Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214025.roa
File:                     AS214025.roa (raw, json)
Hash identifier:          La1zI+6VjDqFN3sBTj72NFhD1eCIVOgWekURkWsL3yA=
Subject key identifier:   5D:17:64:C5:89:6E:DC:9A:C9:26:07:45:2B:DB:13:8B:90:6E:EE:86
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       6B875C94828BDDE660631C1E04B5DB73545BE952
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214025.roa
Signing time:             Sat 24 May 2025 00:01:59 +0000
ROA not before:           Fri 23 May 2025 23:56:59 +0000
ROA not after:            Sat 23 May 2026 00:01:59 +0000
asID:                     214025
IP address blocks:        96.62.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:47:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:87:5c:94:82:8b:dd:e6:60:63:1c:1e:04:b5:db:73:54:5b:e9:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 23 23:56:59 2025 GMT
            Not After : May 23 00:01:59 2026 GMT
        Subject: CN=5D1764C5896EDC9AC92607452BDB138B906EEE86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:57:c1:45:10:47:8a:3f:1d:6e:f2:fd:4a:ae:
                    00:e4:f9:54:bd:24:01:79:84:c8:7e:62:29:37:11:
                    ab:4c:89:e6:98:87:4d:6d:68:b6:cc:9a:30:2d:fb:
                    cd:51:2d:4e:c6:df:ca:ed:2d:21:86:2a:af:22:b3:
                    0d:54:24:1c:a4:cf:71:48:8a:69:4c:8c:2f:d1:eb:
                    3b:ea:bc:dd:98:65:da:6a:a4:89:2d:d2:70:84:88:
                    1b:43:39:76:46:f6:dd:12:a1:69:3f:58:10:b4:f2:
                    eb:ce:49:81:9b:b0:1e:5d:77:dc:bc:04:9a:aa:57:
                    4f:09:9f:ab:9f:47:97:bd:26:62:d8:dc:21:4e:fd:
                    b6:63:f5:bc:ed:3c:9d:a4:aa:64:8f:bb:b3:f6:44:
                    11:96:fd:17:c8:34:4c:fb:b6:6c:25:3b:32:2c:0d:
                    22:46:16:81:65:bb:c5:98:03:17:9c:52:b7:64:d7:
                    01:20:36:2c:d7:d4:c0:51:81:a2:20:20:03:a7:bb:
                    6d:64:6c:e3:36:08:6f:05:8e:ee:13:c9:06:6e:fb:
                    74:1f:15:b8:0f:71:6f:62:a5:fb:ca:12:74:10:21:
                    67:b3:e8:f0:7c:e5:6f:c3:d3:b3:5f:50:af:1c:1f:
                    1a:2d:2d:a5:6a:84:52:62:01:94:01:f7:3b:38:6c:
                    ee:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:17:64:C5:89:6E:DC:9A:C9:26:07:45:2B:DB:13:8B:90:6E:EE:86
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214025.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:7f:ee:bb:b2:43:96:f8:49:b9:61:89:e5:5e:cc:d2:de:e0:
         7f:84:87:ff:53:65:a2:62:43:95:d4:c2:2e:8f:c9:a5:63:92:
         bd:2c:15:bb:e8:98:7c:a3:89:7d:60:a8:21:77:e3:ab:9d:a7:
         7e:52:1e:07:d1:22:b5:18:3a:b2:6a:e5:d3:f0:91:83:57:55:
         88:3f:62:0d:7b:06:ce:d2:3b:9e:5a:6f:66:00:24:3a:dd:d6:
         63:7d:2d:a5:d6:f2:2b:05:09:b3:54:b3:61:8c:c3:e1:78:d8:
         f9:fc:7c:c3:0c:12:01:94:b3:f0:2c:b9:f9:8d:fd:76:97:40:
         3d:94:4f:e6:cf:a7:27:35:83:1f:8a:ae:20:47:48:8a:85:16:
         99:b1:30:5d:2d:1a:66:a8:12:c7:d8:ca:d2:c9:58:bb:ee:f8:
         51:34:1d:42:7d:03:8a:45:0e:3b:33:0a:66:69:24:45:78:71:
         80:ba:46:17:6a:31:09:60:81:ce:63:ef:02:ad:f7:5b:d7:5a:
         be:56:c7:fb:60:0d:33:61:dc:12:80:e3:55:e7:e1:cb:ef:66:
         6f:0b:38:60:9d:9d:e8:a1:19:42:eb:60:bd:72:38:3a:d9:a0:
         0b:bf:3f:40:e7:89:e6:46:df:7d:e6:86:05:bd:9a:83:40:2e:
         df:ea:bc:61
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUa4dclIKL3eZgYxweBLXbc1Rb6VIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA1MjMyMzU2NTlaFw0yNjA1MjMwMDAxNTlaMDMxMTAvBgNV
BAMTKDVEMTc2NEM1ODk2RURDOUFDOTI2MDc0NTJCREIxMzhCOTA2RUVFODYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEV8FFEEeKPx1u8v1KrgDk+VS9
JAF5hMh+Yik3EatMieaYh01taLbMmjAt+81RLU7G38rtLSGGKq8isw1UJBykz3FI
imlMjC/R6zvqvN2YZdpqpIkt0nCEiBtDOXZG9t0SoWk/WBC08uvOSYGbsB5dd9y8
BJqqV08Jn6ufR5e9JmLY3CFO/bZj9bztPJ2kqmSPu7P2RBGW/RfINEz7tmwlOzIs
DSJGFoFlu8WYAxecUrdk1wEgNizX1MBRgaIgIAOnu21kbOM2CG8Fju4TyQZu+3Qf
FbgPcW9ipfvKEnQQIWez6PB85W/D07NfUK8cHxotLaVqhFJiAZQB9zs4bO51AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUXRdkxYlu3JrJJgdFK9sTi5Bu7oYwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE0MDI1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAYD5z
MA0GCSqGSIb3DQEBCwUAA4IBAQBkf+67skOW+Em5YYnlXszS3uB/hIf/U2WiYkOV
1MIuj8mlY5K9LBW76Jh8o4l9YKghd+Ornad+Uh4H0SK1GDqyauXT8JGDV1WIP2IN
ewbO0jueWm9mACQ63dZjfS2l1vIrBQmzVLNhjMPheNj5/HzDDBIBlLPwLLn5jf12
l0A9lE/mz6cnNYMfiq4gR0iKhRaZsTBdLRpmqBLH2MrSyVi77vhRNB1CfQOKRQ47
MwpmaSRFeHGAukYXajEJYIHOY+8Crfdb11q+Vsf7YA0zYdwSgONV5+HL72ZvCzhg
nZ3ooRlC62C9cjg62aALvz9A54nmRt995oYFvZqDQC7f6rxh
-----END CERTIFICATE-----