Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214989.roa
File:                     AS214989.roa (raw, json)
Hash identifier:          HM5iU8IVGuylJ3VCedwfoRsr7lr3aWCQkDWgyXD6OHE=
Subject key identifier:   43:B1:6C:DC:43:45:9A:02:4D:BB:3C:42:00:44:96:31:B6:94:B0:53
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       748B847FB244D0DA0163AF40E5339EC621287822
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214989.roa
Signing time:             Thu 23 May 2024 16:49:14 +0000
ROA not before:           Thu 23 May 2024 16:44:14 +0000
ROA not after:            Thu 22 May 2025 16:49:14 +0000
asID:                     214989
IP address blocks:        2a0f:85c1:3cf::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:8b:84:7f:b2:44:d0:da:01:63:af:40:e5:33:9e:c6:21:28:78:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:14 2024 GMT
            Not After : May 22 16:49:14 2025 GMT
        Subject: CN=43B16CDC43459A024DBB3C4200449631B694B053
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:0c:b1:d3:e1:9f:c5:4a:eb:5e:0d:03:e5:af:
                    bd:e1:17:0b:4a:f4:a2:6e:67:71:da:1b:af:2c:f0:
                    8c:0e:43:16:7f:a7:42:c8:7e:de:33:c5:49:b3:35:
                    a4:49:15:7d:30:52:5b:25:c6:5f:74:98:de:8b:70:
                    d6:5b:43:49:24:20:b4:ea:52:83:ca:59:6c:8f:0b:
                    47:e2:2d:48:ee:a2:e8:f2:54:8f:0a:5d:63:56:5b:
                    3e:49:c1:3c:fb:9f:8e:c5:fc:f1:5c:79:16:ce:d9:
                    1c:0b:59:81:c5:8c:fa:19:a7:1a:c1:48:d5:5c:82:
                    5d:0a:1a:f0:24:f6:ca:19:85:d9:7e:45:61:ed:fc:
                    fa:c0:b5:9f:f9:7d:f8:75:dc:f6:14:17:b8:c2:9a:
                    e0:c4:a5:be:06:26:d9:ee:ae:f4:ca:26:cc:d4:0d:
                    e9:cd:ee:5c:14:47:3b:63:64:b1:0d:e8:fb:0b:fd:
                    72:9d:90:f9:c7:09:0e:d2:23:d8:45:2e:9c:7a:61:
                    d5:2b:93:9a:98:55:6c:dd:d2:91:65:b9:90:62:3a:
                    42:63:b2:6d:65:69:83:2b:34:4f:60:19:ad:ea:df:
                    9d:bc:cb:d1:b9:2b:81:ef:45:5a:e9:b5:a4:23:4e:
                    a1:6e:3d:06:d5:e5:a1:6d:b4:a4:ee:85:6c:94:4d:
                    d4:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:B1:6C:DC:43:45:9A:02:4D:BB:3C:42:00:44:96:31:B6:94:B0:53
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214989.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3cf::/48

    Signature Algorithm: sha256WithRSAEncryption
         98:9c:f9:3e:8c:48:03:eb:98:fb:7b:39:ff:ab:b0:05:43:17:
         e4:60:67:38:d6:9c:fc:6d:d1:0e:51:d4:f4:8a:f8:68:57:97:
         10:1a:5c:21:a7:ce:f2:a0:04:69:e7:fe:f1:0f:c5:00:88:c5:
         7b:51:8d:5b:c7:4c:36:6d:38:f4:60:fa:f1:76:27:20:2f:11:
         7a:b0:2b:9a:71:ce:70:77:14:aa:b6:c7:74:96:10:b1:89:d4:
         c1:1d:12:15:c0:70:e5:0b:06:ec:d5:4a:4c:e3:0b:e9:e5:21:
         fa:3d:43:1a:f0:b0:6c:63:b4:1f:49:87:23:ce:f1:21:16:63:
         8a:98:87:42:8c:cf:1f:6c:cc:db:6a:5f:8a:ba:ce:e8:fd:c1:
         19:9d:47:ac:52:2b:9e:96:1b:0c:61:1c:39:bb:7c:40:77:c3:
         bf:98:7e:bc:7e:f1:f0:2a:d3:7e:23:f3:2a:3a:ed:0a:40:7b:
         a1:d2:9b:bf:9b:7f:fb:66:8f:53:78:e8:ec:19:d1:0b:57:73:
         ff:00:6d:63:e9:6c:81:59:e7:fa:33:0a:dd:95:11:08:16:9f:
         71:88:1a:3c:e8:8f:0d:74:de:46:9f:ae:57:da:81:31:4a:18:
         ed:6a:cd:cf:e0:51:e4:67:e9:09:22:8e:36:20:19:3a:f6:2c:
         64:30:b9:5d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUdIuEf7JE0NoBY69A5TOexiEoeCIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MTRaFw0yNTA1MjIxNjQ5MTRaMDMxMTAvBgNV
BAMTKDQzQjE2Q0RDNDM0NTlBMDI0REJCM0M0MjAwNDQ5NjMxQjY5NEIwNTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQDLHT4Z/FSuteDQPlr73hFwtK
9KJuZ3HaG68s8IwOQxZ/p0LIft4zxUmzNaRJFX0wUlslxl90mN6LcNZbQ0kkILTq
UoPKWWyPC0fiLUjuoujyVI8KXWNWWz5JwTz7n47F/PFceRbO2RwLWYHFjPoZpxrB
SNVcgl0KGvAk9soZhdl+RWHt/PrAtZ/5ffh13PYUF7jCmuDEpb4GJtnurvTKJszU
DenN7lwURztjZLEN6PsL/XKdkPnHCQ7SI9hFLpx6YdUrk5qYVWzd0pFluZBiOkJj
sm1laYMrNE9gGa3q3528y9G5K4HvRVrptaQjTqFuPQbV5aFttKTuhWyUTdTjAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUQ7Fs3ENFmgJNuzxCAESWMbaUsFMwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE0OTg5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQPPMA0GCSqGSIb3DQEBCwUAA4IBAQCYnPk+jEgD65j7ezn/q7AFQxfkYGc41pz8
bdEOUdT0ivhoV5cQGlwhp87yoARp5/7xD8UAiMV7UY1bx0w2bTj0YPrxdicgLxF6
sCuacc5wdxSqtsd0lhCxidTBHRIVwHDlCwbs1UpM4wvp5SH6PUMa8LBsY7QfSYcj
zvEhFmOKmIdCjM8fbMzbal+Kus7o/cEZnUesUiuelhsMYRw5u3xAd8O/mH68fvHw
KtN+I/MqOu0KQHuh0pu/m3/7Zo9TeOjsGdELV3P/AG1j6WyBWef6MwrdlREIFp9x
iBo86I8NdN5Gn65X2oExShjtas3P4FHkZ+kJIo42IBk69ixkMLld
-----END CERTIFICATE-----