Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214752.roa
File:                     AS214752.roa (raw, json)
Hash identifier:          ppUJbClzos+u8o4IfS3+xFJRc+PGcEmDSgfFWY6KASQ=
Subject key identifier:   5D:39:8A:F0:AF:ED:5F:ED:C1:5D:A4:64:1C:2F:7A:78:BE:8D:96:27
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       27C570CEC11C7ADB6C26842E70C94DB687CF6649
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214752.roa
Signing time:             Tue 11 Jun 2024 00:17:21 +0000
ROA not before:           Tue 11 Jun 2024 00:12:21 +0000
ROA not after:            Tue 10 Jun 2025 00:17:21 +0000
asID:                     214752
IP address blocks:        2a0f:85c1:812::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:c5:70:ce:c1:1c:7a:db:6c:26:84:2e:70:c9:4d:b6:87:cf:66:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: Jun 11 00:12:21 2024 GMT
            Not After : Jun 10 00:17:21 2025 GMT
        Subject: CN=5D398AF0AFED5FEDC15DA4641C2F7A78BE8D9627
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e4:87:a1:3c:de:90:29:d1:c7:07:91:2f:93:
                    50:ca:c3:d6:91:81:4e:19:04:8e:dc:99:47:1e:29:
                    1f:89:81:fc:5f:ef:c7:74:1d:a6:ad:4b:ca:e0:af:
                    4d:06:ac:39:9f:64:29:41:bf:7a:45:68:86:83:4c:
                    99:f0:f1:23:d3:19:6a:d0:7a:ea:d8:0e:86:51:5f:
                    90:8f:6d:71:cf:6c:42:07:a9:58:46:78:ca:61:7f:
                    a3:48:c2:08:a7:8c:e5:40:de:e7:1e:6b:73:9d:c7:
                    1e:9f:56:60:ac:8f:d5:75:b4:c8:a7:34:e3:11:92:
                    62:25:f5:c2:51:ee:74:d4:95:34:13:d4:c4:9e:40:
                    d8:fa:3c:1e:c3:ae:28:39:3e:9b:0b:d3:36:08:41:
                    db:d5:69:47:52:84:62:f1:7e:d2:82:15:72:3b:ca:
                    b8:f3:cb:6c:ec:41:af:ac:31:e7:fa:67:9b:65:a9:
                    21:4c:75:6d:b4:87:30:21:94:29:b7:fb:30:0d:09:
                    a6:d5:ee:f2:9a:2c:fd:63:2b:9d:37:f5:da:94:dc:
                    10:d9:0e:3e:1c:44:27:9d:ed:89:64:7f:f2:2e:d5:
                    de:b4:c9:c3:dd:5e:62:eb:f3:f2:b0:af:9a:d4:ba:
                    ed:22:12:58:57:29:18:7c:ae:3c:41:47:7f:bc:7b:
                    55:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:39:8A:F0:AF:ED:5F:ED:C1:5D:A4:64:1C:2F:7A:78:BE:8D:96:27
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214752.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:812::/48

    Signature Algorithm: sha256WithRSAEncryption
         1d:0e:fb:5d:17:6a:8a:48:c2:13:31:ad:6b:0e:7c:fa:5b:27:
         3e:86:30:76:63:1a:8d:4e:7f:fd:df:c9:e5:f5:4f:13:1e:c2:
         ac:9f:03:f3:20:d5:60:ba:2b:88:5e:6b:5f:a9:04:22:0d:60:
         5d:3e:db:9e:ee:f6:c5:6a:ab:77:b5:de:48:63:eb:01:6c:70:
         fd:04:77:73:87:e9:62:ce:08:3b:6b:da:e5:72:bf:c7:ae:9a:
         3f:b7:0e:bc:fd:1f:66:3d:0c:23:9b:e9:01:92:50:b4:45:51:
         fa:4c:7c:5c:d3:36:c9:a2:e4:d6:38:16:5b:39:bf:a2:0c:3f:
         b7:2b:a1:04:99:6e:82:53:55:c4:ea:c8:31:4a:91:51:56:c0:
         93:87:6a:84:5b:9b:e8:90:75:af:e8:c9:bb:b6:1a:1f:4b:bf:
         ac:96:bd:4a:89:5f:ef:f9:03:da:8b:cf:e9:1e:dc:4a:4c:04:
         06:ca:e9:ad:b8:9f:0d:c5:d6:c1:c6:30:9f:9f:3a:f6:20:41:
         a5:e3:b2:1d:57:10:08:52:6e:0d:16:5c:78:b5:36:7b:a4:e5:
         96:c9:cb:e8:2f:b7:16:e4:46:13:86:0d:39:a6:b7:49:72:7b:
         58:c4:21:65:8f:21:87:e5:20:92:a5:64:cc:9b:24:a6:96:bd:
         1f:32:2d:cd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUJ8VwzsEcettsJoQucMlNtofPZkkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA2MTEwMDEyMjFaFw0yNTA2MTAwMDE3MjFaMDMxMTAvBgNV
BAMTKDVEMzk4QUYwQUZFRDVGRURDMTVEQTQ2NDFDMkY3QTc4QkU4RDk2MjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC05IehPN6QKdHHB5Evk1DKw9aR
gU4ZBI7cmUceKR+Jgfxf78d0HaatS8rgr00GrDmfZClBv3pFaIaDTJnw8SPTGWrQ
eurYDoZRX5CPbXHPbEIHqVhGeMphf6NIwginjOVA3ucea3Odxx6fVmCsj9V1tMin
NOMRkmIl9cJR7nTUlTQT1MSeQNj6PB7Drig5PpsL0zYIQdvVaUdShGLxftKCFXI7
yrjzy2zsQa+sMef6Z5tlqSFMdW20hzAhlCm3+zANCabV7vKaLP1jK5039dqU3BDZ
Dj4cRCed7Ylkf/Iu1d60ycPdXmLr8/Kwr5rUuu0iElhXKRh8rjxBR3+8e1WFAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUXTmK8K/tX+3BXaRkHC96eL6NlicwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE0NzUyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQgSMA0GCSqGSIb3DQEBCwUAA4IBAQAdDvtdF2qKSMITMa1rDnz6Wyc+hjB2YxqN
Tn/938nl9U8THsKsnwPzINVguiuIXmtfqQQiDWBdPtue7vbFaqt3td5IY+sBbHD9
BHdzh+lizgg7a9rlcr/Hrpo/tw68/R9mPQwjm+kBklC0RVH6THxc0zbJouTWOBZb
Ob+iDD+3K6EEmW6CU1XE6sgxSpFRVsCTh2qEW5vokHWv6Mm7thofS7+slr1KiV/v
+QPai8/pHtxKTAQGyumtuJ8NxdbBxjCfnzr2IEGl47IdVxAIUm4NFlx4tTZ7pOWW
ycvoL7cW5EYThg05prdJcntYxCFljyGH5SCSpWTMmySmlr0fMi3N
-----END CERTIFICATE-----