Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214882.roa
File:                     AS214882.roa (raw, json)
Hash identifier:          GAnwfI2sii8v0+0e2GOom8oe87iQLLAfq1Ryqv20lXc=
Subject key identifier:   43:85:7B:C1:78:3F:30:6A:85:DB:6A:F2:52:22:E3:33:B7:E6:91:58
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       0910B24444596FFA3A5AB88BAE7C621BF504D55E
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214882.roa
Signing time:             Fri 14 Jun 2024 20:54:09 +0000
ROA not before:           Fri 14 Jun 2024 20:49:09 +0000
ROA not after:            Fri 13 Jun 2025 20:54:09 +0000
asID:                     214882
IP address blocks:        2a0f:85c1:3da::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:10:b2:44:44:59:6f:fa:3a:5a:b8:8b:ae:7c:62:1b:f5:04:d5:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: Jun 14 20:49:09 2024 GMT
            Not After : Jun 13 20:54:09 2025 GMT
        Subject: CN=43857BC1783F306A85DB6AF25222E333B7E69158
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:a3:fb:a9:93:d9:79:4f:cc:b5:61:a5:d5:5b:
                    3f:f9:96:f2:9d:26:1f:63:b2:5e:bd:08:1d:9a:6a:
                    36:6b:7b:80:3e:b5:00:31:df:8a:03:8b:50:eb:6e:
                    e2:d3:54:ff:e2:a7:9e:63:00:0e:eb:57:bc:b9:da:
                    0c:a1:d0:3d:0a:72:c3:6f:0b:b2:0b:e2:b7:84:26:
                    09:6f:7a:99:67:49:17:40:4a:95:47:01:a5:5a:0f:
                    3e:ce:b1:07:54:53:d4:cf:66:f4:da:7e:aa:69:14:
                    35:6b:b0:7f:43:64:5d:80:98:ae:76:65:19:73:8a:
                    12:47:eb:1d:1f:39:d6:14:36:a4:ae:83:b3:14:cb:
                    80:b5:33:4f:97:8d:5d:08:0e:b2:39:05:68:41:4b:
                    91:bf:4a:4c:ab:2e:f3:11:db:f3:cd:b9:1d:f2:54:
                    68:73:b8:5d:9f:7c:25:e2:ba:88:e4:ac:75:c3:d4:
                    a9:82:59:e4:42:de:ec:e4:51:25:b3:c0:ba:14:a2:
                    25:77:8d:c8:8b:ae:d4:09:a9:99:ff:45:6a:2b:ec:
                    69:dc:8e:32:cd:5d:7f:f9:99:72:f3:4f:e7:b6:ee:
                    22:c5:3e:d9:ad:e7:8e:1d:e0:da:8f:19:c8:21:d6:
                    94:3b:49:21:8b:59:9d:00:0b:56:79:c4:81:86:35:
                    70:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:85:7B:C1:78:3F:30:6A:85:DB:6A:F2:52:22:E3:33:B7:E6:91:58
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214882.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3da::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:d7:04:b4:8c:3f:3b:ef:4f:e9:2c:65:a8:4e:91:d8:1d:a0:
         d3:ec:d5:a0:21:c8:72:f2:c1:50:28:26:0f:41:a3:e0:50:b7:
         04:f3:60:0c:c4:a2:91:b3:bd:80:6f:c5:27:68:07:43:15:50:
         7f:53:9a:72:f4:4a:6d:89:b5:b8:e2:5e:8c:ec:ec:3a:46:b8:
         7a:17:9c:40:6a:04:09:ff:0b:c1:a8:4a:c5:71:50:bd:02:0b:
         dc:7e:e9:34:b4:ac:e3:51:66:67:da:6a:66:63:e0:8d:00:e8:
         68:67:cb:53:ff:2a:6c:9a:bc:bd:0d:16:2b:e3:a2:61:66:f7:
         bc:92:fd:f3:45:91:9b:4b:f9:4f:46:26:28:49:cc:1c:89:b7:
         f5:df:ed:1c:2d:41:0d:21:fe:39:2f:b8:40:1d:ce:e7:58:1d:
         42:b4:17:1b:ea:5f:74:f3:22:94:42:3e:19:08:26:67:00:39:
         c3:ef:d5:71:3c:e1:3d:e0:9a:59:a0:de:30:55:e0:bb:81:67:
         69:ac:a4:35:66:26:cc:34:21:d1:47:b4:cf:93:14:1a:b5:a2:
         b5:c1:a0:9f:cd:5d:49:87:8b:c9:c3:3f:d6:e7:8d:82:35:7f:
         84:72:95:68:7c:bd:20:18:37:c8:dc:aa:d2:51:f2:f9:b5:bc:
         2f:b4:35:ca
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUCRCyRERZb/o6WriLrnxiG/UE1V4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA2MTQyMDQ5MDlaFw0yNTA2MTMyMDU0MDlaMDMxMTAvBgNV
BAMTKDQzODU3QkMxNzgzRjMwNkE4NURCNkFGMjUyMjJFMzMzQjdFNjkxNTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDo/upk9l5T8y1YaXVWz/5lvKd
Jh9jsl69CB2aajZre4A+tQAx34oDi1DrbuLTVP/ip55jAA7rV7y52gyh0D0KcsNv
C7IL4reEJglveplnSRdASpVHAaVaDz7OsQdUU9TPZvTafqppFDVrsH9DZF2AmK52
ZRlzihJH6x0fOdYUNqSug7MUy4C1M0+XjV0IDrI5BWhBS5G/SkyrLvMR2/PNuR3y
VGhzuF2ffCXiuojkrHXD1KmCWeRC3uzkUSWzwLoUoiV3jciLrtQJqZn/RWor7Gnc
jjLNXX/5mXLzT+e27iLFPtmt544d4NqPGcgh1pQ7SSGLWZ0AC1Z5xIGGNXCzAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUQ4V7wXg/MGqF22ryUiLjM7fmkVgwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE0ODgyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQPaMA0GCSqGSIb3DQEBCwUAA4IBAQBS1wS0jD8770/pLGWoTpHYHaDT7NWgIchy
8sFQKCYPQaPgULcE82AMxKKRs72Ab8UnaAdDFVB/U5py9EptibW44l6M7Ow6Rrh6
F5xAagQJ/wvBqErFcVC9Agvcfuk0tKzjUWZn2mpmY+CNAOhoZ8tT/ypsmry9DRYr
46JhZve8kv3zRZGbS/lPRiYoScwcibf13+0cLUENIf45L7hAHc7nWB1CtBcb6l90
8yKUQj4ZCCZnADnD79VxPOE94JpZoN4wVeC7gWdprKQ1ZibMNCHRR7TPkxQataK1
waCfzV1Jh4vJwz/W542CNX+EcpVofL0gGDfI3KrSUfL5tbwvtDXK
-----END CERTIFICATE-----