Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS213060.roa
File:                     AS213060.roa (raw, json)
Hash identifier:          SZdsOEjfppq5zniELd6MYJ5iD6gWT6mVZReO5JC3WtM=
Subject key identifier:   E9:92:64:DC:4D:B9:F5:8A:5D:FF:DB:CB:28:A5:24:F4:86:D4:DB:5E
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4D6B08297AE916569AF1D8EDF14A2BAD7BA3D4A2
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS213060.roa
Signing time:             Tue 12 Aug 2025 12:00:07 +0000
ROA not before:           Tue 12 Aug 2025 11:55:07 +0000
ROA not after:            Tue 11 Aug 2026 12:00:07 +0000
asID:                     213060
IP address blocks:        89.19.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 Aug 2025 22:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:6b:08:29:7a:e9:16:56:9a:f1:d8:ed:f1:4a:2b:ad:7b:a3:d4:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug 12 11:55:07 2025 GMT
            Not After : Aug 11 12:00:07 2026 GMT
        Subject: CN=E99264DC4DB9F58A5DFFDBCB28A524F486D4DB5E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:b8:b4:ba:de:77:fd:48:01:93:e6:7c:ea:49:
                    43:6d:25:8f:5f:26:82:4e:59:54:e8:49:13:a5:90:
                    98:fe:bd:da:74:73:55:cb:7d:67:b6:81:76:ed:8f:
                    97:6e:69:e4:f2:a9:4b:f0:ef:b1:98:d6:eb:0c:45:
                    3b:f1:fc:d7:be:2a:96:d9:5d:fb:4d:82:53:76:1e:
                    ba:28:15:fd:5c:de:a9:f3:e4:30:29:c2:50:fe:da:
                    1f:a9:3f:54:0e:1b:d0:ef:6b:64:81:09:1b:b2:04:
                    d1:a4:8b:70:ab:c2:09:67:56:81:54:b7:2d:d8:bf:
                    a4:f8:53:84:c3:a7:d4:a5:17:e0:0a:06:7a:ba:b1:
                    0f:39:0a:86:10:ea:c9:97:ec:7f:1b:71:e0:a9:65:
                    78:6b:1c:69:0e:43:b7:f2:4b:ab:de:e7:a2:15:12:
                    33:3d:8d:ad:3f:bb:54:97:a3:7b:81:75:67:c9:0e:
                    44:41:4d:12:42:79:66:c7:c0:c6:ac:a4:82:a2:e8:
                    52:92:e3:76:2d:c6:6a:78:a7:47:8d:cb:f7:b3:f0:
                    9e:b3:04:35:63:9b:bb:9d:21:d1:e5:b1:62:b1:9b:
                    60:6d:37:92:77:40:89:1d:1d:d9:75:a0:bf:84:1a:
                    94:20:e8:43:7a:c9:19:32:35:6e:24:27:83:1c:85:
                    50:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:92:64:DC:4D:B9:F5:8A:5D:FF:DB:CB:28:A5:24:F4:86:D4:DB:5E
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS213060.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.19.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:91:f0:a3:6c:53:61:7d:63:b3:7e:62:72:f7:af:38:4f:68:
         97:02:d2:50:32:76:b0:89:48:64:a8:47:8a:20:f4:3c:4f:5d:
         82:de:57:a9:0f:0b:e5:84:8b:de:1e:db:3d:02:f7:5d:99:34:
         a5:ba:64:f4:ba:62:a8:4d:79:9b:df:b5:39:99:36:8e:0e:6e:
         0a:d3:a1:e0:dc:8a:c0:69:e5:e2:19:f8:4c:a7:e1:18:56:f8:
         ac:79:d4:e5:1f:d5:ba:44:ae:cf:65:55:28:c8:4c:2a:55:5a:
         06:68:e4:17:b5:9a:ff:68:cb:7e:9f:30:b2:0e:41:8f:45:aa:
         ce:a6:b0:1c:0d:f5:88:8c:79:32:5c:b9:3d:2f:09:5e:f4:c5:
         a5:78:d3:b3:33:a4:74:de:63:d1:3c:aa:47:f5:ce:de:b0:ed:
         62:de:71:c8:3a:a1:50:39:fe:38:c7:f9:ec:e6:75:00:cf:fc:
         36:82:33:f1:1f:11:73:e8:89:ff:4c:4a:50:f5:4f:4d:ec:ec:
         0d:f4:e7:61:0b:dd:5c:e1:57:5e:99:6a:16:00:76:9f:28:55:
         08:07:b8:64:3d:85:32:57:83:eb:7b:21:3f:19:6f:12:fa:26:
         2e:79:a0:39:ce:ff:70:c6:4e:92:42:12:52:45:ec:e8:78:49:
         4f:66:45:d4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUTWsIKXrpFlaa8djt8UorrXuj1KIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA4MTIxMTU1MDdaFw0yNjA4MTExMjAwMDdaMDMxMTAvBgNV
BAMTKEU5OTI2NERDNERCOUY1OEE1REZGREJDQjI4QTUyNEY0ODZENERCNUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7uLS63nf9SAGT5nzqSUNtJY9f
JoJOWVToSROlkJj+vdp0c1XLfWe2gXbtj5duaeTyqUvw77GY1usMRTvx/Ne+KpbZ
XftNglN2HrooFf1c3qnz5DApwlD+2h+pP1QOG9Dva2SBCRuyBNGki3CrwglnVoFU
ty3Yv6T4U4TDp9SlF+AKBnq6sQ85CoYQ6smX7H8bceCpZXhrHGkOQ7fyS6ve56IV
EjM9ja0/u1SXo3uBdWfJDkRBTRJCeWbHwMaspIKi6FKS43Ytxmp4p0eNy/ez8J6z
BDVjm7udIdHlsWKxm2BtN5J3QIkdHdl1oL+EGpQg6EN6yRkyNW4kJ4MchVDBAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU6ZJk3E259Ypd/9vLKKUk9IbU214wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjEzMDYwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRMy
MA0GCSqGSIb3DQEBCwUAA4IBAQAtkfCjbFNhfWOzfmJy9684T2iXAtJQMnawiUhk
qEeKIPQ8T12C3lepDwvlhIveHts9AvddmTSlumT0umKoTXmb37U5mTaODm4K06Hg
3IrAaeXiGfhMp+EYVvisedTlH9W6RK7PZVUoyEwqVVoGaOQXtZr/aMt+nzCyDkGP
RarOprAcDfWIjHkyXLk9Lwle9MWleNOzM6R03mPRPKpH9c7esO1i3nHIOqFQOf44
x/ns5nUAz/w2gjPxHxFz6In/TEpQ9U9N7OwN9OdhC91c4VdemWoWAHafKFUIB7hk
PYUyV4PreyE/GW8S+iYueaA5zv9wxk6SQhJSRezoeElPZkXU
-----END CERTIFICATE-----