:66:a0:7f:ee:a9:d9:4b:06:59:
         a8:d7:7d:50:ff:75:b4:09:4e:36:b2:bf:bd:fa:d9:52:57:a7:
         8d:33:e8:73:8f:e8:9d:97:d8:b2:ea:78:bd:01:be:b5:1c:b0:
         42:92:b9:f9:f6:62:38:46:1e:a6:75:ba:9b:a4:86:e0:93:05:
         30:16:1b:ea:10:0d:ba:62:f9:c5:59:8a:a9:8a:4b:16:a4:59:
         e2:b5:6f:78:12:1d:6c:ec:48:02:04:d1:1e:9f:dd:9b:66:aa:
         28:5e:46:59
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIUGARmciMAoloftd5zMhzxn+nVu64wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MTIxNDA1MjNaFw0yNjA2MTExNDEwMjNaMDMxMTAvBgNV
BAMTKDQxRjMwRUE1NTcwRjg2RjFDMjk3NTZGMDU0QzBBOTQxRkNDRTBENzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzJEx9bu2eNpSSQ1k1BVi3au1n
qMpUhsUw+dLo1nVvxIIx9bBOuezPeW5qnOM6g/4pN2IWo8eo4cwKklYArDU2FWLr
uME1UCpbd6K25+4X6vzv9x+z9SHM5rVn6tE1k4Y52VYw4f/kM4Eh9DSHihcz3B/3
E2jo6JZ5ZAxUTkRzpieRH0s1+aHYLbE9Zmr/L/+9iND+Hz3FCwbmSWAhFy4HT7OK
kSLtAriK1Nnwm38kjGzKPDWV5p0dzlJflxb4p57/iwTOiGK+pGhHbKOvQnZQtu1b
AHZFzPKYn+44K43aCJDGW1X4qSG5kIpLuKJjNSkdS+hZQNkwO98Zc+DRE4KxAgMB
AAGjggILMIICBzAdBgNVHQ4EFgQUQfMOpVcPhvHCl1bwVMCpQfzODXMwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjEyMTQ0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgqe
AzANBgkqhkiG9w0BAQsFAAOCAQEAik6RT3YCCAXwz4hkfjGmDOaIlfEZoh7ij7l2
Oh5iKXCeKK3EWDyLnwf6+vaVJf8TPAEDsZTaOw+2NchEtvRI7ZyeZFOdOzVZymBT
f1UXrhCl6YQtrerLFYKx6xvgHOGZm22SgqRg/jItlaesiQ7KaS76Dlv6snXgtJTY
st59bB6igU+Ezw4k3oTRpEIwyppfkblIipyAtThaZqB/7qnZSwZZqNd9UP91tAlO
NrK/vfrZUlenjTPoc4/onZfYsup4vQG+tRywQpK5+fZiOEYepnW6m6SG4JMFMBYb
6hANumL5xVmKqYpLFqRZ4rVveBIdbOxIAgTRHp/dm2aqKF5GWQ==
-----END CERTIFICATE-----