Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS211567.roa
File:                     AS211567.roa (raw, json)
Hash identifier:          4+UToyddE/P/hPIBwJanlr8JMVzhXzoCInRbNq5nIEs=
Subject key identifier:   4A:48:F3:27:67:E7:03:42:0D:26:35:12:86:F9:66:00:E3:76:CA:54
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       346C2A50F1628E5572FB2FE8259C7DD862FF6284
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS211567.roa
Signing time:             Sun 12 Oct 2025 09:51:34 +0000
ROA not before:           Sun 12 Oct 2025 09:46:34 +0000
ROA not after:            Sun 11 Oct 2026 09:51:34 +0000
asID:                     211567
IP address blocks:        31.40.198.0/24 maxlen: 24
                          176.96.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:6c:2a:50:f1:62:8e:55:72:fb:2f:e8:25:9c:7d:d8:62:ff:62:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Oct 12 09:46:34 2025 GMT
            Not After : Oct 11 09:51:34 2026 GMT
        Subject: CN=4A48F32767E703420D26351286F96600E376CA54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:ed:4c:7c:09:24:97:7e:6e:af:81:de:f1:11:
                    06:18:ca:a6:15:a3:82:7f:39:3a:50:25:7e:bb:a2:
                    a9:59:05:a3:5a:51:d7:0a:25:e3:0e:0e:5a:2f:04:
                    94:32:de:9c:05:a8:c2:5f:f3:c6:fc:03:92:01:1b:
                    02:5c:fa:97:e3:24:ff:cb:9d:4a:f0:b3:35:64:68:
                    54:6a:af:6b:5a:d1:bb:89:76:fb:46:64:c7:9d:34:
                    39:49:e7:a6:12:8d:cd:f3:14:3c:6c:41:71:b8:c3:
                    4c:c2:0e:59:2b:0c:f3:bd:e8:f5:68:47:12:8c:d5:
                    af:73:c1:b2:9e:3a:84:59:bb:d4:bd:62:62:f0:55:
                    30:16:f9:e0:a2:ef:81:16:50:00:8d:95:0e:5e:82:
                    73:e5:25:57:68:38:8b:34:fd:c5:7e:5e:e8:7e:7d:
                    fc:3c:98:fa:0e:78:74:a7:5c:87:d7:92:3e:15:aa:
                    55:34:0c:37:c6:77:fa:20:47:34:27:b4:21:5b:79:
                    80:98:4a:b3:94:e5:c4:e8:80:d5:e5:62:ff:ad:c4:
                    b9:fc:f7:29:78:c7:ca:15:f1:5a:a6:a9:86:d4:d4:
                    15:8c:33:c0:3b:99:d3:57:6f:a8:f5:18:15:66:ea:
                    fd:7c:c0:0c:26:52:f7:85:63:68:66:ab:49:dd:11:
                    a9:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:48:F3:27:67:E7:03:42:0D:26:35:12:86:F9:66:00:E3:76:CA:54
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS211567.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.198.0/24
                  176.96.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:23:d9:a9:c8:cc:30:54:91:ee:1c:81:df:a2:77:ff:74:88:
         2a:01:51:db:23:33:fb:0c:65:c3:0e:50:98:e7:df:08:6f:c7:
         85:53:60:5c:01:09:7b:a8:84:b4:0d:93:37:cf:a3:05:b5:8e:
         50:50:29:d9:80:de:ab:04:8d:f1:4f:92:a1:ae:ac:72:54:36:
         62:75:c9:08:82:78:c4:6d:60:06:f5:c3:42:77:e5:37:73:f1:
         f0:e8:1e:43:c5:6d:f6:96:f7:7b:94:b4:e4:8d:7d:14:41:2f:
         a4:cc:9c:41:eb:de:6d:05:88:fe:04:4e:98:f8:12:26:04:d4:
         d4:36:4b:39:68:e7:c8:6c:a1:e6:fc:13:ea:75:dd:1d:93:87:
         5f:09:5c:2f:7a:72:d6:77:4e:82:ec:b1:59:8d:cc:9e:b2:b8:
         e5:97:c7:46:00:31:8e:78:d0:c7:35:86:d4:fa:bf:71:29:bd:
         e2:a8:08:bc:b6:db:4e:63:28:e5:79:5a:71:c6:9e:cc:47:e7:
         a0:53:86:98:3d:e1:af:58:bf:05:54:0b:c2:bc:25:67:dd:a3:
         2c:5d:a7:2c:01:7b:52:0e:dc:b6:72:56:d7:54:ee:9d:5d:dc:
         86:5c:85:38:6d:81:5a:89:cb:9d:f9:36:9d:24:0e:df:b3:6c:
         16:3a:d2:5d
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUNGwqUPFijlVy+y/oJZx92GL/YoQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTEwMTIwOTQ2MzRaFw0yNjEwMTEwOTUxMzRaMDMxMTAvBgNV
BAMTKDRBNDhGMzI3NjdFNzAzNDIwRDI2MzUxMjg2Rjk2NjAwRTM3NkNBNTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDU7Ux8CSSXfm6vgd7xEQYYyqYV
o4J/OTpQJX67oqlZBaNaUdcKJeMODlovBJQy3pwFqMJf88b8A5IBGwJc+pfjJP/L
nUrwszVkaFRqr2ta0buJdvtGZMedNDlJ56YSjc3zFDxsQXG4w0zCDlkrDPO96PVo
RxKM1a9zwbKeOoRZu9S9YmLwVTAW+eCi74EWUACNlQ5egnPlJVdoOIs0/cV+Xuh+
ffw8mPoOeHSnXIfXkj4VqlU0DDfGd/ogRzQntCFbeYCYSrOU5cTogNXlYv+txLn8
9yl4x8oV8VqmqYbU1BWMM8A7mdNXb6j1GBVm6v18wAwmUveFY2hmq0ndEakTAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUSkjzJ2fnA0INJjUShvlmAON2ylQwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjExNTY3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHyjG
AwQAsGCBMA0GCSqGSIb3DQEBCwUAA4IBAQB+I9mpyMwwVJHuHIHfonf/dIgqAVHb
IzP7DGXDDlCY598Ib8eFU2BcAQl7qIS0DZM3z6MFtY5QUCnZgN6rBI3xT5Khrqxy
VDZidckIgnjEbWAG9cNCd+U3c/Hw6B5DxW32lvd7lLTkjX0UQS+kzJxB695tBYj+
BE6Y+BImBNTUNks5aOfIbKHm/BPqdd0dk4dfCVwvenLWd06C7LFZjcyesrjll8dG
ADGOeNDHNYbU+r9xKb3iqAi8tttOYyjleVpxxp7MR+egU4aYPeGvWL8FVAvCvCVn
3aMsXacsAXtSDty2clbXVO6dXdyGXIU4bYFaicud+TadJA7fs2wWOtJd
-----END CERTIFICATE-----