Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS213060.roa
File:                     AS213060.roa (raw, json)
Hash identifier:          ssdlTKllPLZDnrYnce3BZYWTo42DkFb/emS+h6ERBJk=
Subject key identifier:   14:1F:1D:3C:91:F6:0C:C5:CA:A4:3C:82:51:9B:8C:03:10:4B:CA:96
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       40CCB7272107AC764B95BE88BCDF12E1927B65A1
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS213060.roa
Signing time:             Wed 20 Aug 2025 06:59:08 +0000
ROA not before:           Wed 20 Aug 2025 06:54:08 +0000
ROA not after:            Wed 19 Aug 2026 06:59:08 +0000
asID:                     213060
IP address blocks:        89.19.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:cc:b7:27:21:07:ac:76:4b:95:be:88:bc:df:12:e1:92:7b:65:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug 20 06:54:08 2025 GMT
            Not After : Aug 19 06:59:08 2026 GMT
        Subject: CN=141F1D3C91F60CC5CAA43C82519B8C03104BCA96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a3:75:5a:7a:da:88:d0:45:41:5b:44:a6:47:
                    bc:19:bd:9c:84:26:37:e9:22:2e:5d:9d:c1:89:6c:
                    31:4e:87:43:6e:24:22:23:9a:d2:0f:d9:b8:88:92:
                    7a:d5:d7:9f:85:23:27:62:f4:93:e5:85:4c:aa:56:
                    bd:cb:ee:47:16:4e:05:5f:ee:2f:29:50:c6:85:23:
                    1d:b7:48:ab:7b:af:f2:f5:9b:eb:61:9f:1f:4e:a4:
                    4e:17:ce:8e:da:24:28:2b:a5:c8:71:3e:95:4a:df:
                    98:d2:d7:c1:36:cf:d3:ec:cc:69:15:62:6b:28:8e:
                    5c:e0:f7:a9:e9:a8:dc:00:d2:ba:7f:a1:d0:96:d4:
                    d2:9e:b7:93:c6:4a:49:8e:05:51:81:70:0f:8f:be:
                    9a:06:30:55:52:c9:6f:bc:d1:00:4f:e4:d7:53:75:
                    98:ae:cf:21:5c:4e:d0:f6:38:68:e8:c4:60:41:da:
                    69:3d:23:6c:33:f0:15:f5:37:7d:ed:a7:db:01:62:
                    99:06:df:eb:88:a1:25:d5:2c:8f:29:29:2e:12:16:
                    63:45:39:c3:d4:37:00:4b:ab:e8:39:20:5f:a6:e9:
                    f1:7f:42:ce:2c:1f:ac:d2:81:53:94:e1:49:d3:96:
                    2d:96:97:5a:62:31:d5:29:0f:05:83:f8:03:45:93:
                    3e:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:1F:1D:3C:91:F6:0C:C5:CA:A4:3C:82:51:9B:8C:03:10:4B:CA:96
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS213060.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.19.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:3e:f9:c5:8e:9c:b3:4b:9b:d0:71:d0:ff:e5:aa:c1:7a:23:
         24:c9:7c:43:c6:66:cc:65:2f:01:37:80:20:02:b8:ea:31:a3:
         3a:f7:7f:b0:48:09:85:11:f3:3c:fe:e4:69:26:1a:76:b4:d0:
         bb:63:fb:27:a7:f4:2c:47:36:4c:06:e3:de:17:67:b9:22:3b:
         59:d5:69:f1:de:88:f8:b6:31:1a:50:4e:c9:31:b9:30:40:21:
         62:61:6f:be:62:f1:88:41:4d:78:25:d6:7c:18:c1:6c:76:2c:
         e3:99:34:47:1c:61:f7:94:47:12:d4:f8:20:63:99:fd:27:8a:
         80:cb:fa:3c:82:a9:27:8a:e5:79:e4:6e:25:3d:b5:bb:e3:a3:
         fb:81:29:d5:45:b6:7d:f4:0f:a3:00:e0:0a:ca:87:32:82:fd:
         3b:b2:67:e8:0e:82:16:d8:5c:75:8b:03:8f:ea:ce:f3:14:5b:
         2f:1f:e3:a2:41:59:95:b3:9f:68:de:d1:90:f4:71:05:5e:fe:
         6d:f9:81:c3:27:91:06:5f:79:6a:e4:c4:98:11:f8:7b:9e:37:
         f2:28:e3:29:5c:c1:85:d1:a4:11:f2:7d:5e:59:eb:03:a2:7e:
         26:ca:d3:a8:98:3f:33:34:28:e1:69:26:bd:12:4b:4d:eb:3b:
         e2:a2:0a:5c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUQMy3JyEHrHZLlb6IvN8S4ZJ7ZaEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA4MjAwNjU0MDhaFw0yNjA4MTkwNjU5MDhaMDMxMTAvBgNV
BAMTKDE0MUYxRDNDOTFGNjBDQzVDQUE0M0M4MjUxOUI4QzAzMTA0QkNBOTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyo3VaetqI0EVBW0SmR7wZvZyE
JjfpIi5dncGJbDFOh0NuJCIjmtIP2biIknrV15+FIydi9JPlhUyqVr3L7kcWTgVf
7i8pUMaFIx23SKt7r/L1m+thnx9OpE4Xzo7aJCgrpchxPpVK35jS18E2z9PszGkV
Ymsojlzg96npqNwA0rp/odCW1NKet5PGSkmOBVGBcA+PvpoGMFVSyW+80QBP5NdT
dZiuzyFcTtD2OGjoxGBB2mk9I2wz8BX1N33tp9sBYpkG3+uIoSXVLI8pKS4SFmNF
OcPUNwBLq+g5IF+m6fF/Qs4sH6zSgVOU4UnTli2Wl1piMdUpDwWD+ANFkz5PAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUFB8dPJH2DMXKpDyCUZuMAxBLypYwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjEzMDYwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRMy
MA0GCSqGSIb3DQEBCwUAA4IBAQARPvnFjpyzS5vQcdD/5arBeiMkyXxDxmbMZS8B
N4AgArjqMaM693+wSAmFEfM8/uRpJhp2tNC7Y/snp/QsRzZMBuPeF2e5IjtZ1Wnx
3oj4tjEaUE7JMbkwQCFiYW++YvGIQU14JdZ8GMFsdizjmTRHHGH3lEcS1PggY5n9
J4qAy/o8gqkniuV55G4lPbW746P7gSnVRbZ99A+jAOAKyocygv07smfoDoIW2Fx1
iwOP6s7zFFsvH+OiQVmVs59o3tGQ9HEFXv5t+YHDJ5EGX3lq5MSYEfh7njfyKOMp
XMGF0aQR8n1eWesDon4mytOomD8zNCjhaSa9EktN6zviogpc
-----END CERTIFICATE-----