Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214913.roa
File:                     AS214913.roa (raw, json)
Hash identifier:          8eRlGF0Y7FnxnzGtpBwCB37x45P6DQWD1YiZGN51CCI=
Subject key identifier:   10:EC:38:6A:E1:B7:35:59:0D:58:37:FD:94:8F:6E:D4:90:C1:B2:2A
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       19178EFA61FB36A1270ABB4369242409A2C22823
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214913.roa
Signing time:             Thu 23 May 2024 16:49:11 +0000
ROA not before:           Thu 23 May 2024 16:44:11 +0000
ROA not after:            Thu 22 May 2025 16:49:11 +0000
asID:                     214913
IP address blocks:        2a0f:85c1:3f3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:17:8e:fa:61:fb:36:a1:27:0a:bb:43:69:24:24:09:a2:c2:28:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:11 2024 GMT
            Not After : May 22 16:49:11 2025 GMT
        Subject: CN=10EC386AE1B735590D5837FD948F6ED490C1B22A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:54:b1:e1:07:32:4d:c1:84:3e:94:6e:a3:a0:
                    c3:c6:d7:00:e8:6f:13:5f:45:11:0f:2e:e6:42:ff:
                    0a:0f:2d:ec:70:8e:ea:cf:2d:4d:24:57:cc:88:72:
                    bf:64:81:7a:5b:91:1b:ea:c2:9f:23:bb:24:4a:66:
                    50:a0:cd:56:7a:be:3c:4c:a5:5c:70:f4:31:71:7a:
                    96:9e:3e:d6:a7:ae:36:31:8c:72:a5:78:21:64:fd:
                    dc:f3:b9:92:e6:1f:1b:4a:88:99:b4:94:87:d6:0b:
                    80:aa:0c:e8:d3:51:6b:26:a3:72:27:07:43:86:33:
                    ac:4e:ad:42:ef:f4:6e:8d:3c:b6:29:39:a4:cd:47:
                    fa:d8:a1:83:88:2c:46:1a:2c:a5:be:3e:aa:b8:e0:
                    1a:b9:a3:2b:38:80:e1:8e:a4:ee:10:77:17:72:cf:
                    3d:5a:03:99:b4:58:5f:1e:b7:f6:88:9e:15:8a:ff:
                    b4:da:f8:29:56:9d:d5:0d:76:85:76:c5:41:c0:14:
                    5d:ca:49:77:df:33:86:10:b9:0c:dc:24:19:aa:05:
                    c6:d7:17:0a:f5:e1:a4:bc:b4:13:cf:eb:4b:8f:1f:
                    41:bc:36:fb:b6:a5:93:08:66:02:36:0c:e1:5c:8d:
                    38:50:74:71:37:eb:b3:22:be:18:30:43:47:29:58:
                    e7:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:EC:38:6A:E1:B7:35:59:0D:58:37:FD:94:8F:6E:D4:90:C1:B2:2A
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214913.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3f3::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:5c:7e:ce:c9:ba:49:76:b3:3f:f0:6a:21:dd:95:1a:21:2a:
         5f:60:ff:20:6a:60:36:cc:67:de:da:0d:4b:76:9a:4c:09:2e:
         3f:61:56:4f:7d:33:cc:14:b2:4e:7d:7d:a6:6a:38:05:73:19:
         9d:f9:4c:69:85:39:99:e9:12:ee:17:54:6d:da:7c:62:92:6a:
         80:66:c4:b7:46:98:36:ab:2b:fe:90:b8:c2:9e:a6:a7:0f:14:
         27:e8:19:73:32:95:80:d6:3b:98:3c:b1:8b:c3:0f:53:43:55:
         5b:29:ae:16:39:28:db:af:81:7f:ce:4d:f2:47:bd:f1:b2:5d:
         c9:da:1d:94:a9:0b:3b:c9:6c:4b:5c:d9:46:01:a5:4b:e7:8a:
         0d:f7:b6:06:59:3b:da:64:d8:ef:d0:c2:0a:9d:0e:38:c4:05:
         9f:4c:94:96:a7:af:2f:5e:36:27:ec:74:86:e3:e3:8e:c9:ac:
         2f:ef:05:f2:c3:3d:5e:09:02:b2:59:df:fb:dc:cb:46:ea:bb:
         b2:85:78:10:3a:4f:de:6b:f7:e3:6b:34:9c:95:61:b0:bc:c6:
         e6:53:0d:99:51:6b:3c:83:3f:f2:de:f7:b1:21:0d:02:a3:5a:
         38:69:3c:01:7e:41:11:1e:43:85:16:2c:33:4c:65:91:b8:f7:
         d0:8b:14:12
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUGReO+mH7NqEnCrtDaSQkCaLCKCMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTFaFw0yNTA1MjIxNjQ5MTFaMDMxMTAvBgNV
BAMTKDEwRUMzODZBRTFCNzM1NTkwRDU4MzdGRDk0OEY2RUQ0OTBDMUIyMkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxVLHhBzJNwYQ+lG6joMPG1wDo
bxNfRREPLuZC/woPLexwjurPLU0kV8yIcr9kgXpbkRvqwp8juyRKZlCgzVZ6vjxM
pVxw9DFxepaePtanrjYxjHKleCFk/dzzuZLmHxtKiJm0lIfWC4CqDOjTUWsmo3In
B0OGM6xOrULv9G6NPLYpOaTNR/rYoYOILEYaLKW+Pqq44Bq5oys4gOGOpO4Qdxdy
zz1aA5m0WF8et/aInhWK/7Ta+ClWndUNdoV2xUHAFF3KSXffM4YQuQzcJBmqBcbX
Fwr14aS8tBPP60uPH0G8Nvu2pZMIZgI2DOFcjThQdHE367MivhgwQ0cpWOfHAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUEOw4auG3NVkNWDf9lI9u1JDBsiowHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE0OTEzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQPzMA0GCSqGSIb3DQEBCwUAA4IBAQAYXH7OybpJdrM/8Goh3ZUaISpfYP8gamA2
zGfe2g1LdppMCS4/YVZPfTPMFLJOfX2majgFcxmd+UxphTmZ6RLuF1Rt2nxikmqA
ZsS3Rpg2qyv+kLjCnqanDxQn6BlzMpWA1juYPLGLww9TQ1VbKa4WOSjbr4F/zk3y
R73xsl3J2h2UqQs7yWxLXNlGAaVL54oN97YGWTvaZNjv0MIKnQ44xAWfTJSWp68v
XjYn7HSG4+OOyawv7wXywz1eCQKyWd/73MtG6ruyhXgQOk/ea/fjazSclWGwvMbm
Uw2ZUWs8gz/y3vexIQ0Co1o4aTwBfkERHkOFFiwzTGWRuPfQixQS
-----END CERTIFICATE-----