Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS212238.roa
File:                     AS212238.roa (raw, json)
Hash identifier:          LKOriU34k6iC0p6Lt9X593jUCyJ7TRsHGQSFd5G/aCs=
Subject key identifier:   E2:07:33:54:31:75:23:21:8A:D5:2D:F2:91:99:C8:AB:98:91:28:2E
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       6777D92986F611DE0B1DB03BEFDEE315496ABE7F
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS212238.roa
Signing time:             Tue 15 Apr 2025 00:00:36 +0000
ROA not before:           Mon 14 Apr 2025 23:55:36 +0000
ROA not after:            Tue 14 Apr 2026 00:00:36 +0000
asID:                     212238
IP address blocks:        141.11.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:77:d9:29:86:f6:11:de:0b:1d:b0:3b:ef:de:e3:15:49:6a:be:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Apr 14 23:55:36 2025 GMT
            Not After : Apr 14 00:00:36 2026 GMT
        Subject: CN=E2073354317523218AD52DF29199C8AB9891282E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:1b:37:00:6c:f8:da:dd:ad:9c:e3:7b:cd:e2:
                    31:2b:e3:11:26:7c:19:09:dc:f6:8e:3b:36:6e:a0:
                    96:50:5f:63:66:9b:66:a5:87:e3:fd:b3:d7:c3:98:
                    81:c2:93:0d:ca:83:0f:5b:90:a0:06:23:85:a5:57:
                    4a:27:40:22:10:96:e0:9d:1f:f1:1b:a2:61:db:62:
                    ac:48:04:11:d8:b3:7e:da:09:c0:d3:d3:2b:33:09:
                    c8:e8:69:18:83:b2:66:22:b5:02:92:a7:d7:e5:ff:
                    de:ea:57:d4:eb:80:a3:c9:19:a7:fc:a6:c7:33:1a:
                    9f:ad:4a:d6:ff:0b:9b:79:d8:2e:49:ba:9b:a7:e4:
                    cf:cf:c4:2a:00:45:af:c4:48:28:bd:a6:92:b8:ed:
                    27:37:63:31:cb:0f:7e:a6:f9:c9:8f:14:5e:28:8a:
                    78:ae:73:f4:0b:b9:07:63:fe:68:9f:cb:5f:ad:1c:
                    ae:29:c7:75:80:c7:10:88:a0:81:a2:4c:6d:1d:3f:
                    9e:06:dc:53:0e:dc:10:46:3e:22:d9:72:ef:f8:bb:
                    1c:ca:90:b4:67:29:36:88:d5:af:48:e9:78:2b:87:
                    12:c3:e5:2b:ca:b7:1d:bf:7d:04:09:36:ed:0d:aa:
                    eb:1c:5f:b6:1a:eb:94:95:b5:51:a8:11:fc:5f:ff:
                    ef:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:07:33:54:31:75:23:21:8A:D5:2D:F2:91:99:C8:AB:98:91:28:2E
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS212238.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c9:c1:ba:4d:dc:15:c9:ad:bd:3e:83:aa:68:66:f8:1d:be:94:
         c4:6e:e5:83:82:e3:bc:1c:f1:c9:a2:cc:e3:5b:3a:f1:98:9c:
         59:b1:89:0d:5e:51:54:f5:8d:5c:e2:b4:7f:91:04:f2:f5:62:
         fd:8a:5e:7d:47:52:fe:8e:99:8f:63:45:3d:5c:e9:ce:37:d1:
         67:00:c5:82:8a:54:c5:59:c0:38:35:40:65:71:c1:66:b1:56:
         b8:5e:6d:bf:ea:8d:91:54:9f:07:6c:e1:a2:75:d7:af:3c:9e:
         c6:83:ae:d0:2d:3b:36:8c:38:d6:a6:b4:4d:49:79:fd:90:a9:
         ac:4f:99:ac:16:c6:2a:23:a8:bc:bc:f5:65:02:8b:be:31:fc:
         de:60:48:3c:3f:d2:7b:3b:f6:49:f0:f4:96:66:14:68:74:07:
         6f:32:b6:c7:e6:77:e5:4e:91:45:9a:e7:06:a1:1c:15:d1:2c:
         3b:64:df:05:64:07:7b:d3:77:14:9a:72:e9:b4:cd:64:10:4d:
         22:8f:4d:f9:94:04:47:32:f1:b0:7f:8d:4f:79:cb:d0:d3:e5:
         a9:10:ae:b8:76:3f:cf:ac:6d:ad:7c:45:ab:7d:b4:5d:68:10:
         16:b5:da:d9:2c:d1:70:49:fb:74:50:5b:61:67:75:86:77:05:
         7b:9f:68:80
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUZ3fZKYb2Ed4LHbA7797jFUlqvn8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA0MTQyMzU1MzZaFw0yNjA0MTQwMDAwMzZaMDMxMTAvBgNV
BAMTKEUyMDczMzU0MzE3NTIzMjE4QUQ1MkRGMjkxOTlDOEFCOTg5MTI4MkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCGGzcAbPja3a2c43vN4jEr4xEm
fBkJ3PaOOzZuoJZQX2Nmm2alh+P9s9fDmIHCkw3Kgw9bkKAGI4WlV0onQCIQluCd
H/EbomHbYqxIBBHYs37aCcDT0yszCcjoaRiDsmYitQKSp9fl/97qV9TrgKPJGaf8
psczGp+tStb/C5t52C5Jupun5M/PxCoARa/ESCi9ppK47Sc3YzHLD36m+cmPFF4o
iniuc/QLuQdj/mify1+tHK4px3WAxxCIoIGiTG0dP54G3FMO3BBGPiLZcu/4uxzK
kLRnKTaI1a9I6XgrhxLD5SvKtx2/fQQJNu0NquscX7Ya65SVtVGoEfxf/+/DAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU4gczVDF1IyGK1S3ykZnIq5iRKC4wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjEyMjM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQuk
MA0GCSqGSIb3DQEBCwUAA4IBAQDJwbpN3BXJrb0+g6poZvgdvpTEbuWDguO8HPHJ
oszjWzrxmJxZsYkNXlFU9Y1c4rR/kQTy9WL9il59R1L+jpmPY0U9XOnON9FnAMWC
ilTFWcA4NUBlccFmsVa4Xm2/6o2RVJ8HbOGiddevPJ7Gg67QLTs2jDjWprRNSXn9
kKmsT5msFsYqI6i8vPVlAou+MfzeYEg8P9J7O/ZJ8PSWZhRodAdvMrbH5nflTpFF
mucGoRwV0Sw7ZN8FZAd703cUmnLptM1kEE0ij035lARHMvGwf41PecvQ0+WpEK64
dj/PrG2tfEWrfbRdaBAWtdrZLNFwSft0UFthZ3WGdwV7n2iA
-----END CERTIFICATE-----