Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214906.roa
File:                     AS214906.roa (raw, json)
Hash identifier:          Z3mFYQJVzA6ey7SXUwzfIVlYbj7wfJFR6ZYaVliFyP8=
Subject key identifier:   E0:6F:2C:AE:BE:96:17:F1:52:7C:94:E5:3D:B1:D2:B5:1D:B9:05:20
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       146B8762B4973BFFC24D070ED0634412230AAFC6
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214906.roa
Signing time:             Thu 23 May 2024 16:49:13 +0000
ROA not before:           Thu 23 May 2024 16:44:13 +0000
ROA not after:            Thu 22 May 2025 16:49:13 +0000
asID:                     214906
IP address blocks:        2a0f:85c1:3f2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:6b:87:62:b4:97:3b:ff:c2:4d:07:0e:d0:63:44:12:23:0a:af:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:13 2024 GMT
            Not After : May 22 16:49:13 2025 GMT
        Subject: CN=E06F2CAEBE9617F1527C94E53DB1D2B51DB90520
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:f8:8c:a7:63:b5:cf:f0:6c:eb:f0:b8:de:1a:
                    df:f5:63:a4:18:45:ac:47:b0:f2:81:42:b4:43:b6:
                    96:e5:1f:e5:bf:f6:2c:9e:9e:02:85:b9:76:c1:4b:
                    c8:8c:1d:83:d8:81:b5:38:76:aa:c6:e0:a7:5a:d9:
                    e8:86:dd:b9:38:7a:a6:4b:05:79:2b:f3:48:e5:32:
                    77:84:e9:c1:27:cc:14:09:aa:ef:2e:8f:57:22:61:
                    c6:b8:85:80:d8:13:66:6c:17:db:db:b3:71:16:cb:
                    94:d4:5d:f8:1d:a0:e9:24:50:e3:63:b9:1a:5f:e4:
                    ec:7d:72:43:26:cd:e3:b2:45:9d:79:70:00:62:27:
                    30:1f:f7:05:fc:b3:61:a1:c1:ff:b7:98:58:d5:f2:
                    ad:5a:f4:75:02:21:37:e8:e0:b8:9b:ff:e0:b4:2f:
                    b2:ce:bf:23:1f:22:64:21:83:c0:d9:bb:eb:47:a4:
                    b2:99:ba:55:b2:61:ed:21:b9:47:d2:bc:0e:6d:b0:
                    9f:5a:7d:93:23:2b:0e:3d:80:01:97:35:1d:33:e3:
                    d7:13:bd:fa:30:eb:cc:c0:97:e4:f4:72:76:fb:73:
                    48:e2:77:c4:ca:b1:a4:1b:f5:ef:30:40:17:d8:25:
                    51:11:76:b4:c2:ba:0e:55:f6:40:60:6a:71:81:dc:
                    dd:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:6F:2C:AE:BE:96:17:F1:52:7C:94:E5:3D:B1:D2:B5:1D:B9:05:20
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214906.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3f2::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:d0:71:68:cf:0c:4e:25:9d:a7:54:fc:0c:33:0d:25:13:90:
         07:52:25:8c:64:88:b6:89:59:4c:2c:08:66:ec:c4:f8:96:a4:
         b6:5b:9f:f0:f4:7b:06:7d:db:41:0b:e9:1a:6a:98:4a:ad:0d:
         dd:c5:d7:dc:59:4c:78:5a:0a:bb:9c:a6:3b:f3:6d:ad:90:6c:
         be:00:1d:23:89:74:d6:09:8e:39:76:ee:91:14:07:bc:1a:5c:
         6d:01:16:00:d7:6d:0c:5e:eb:18:ec:04:13:23:af:dd:01:ae:
         ca:bb:ad:70:26:b1:25:18:68:4c:3a:52:03:75:93:e8:f6:3d:
         4b:4f:89:95:15:fb:ed:ff:a0:ff:97:e8:0b:63:3d:79:f0:d2:
         2d:2d:f9:32:98:cc:d7:13:0f:80:56:91:90:3e:82:49:da:4c:
         0d:80:9f:8a:a5:eb:85:ea:99:bf:04:33:2d:5c:56:2f:f3:ba:
         4b:05:0f:32:a5:17:3f:6c:93:56:a2:14:a7:5f:50:fa:be:11:
         3e:9a:cd:c7:56:ca:2a:0b:c3:4e:a5:0d:33:fd:7f:13:10:86:
         6c:2c:e4:1f:7f:d1:40:b5:ad:5d:34:f9:0a:d7:20:fe:24:ca:
         3b:d6:aa:67:2b:57:db:4d:bf:0e:52:d7:59:9b:94:c4:e8:f6:
         71:8d:8f:a1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUFGuHYrSXO//CTQcO0GNEEiMKr8YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTNaFw0yNTA1MjIxNjQ5MTNaMDMxMTAvBgNV
BAMTKEUwNkYyQ0FFQkU5NjE3RjE1MjdDOTRFNTNEQjFEMkI1MURCOTA1MjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9+IynY7XP8Gzr8LjeGt/1Y6QY
RaxHsPKBQrRDtpblH+W/9iyengKFuXbBS8iMHYPYgbU4dqrG4Kda2eiG3bk4eqZL
BXkr80jlMneE6cEnzBQJqu8uj1ciYca4hYDYE2ZsF9vbs3EWy5TUXfgdoOkkUONj
uRpf5Ox9ckMmzeOyRZ15cABiJzAf9wX8s2Ghwf+3mFjV8q1a9HUCITfo4Lib/+C0
L7LOvyMfImQhg8DZu+tHpLKZulWyYe0huUfSvA5tsJ9afZMjKw49gAGXNR0z49cT
vfow68zAl+T0cnb7c0jid8TKsaQb9e8wQBfYJVERdrTCug5V9kBganGB3N0tAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU4G8srr6WF/FSfJTlPbHStR25BSAwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE0OTA2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQPyMA0GCSqGSIb3DQEBCwUAA4IBAQA60HFozwxOJZ2nVPwMMw0lE5AHUiWMZIi2
iVlMLAhm7MT4lqS2W5/w9HsGfdtBC+kaaphKrQ3dxdfcWUx4Wgq7nKY7822tkGy+
AB0jiXTWCY45du6RFAe8GlxtARYA120MXusY7AQTI6/dAa7Ku61wJrElGGhMOlID
dZPo9j1LT4mVFfvt/6D/l+gLYz158NItLfkymMzXEw+AVpGQPoJJ2kwNgJ+KpeuF
6pm/BDMtXFYv87pLBQ8ypRc/bJNWohSnX1D6vhE+ms3HVsoqC8NOpQ0z/X8TEIZs
LOQff9FAta1dNPkK1yD+JMo71qpnK1fbTb8OUtdZm5TE6PZxjY+h
-----END CERTIFICATE-----