Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS212609.roa
File:                     AS212609.roa (raw, json)
Hash identifier:          /APqu+CprE0uVwRoje0imwMNm05GI7hLGIWZaE0nSOU=
Subject key identifier:   B8:BF:B6:59:AA:FE:DE:11:7B:CB:03:92:2B:19:FE:76:E8:38:18:65
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1F22A5FFD47A416274FEC2E71B37E41CBD9ED3E0
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS212609.roa
Signing time:             Thu 12 Jun 2025 13:30:58 +0000
ROA not before:           Thu 12 Jun 2025 13:25:58 +0000
ROA not after:            Thu 11 Jun 2026 13:30:58 +0000
asID:                     212609
IP address blocks:        181.215.200.0/24 maxlen: 24
                          191.96.250.0/24 maxlen: 24
                          191.101.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 12:46:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:22:a5:ff:d4:7a:41:62:74:fe:c2:e7:1b:37:e4:1c:bd:9e:d3:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 12 13:25:58 2025 GMT
            Not After : Jun 11 13:30:58 2026 GMT
        Subject: CN=B8BFB659AAFEDE117BCB03922B19FE76E8381865
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:4f:45:a6:53:0f:10:8e:2c:54:e5:ed:79:85:
                    86:fd:a3:96:26:64:1f:e1:6c:e1:bc:80:2d:8e:db:
                    30:88:8e:a2:20:ee:31:d2:e3:17:76:45:08:20:97:
                    cd:46:03:52:c6:72:49:af:b9:4c:b7:41:f0:bb:21:
                    1f:de:d0:1d:c9:5a:e4:24:66:2d:32:92:94:b1:44:
                    5d:6b:2b:3b:0d:12:4c:c1:99:cf:44:74:4f:a2:51:
                    a0:56:27:2b:6e:a3:45:77:f4:21:36:77:32:80:c3:
                    94:3b:bd:78:50:e7:c6:b7:b7:88:24:29:ac:fc:a1:
                    cf:57:a5:f3:c5:1f:b8:9d:39:17:98:44:93:f2:3d:
                    fd:ee:57:6a:3f:af:73:27:5e:06:9f:02:a4:11:af:
                    45:96:af:dc:7f:8a:b1:3f:7c:1a:e4:1c:b9:45:44:
                    d5:ad:35:35:f0:36:30:b2:52:5e:92:38:1d:6d:46:
                    86:e8:fd:38:fa:b0:ab:1b:27:ea:c3:0b:10:46:92:
                    e7:4f:e9:b7:ec:e6:ac:3c:36:31:62:53:be:fb:06:
                    07:8d:bb:b3:da:34:d7:ec:12:08:ef:fd:20:b6:1d:
                    24:30:0e:67:c6:3e:54:15:ea:45:fd:0f:e3:9c:de:
                    5a:a2:0e:75:2d:27:e4:e1:88:1a:7c:e5:21:b8:22:
                    66:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:BF:B6:59:AA:FE:DE:11:7B:CB:03:92:2B:19:FE:76:E8:38:18:65
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS212609.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.200.0/24
                  191.96.250.0/24
                  191.101.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:da:a2:0a:10:4e:c8:02:eb:39:06:a8:e3:91:47:3b:74:b2:
         f6:86:80:fa:f9:78:f6:78:07:ca:0e:c1:03:62:54:b9:78:81:
         9f:f7:6f:a3:64:4c:d3:ae:33:68:aa:5c:8f:d5:07:2c:db:02:
         22:51:95:5c:d1:9b:16:6d:c7:69:58:90:9b:ac:a0:20:ee:e7:
         c3:95:ed:4d:ac:f1:7d:3d:70:2e:64:d7:28:5b:1d:ac:73:72:
         ed:67:ac:60:d6:3a:37:e8:40:52:1c:11:83:bc:88:ec:20:1e:
         a1:af:c0:bf:19:90:80:3c:ee:5e:d9:ec:bf:2c:89:0d:34:f7:
         9e:7b:31:67:97:85:62:d4:46:b4:24:5d:07:05:a3:31:a9:80:
         87:60:c3:79:f2:7a:25:84:ee:a2:58:5a:ac:2f:00:f7:5a:fa:
         67:fa:11:10:bf:f8:27:a6:5d:e0:20:ff:7a:0d:fa:1b:f2:ba:
         be:7d:b8:5b:8f:bc:e3:83:f0:ba:e1:3c:07:53:fe:30:d7:34:
         81:9d:d5:71:cb:96:fc:32:60:0c:40:4d:21:4a:ed:3b:b9:83:
         53:e1:66:1a:c0:90:31:25:1b:7f:d7:cc:01:14:87:89:e6:4b:
         36:36:7e:fa:9d:39:f4:a7:24:f9:75:a4:60:52:64:df:cb:96:
         eb:7f:bc:26
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUHyKl/9R6QWJ0/sLnGzfkHL2e0+AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MTIxMzI1NThaFw0yNjA2MTExMzMwNThaMDMxMTAvBgNV
BAMTKEI4QkZCNjU5QUFGRURFMTE3QkNCMDM5MjJCMTlGRTc2RTgzODE4NjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAT0WmUw8QjixU5e15hYb9o5Ym
ZB/hbOG8gC2O2zCIjqIg7jHS4xd2RQggl81GA1LGckmvuUy3QfC7IR/e0B3JWuQk
Zi0ykpSxRF1rKzsNEkzBmc9EdE+iUaBWJytuo0V39CE2dzKAw5Q7vXhQ58a3t4gk
Kaz8oc9XpfPFH7idOReYRJPyPf3uV2o/r3MnXgafAqQRr0WWr9x/irE/fBrkHLlF
RNWtNTXwNjCyUl6SOB1tRobo/Tj6sKsbJ+rDCxBGkudP6bfs5qw8NjFiU777BgeN
u7PaNNfsEgjv/SC2HSQwDmfGPlQV6kX9D+Oc3lqiDnUtJ+ThiBp85SG4ImaVAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUuL+2War+3hF7ywOSKxn+dug4GGUwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjEyNjA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAtdfI
AwQAv2D6AwQAv2X4MA0GCSqGSIb3DQEBCwUAA4IBAQCB2qIKEE7IAus5BqjjkUc7
dLL2hoD6+Xj2eAfKDsEDYlS5eIGf92+jZEzTrjNoqlyP1Qcs2wIiUZVc0ZsWbcdp
WJCbrKAg7ufDle1NrPF9PXAuZNcoWx2sc3LtZ6xg1jo36EBSHBGDvIjsIB6hr8C/
GZCAPO5e2ey/LIkNNPeeezFnl4Vi1Ea0JF0HBaMxqYCHYMN58nolhO6iWFqsLwD3
Wvpn+hEQv/gnpl3gIP96Dfob8rq+fbhbj7zjg/C64TwHU/4w1zSBndVxy5b8MmAM
QE0hSu07uYNT4WYawJAxJRt/18wBFIeJ5ks2Nn76nTn0pyT5daRgUmTfy5brf7wm
-----END CERTIFICATE-----