Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214879.roa
File:                     AS214879.roa (raw, json)
Hash identifier:          ZpkPn651LT7Nm8X373Lb10LhGrs3ZnD9zfXobHFIuQw=
Subject key identifier:   D3:68:1A:5E:10:B0:AB:D2:16:B9:D9:34:24:BE:1E:7A:4A:B2:5F:94
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       6AA72E88CDC72BF04D2D87D31AC33BA4DAEBF484
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214879.roa
Signing time:             Thu 22 Aug 2024 03:03:01 +0000
ROA not before:           Thu 22 Aug 2024 02:58:01 +0000
ROA not after:            Thu 21 Aug 2025 03:03:01 +0000
asID:                     214879
IP address blocks:        92.113.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 13:47:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:a7:2e:88:cd:c7:2b:f0:4d:2d:87:d3:1a:c3:3b:a4:da:eb:f4:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Aug 22 02:58:01 2024 GMT
            Not After : Aug 21 03:03:01 2025 GMT
        Subject: CN=D3681A5E10B0ABD216B9D93424BE1E7A4AB25F94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:eb:53:1c:25:80:fd:2c:b6:bc:59:07:ca:42:
                    4c:ee:bd:36:28:71:28:05:9e:d8:22:00:0e:f8:95:
                    56:af:53:0c:4c:39:36:f0:1a:2f:fb:09:e8:b6:5f:
                    56:96:f1:ba:3f:54:17:1e:84:69:be:9a:9f:e2:95:
                    24:f0:74:c3:aa:37:d4:c6:1c:ac:50:d8:16:76:72:
                    41:37:c3:cc:f0:c4:3e:c2:39:2d:9e:b6:7a:d3:fc:
                    89:34:ba:af:f7:5e:f2:95:57:6a:6c:db:e7:41:22:
                    b0:9f:89:d0:c0:de:e4:c1:10:93:07:b2:ef:83:5c:
                    cb:f6:be:b2:1b:f1:95:c0:5b:39:9f:85:18:71:b2:
                    1d:11:5f:0a:d2:78:83:2a:b9:bd:c9:43:8a:a3:e3:
                    e1:9d:08:ad:58:21:54:b2:10:64:1d:cf:84:79:ec:
                    e8:e4:53:78:a3:95:b3:8f:65:eb:d8:6b:40:a3:ac:
                    80:12:88:c7:3e:9f:8c:94:15:35:5d:23:59:42:05:
                    e7:30:be:86:0b:ca:86:2b:14:cc:39:a9:be:ab:2b:
                    b1:d5:a0:3a:c7:03:d4:3f:4c:45:85:27:16:7f:dd:
                    ed:9d:91:2c:14:fe:9c:5f:3d:c8:ff:db:cc:6c:fb:
                    86:32:b7:98:e7:c1:ad:40:be:01:a4:d8:b1:e5:5a:
                    84:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:68:1A:5E:10:B0:AB:D2:16:B9:D9:34:24:BE:1E:7A:4A:B2:5F:94
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214879.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.113.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:86:b3:db:86:88:3b:cb:54:cc:f6:26:e9:30:4d:a3:96:d8:
         79:10:76:10:b9:cf:5d:19:f6:2a:0d:fa:bd:30:6c:dd:db:c7:
         12:1a:ce:b3:6f:17:b5:d0:0c:a9:51:61:62:5b:3a:c4:dc:10:
         83:b6:82:c7:27:6e:4a:f1:af:44:95:7b:d8:21:cc:a8:52:06:
         9e:13:4a:58:e5:ce:bd:9f:c7:bd:d0:0f:a4:19:9f:c1:e6:4a:
         7b:a4:f4:b4:cd:e5:76:e6:a7:4d:0e:ea:04:d6:4a:05:87:31:
         93:13:d5:ae:44:d1:ba:6e:30:d9:fa:44:65:55:05:90:7d:7b:
         7b:d8:67:f1:79:80:1a:1b:04:41:1d:25:67:a8:29:af:ef:6f:
         87:ef:10:f9:59:94:b7:9a:ab:9c:3a:7c:9c:9b:4a:34:d4:af:
         53:28:1a:5c:fc:87:ff:01:0f:63:81:83:88:6d:07:3b:6d:83:
         50:1f:f2:4e:1d:0b:d1:48:18:22:c7:c3:3a:26:27:b3:9b:37:
         fe:44:7c:67:79:5b:5b:52:31:53:58:c2:b1:f3:91:cf:f0:86:
         b3:49:08:0c:e8:66:3c:93:84:be:e3:40:d5:58:63:f0:9e:57:
         b6:ac:92:b0:c2:0f:c0:7e:77:be:da:af:3b:5b:87:91:93:d8:
         77:7f:df:45
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUaqcuiM3HK/BNLYfTGsM7pNrr9IQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNDA4MjIwMjU4MDFaFw0yNTA4MjEwMzAzMDFaMDMxMTAvBgNV
BAMTKEQzNjgxQTVFMTBCMEFCRDIxNkI5RDkzNDI0QkUxRTdBNEFCMjVGOTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCI61McJYD9LLa8WQfKQkzuvTYo
cSgFntgiAA74lVavUwxMOTbwGi/7Cei2X1aW8bo/VBcehGm+mp/ilSTwdMOqN9TG
HKxQ2BZ2ckE3w8zwxD7COS2etnrT/Ik0uq/3XvKVV2ps2+dBIrCfidDA3uTBEJMH
su+DXMv2vrIb8ZXAWzmfhRhxsh0RXwrSeIMqub3JQ4qj4+GdCK1YIVSyEGQdz4R5
7OjkU3ijlbOPZevYa0CjrIASiMc+n4yUFTVdI1lCBecwvoYLyoYrFMw5qb6rK7HV
oDrHA9Q/TEWFJxZ/3e2dkSwU/pxfPcj/28xs+4Yyt5jnwa1AvgGk2LHlWoQzAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU02gaXhCwq9IWudk0JL4eekqyX5QwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE0ODc5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXHF2
MA0GCSqGSIb3DQEBCwUAA4IBAQB9hrPbhog7y1TM9ibpME2jlth5EHYQuc9dGfYq
Dfq9MGzd28cSGs6zbxe10AypUWFiWzrE3BCDtoLHJ25K8a9ElXvYIcyoUgaeE0pY
5c69n8e90A+kGZ/B5kp7pPS0zeV25qdNDuoE1koFhzGTE9WuRNG6bjDZ+kRlVQWQ
fXt72GfxeYAaGwRBHSVnqCmv72+H7xD5WZS3mqucOnycm0o01K9TKBpc/If/AQ9j
gYOIbQc7bYNQH/JOHQvRSBgix8M6Jiezmzf+RHxneVtbUjFTWMKx85HP8IazSQgM
6GY8k4S+40DVWGPwnle2rJKwwg/Afne+2q87W4eRk9h3f99F
-----END CERTIFICATE-----