Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214862.roa
File:                     AS214862.roa (raw, json)
Hash identifier:          sGK2zru3Dn40DtYPbNFTFCT8P3ZkHUvoqgbAVrXX0s8=
Subject key identifier:   F3:48:67:C8:15:5F:D4:4B:31:25:FA:B9:0A:8E:B8:E1:70:ED:C3:62
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       5FB7A864713CB26DC3FC848E1367961517D925FB
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214862.roa
Signing time:             Fri 24 May 2024 01:36:07 +0000
ROA not before:           Fri 24 May 2024 01:31:07 +0000
ROA not after:            Fri 23 May 2025 01:36:07 +0000
asID:                     214862
IP address blocks:        2a0f:85c1:3fb::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:b7:a8:64:71:3c:b2:6d:c3:fc:84:8e:13:67:96:15:17:d9:25:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 24 01:31:07 2024 GMT
            Not After : May 23 01:36:07 2025 GMT
        Subject: CN=F34867C8155FD44B3125FAB90A8EB8E170EDC362
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:10:88:32:e5:8d:f6:fc:ec:1d:23:f3:bb:27:
                    79:dc:a2:cd:22:37:69:5e:08:b3:a4:df:34:88:a7:
                    58:9a:43:0a:94:58:4d:99:e4:56:e1:e7:51:73:8b:
                    5a:09:47:dc:d6:e8:95:6f:cc:54:26:6d:fd:b9:88:
                    67:8f:fa:a8:68:54:d7:b8:c0:3f:5c:28:57:d3:9a:
                    f9:4b:80:0b:d6:7a:81:c5:5b:1e:77:63:cf:55:e5:
                    9d:9a:15:2c:7e:f8:10:86:b3:fc:b6:ff:9d:75:27:
                    f2:76:ee:87:3b:3d:ae:0c:47:14:85:be:e2:5f:9b:
                    63:67:52:56:f9:27:8e:4c:08:eb:46:e9:29:c7:cc:
                    63:d6:49:32:4e:f2:df:e2:1b:65:97:37:c5:6f:99:
                    d1:a9:2c:b3:d2:94:c2:35:c2:1b:ac:a0:2c:ae:eb:
                    9d:94:94:81:6f:9e:2c:da:8f:43:37:e5:d9:58:67:
                    e5:6b:e4:37:5d:4a:f2:5c:8a:dc:f4:a0:96:be:f9:
                    75:cc:49:d6:73:1a:fd:17:55:e1:db:f5:cb:25:ee:
                    20:f4:94:3c:fd:f3:04:78:c9:38:28:f6:aa:d1:12:
                    d0:f5:da:66:52:d9:1e:a8:55:31:2e:c5:69:fb:bb:
                    b8:51:5d:48:d5:26:4f:a0:b7:7c:b4:29:67:b4:dd:
                    92:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:48:67:C8:15:5F:D4:4B:31:25:FA:B9:0A:8E:B8:E1:70:ED:C3:62
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214862.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3fb::/48

    Signature Algorithm: sha256WithRSAEncryption
         81:c4:ee:a5:d2:93:72:87:68:41:cf:5a:56:11:b0:96:e0:45:
         19:ce:17:91:cc:48:0d:08:30:7d:61:5a:5f:14:cc:1c:ba:27:
         91:af:c0:99:fd:d5:e5:a7:fa:10:5d:5d:c7:99:28:39:fd:76:
         02:5c:ad:32:aa:cf:75:0d:a2:65:af:e6:63:9a:eb:69:2e:d6:
         34:c0:25:5f:e2:a1:16:a7:48:33:ca:29:0b:b9:1c:69:63:c1:
         a4:f8:f5:9a:19:b8:01:50:cf:47:bc:56:46:d7:4e:e2:bb:83:
         01:b8:02:2c:d0:ad:9d:53:ec:a4:07:ca:be:72:eb:48:34:a5:
         52:e4:11:1f:f9:73:2e:dc:68:18:16:d2:89:55:5f:45:2b:db:
         c5:34:f5:33:9c:2d:03:64:f4:f9:b7:5e:16:46:86:7d:d9:5e:
         f0:56:1c:66:ab:bc:0e:0a:f6:94:39:20:8a:76:81:f7:e0:af:
         5c:ab:0b:92:92:0b:64:c3:08:e9:16:5c:8d:12:6d:f2:4b:a5:
         d9:91:4f:34:ea:75:b0:1d:a0:f3:9a:93:40:45:e8:a8:75:02:
         7a:60:24:8e:c4:7e:ba:8a:0d:9b:c7:9d:e4:44:3d:d5:68:10:
         77:50:1e:e9:0e:4a:06:75:d7:da:cc:e3:4c:38:99:21:f0:1f:
         7b:b3:d5:32
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUX7eoZHE8sm3D/ISOE2eWFRfZJfswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjQwMTMxMDdaFw0yNTA1MjMwMTM2MDdaMDMxMTAvBgNV
BAMTKEYzNDg2N0M4MTU1RkQ0NEIzMTI1RkFCOTBBOEVCOEUxNzBFREMzNjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjEIgy5Y32/OwdI/O7J3ncos0i
N2leCLOk3zSIp1iaQwqUWE2Z5Fbh51Fzi1oJR9zW6JVvzFQmbf25iGeP+qhoVNe4
wD9cKFfTmvlLgAvWeoHFWx53Y89V5Z2aFSx++BCGs/y2/511J/J27oc7Pa4MRxSF
vuJfm2NnUlb5J45MCOtG6SnHzGPWSTJO8t/iG2WXN8VvmdGpLLPSlMI1whusoCyu
652UlIFvnizaj0M35dlYZ+Vr5DddSvJcitz0oJa++XXMSdZzGv0XVeHb9csl7iD0
lDz98wR4yTgo9qrREtD12mZS2R6oVTEuxWn7u7hRXUjVJk+gt3y0KWe03ZKjAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU80hnyBVf1EsxJfq5Co644XDtw2IwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE0ODYyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQP7MA0GCSqGSIb3DQEBCwUAA4IBAQCBxO6l0pNyh2hBz1pWEbCW4EUZzheRzEgN
CDB9YVpfFMwcuieRr8CZ/dXlp/oQXV3HmSg5/XYCXK0yqs91DaJlr+ZjmutpLtY0
wCVf4qEWp0gzyikLuRxpY8Gk+PWaGbgBUM9HvFZG107iu4MBuAIs0K2dU+ykB8q+
cutINKVS5BEf+XMu3GgYFtKJVV9FK9vFNPUznC0DZPT5t14WRoZ92V7wVhxmq7wO
CvaUOSCKdoH34K9cqwuSkgtkwwjpFlyNEm3yS6XZkU806nWwHaDzmpNAReiodQJ6
YCSOxH66ig2bx53kRD3VaBB3UB7pDkoGddfazONMOJkh8B97s9Uy
-----END CERTIFICATE-----