Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214836.roa
File:                     AS214836.roa (raw, json)
Hash identifier:          d27ctAxsEIql2bTxVO4uajmIn3J70NpiS5jtD6UAGRY=
Subject key identifier:   27:96:2A:76:57:9E:4B:E5:A8:77:05:AA:86:7D:FD:EE:A1:86:F9:46
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       2F091D313052BE7CCD8BF8EB3ADE661802603862
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214836.roa
Signing time:             Thu 23 May 2024 16:49:13 +0000
ROA not before:           Thu 23 May 2024 16:44:13 +0000
ROA not after:            Thu 22 May 2025 16:49:13 +0000
asID:                     214836
IP address blocks:        2a0f:85c1:803::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:09:1d:31:30:52:be:7c:cd:8b:f8:eb:3a:de:66:18:02:60:38:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:13 2024 GMT
            Not After : May 22 16:49:13 2025 GMT
        Subject: CN=27962A76579E4BE5A87705AA867DFDEEA186F946
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:fc:41:11:c1:4c:d2:3a:6d:a4:18:78:27:75:
                    cf:2f:8e:d4:31:ed:15:ff:99:85:be:b4:53:1a:a5:
                    96:39:4d:ad:7d:bd:c0:66:9b:ec:d5:3c:5f:3b:b0:
                    18:81:39:c6:fa:53:5c:19:a5:6a:62:b7:cc:b3:5f:
                    17:1b:fa:ca:61:ff:59:45:7c:ae:48:7b:2b:5e:7a:
                    32:5c:ec:df:f6:6e:52:3d:1c:b8:95:33:33:05:03:
                    3d:2d:13:04:9c:63:cf:46:fc:ff:3c:f8:6a:a2:98:
                    fe:23:00:2b:04:dc:2c:9a:76:4d:ca:58:04:ad:24:
                    d9:3a:fc:57:64:e5:ab:31:1f:16:3c:59:0f:97:71:
                    de:b8:de:69:81:84:bd:3f:ff:17:9c:d7:00:73:76:
                    67:cc:54:c9:d6:7c:a7:3e:74:6f:9b:2a:dd:53:1a:
                    14:5e:cf:6d:63:0f:80:d9:90:98:41:f0:36:3f:7f:
                    fd:ea:b0:67:47:85:cc:9c:69:b6:9a:9d:fe:56:de:
                    8a:75:91:ab:11:93:4f:1a:fe:c4:97:68:d1:64:26:
                    d1:79:e8:6d:14:56:a9:52:0a:59:bc:80:3a:f7:17:
                    44:11:f7:f1:e4:ee:cd:9f:47:da:69:b9:18:41:a3:
                    be:37:fc:24:94:43:89:67:ee:64:ce:47:23:f8:5e:
                    77:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:96:2A:76:57:9E:4B:E5:A8:77:05:AA:86:7D:FD:EE:A1:86:F9:46
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214836.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:803::/48

    Signature Algorithm: sha256WithRSAEncryption
         63:73:3b:be:ad:95:5b:90:7e:fa:55:fb:62:77:df:a8:5a:59:
         15:fa:48:f1:da:2a:82:a1:c0:84:46:43:bb:f6:14:33:a6:89:
         67:d3:23:e5:cd:4b:1d:bb:16:4c:99:85:7a:cd:e9:13:07:2e:
         f0:bd:cc:ff:e3:13:13:61:dd:6a:34:29:37:28:54:01:8e:d6:
         b3:00:77:95:e7:29:54:fe:08:6c:73:fb:46:f2:f3:9d:ef:2f:
         88:9b:8c:48:56:15:9f:ee:85:0e:3c:cb:81:78:81:a7:29:30:
         29:0e:b0:db:09:f3:22:cb:f2:cf:82:72:73:ec:7b:f5:3b:57:
         75:8b:f6:76:cc:ac:b5:b6:8c:d7:6c:0e:1b:ac:0e:4b:a8:60:
         4a:e6:7d:6a:35:2c:ee:9c:b7:ec:d7:28:52:2a:c6:3e:ba:f6:
         5b:81:6e:ba:2d:74:62:25:e5:37:ce:ba:96:f5:fd:b7:32:42:
         a5:26:0e:cc:bc:ef:ce:62:c5:dc:07:e7:09:4e:16:e6:aa:f1:
         af:6d:4c:37:9f:43:49:fa:f7:ea:cb:e2:38:d3:ab:03:e3:91:
         58:d7:46:99:8c:0c:ee:81:a3:72:dc:43:1c:b7:3c:78:f2:c0:
         00:cb:2b:ca:f1:00:97:09:31:3b:68:7f:aa:99:3f:7c:54:e2:
         a0:fd:99:b8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIULwkdMTBSvnzNi/jrOt5mGAJgOGIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTNaFw0yNTA1MjIxNjQ5MTNaMDMxMTAvBgNV
BAMTKDI3OTYyQTc2NTc5RTRCRTVBODc3MDVBQTg2N0RGREVFQTE4NkY5NDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDY/EERwUzSOm2kGHgndc8vjtQx
7RX/mYW+tFMapZY5Ta19vcBmm+zVPF87sBiBOcb6U1wZpWpit8yzXxcb+sph/1lF
fK5IeyteejJc7N/2blI9HLiVMzMFAz0tEwScY89G/P88+GqimP4jACsE3Cyadk3K
WAStJNk6/Fdk5asxHxY8WQ+Xcd643mmBhL0//xec1wBzdmfMVMnWfKc+dG+bKt1T
GhRez21jD4DZkJhB8DY/f/3qsGdHhcycabaanf5W3op1kasRk08a/sSXaNFkJtF5
6G0UVqlSClm8gDr3F0QR9/Hk7s2fR9ppuRhBo743/CSUQ4ln7mTORyP4XncfAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUJ5YqdleeS+WodwWqhn397qGG+UYwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE0ODM2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQgDMA0GCSqGSIb3DQEBCwUAA4IBAQBjczu+rZVbkH76Vftid9+oWlkV+kjx2iqC
ocCERkO79hQzpoln0yPlzUsduxZMmYV6zekTBy7wvcz/4xMTYd1qNCk3KFQBjtaz
AHeV5ylU/ghsc/tG8vOd7y+Im4xIVhWf7oUOPMuBeIGnKTApDrDbCfMiy/LPgnJz
7Hv1O1d1i/Z2zKy1tozXbA4brA5LqGBK5n1qNSzunLfs1yhSKsY+uvZbgW66LXRi
JeU3zrqW9f23MkKlJg7MvO/OYsXcB+cJThbmqvGvbUw3n0NJ+vfqy+I406sD45FY
10aZjAzugaNy3EMctzx48sAAyyvK8QCXCTE7aH+qmT98VOKg/Zm4
-----END CERTIFICATE-----