Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214209.roa
File:                     AS214209.roa (raw, json)
Hash identifier:          +dyRNNqOxV3IWgbf0aEXrgSK5csftOGpznl0JqhP+tU=
Subject key identifier:   08:26:9F:44:86:62:D2:1D:AA:7A:A6:13:B8:22:4B:92:C1:B5:90:D1
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       466C6831989035E398415A6AC20777F21FC78AC4
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214209.roa
Signing time:             Mon 23 Sep 2024 19:28:25 +0000
ROA not before:           Mon 23 Sep 2024 19:23:25 +0000
ROA not after:            Mon 22 Sep 2025 19:28:25 +0000
asID:                     214209
IP address blocks:        140.233.190.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:6c:68:31:98:90:35:e3:98:41:5a:6a:c2:07:77:f2:1f:c7:8a:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Sep 23 19:23:25 2024 GMT
            Not After : Sep 22 19:28:25 2025 GMT
        Subject: CN=08269F448662D21DAA7AA613B8224B92C1B590D1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:3b:06:34:db:8b:fd:11:76:8f:e2:d0:98:aa:
                    6d:3e:66:ad:4b:0b:a1:37:de:ef:6f:dc:53:62:43:
                    4d:aa:d9:49:76:62:75:b2:63:74:9a:c5:a5:f9:3a:
                    82:c6:0f:cc:11:31:b4:32:31:e1:36:46:d0:41:da:
                    1d:e3:5d:fd:43:e9:21:35:6b:99:c6:36:cc:15:ab:
                    5f:fd:f1:2a:7d:ea:03:df:8c:4e:08:43:1a:07:d7:
                    c3:f8:94:08:a4:2b:93:bf:72:97:9c:ed:b1:f3:4b:
                    f7:e7:83:7c:50:10:e3:de:7e:04:28:d9:12:a6:9e:
                    7c:57:bb:38:b1:46:ff:92:5f:15:78:fa:90:b5:94:
                    ed:72:f0:b5:08:0c:55:57:02:7a:99:c9:4c:b6:d9:
                    3f:72:53:56:90:80:bb:c4:bb:f9:95:eb:ff:39:b1:
                    ee:9d:ed:5e:8c:41:9d:a2:59:06:68:2c:6c:8a:0d:
                    81:b1:40:cd:8d:c2:23:0e:6f:1b:bd:e3:ff:46:e4:
                    44:7a:cc:e8:1a:e3:a4:c8:bd:ad:cf:92:48:51:98:
                    05:5f:f3:83:f7:0b:29:f6:a1:54:7e:c0:8c:00:1d:
                    4b:24:62:0f:28:d8:6d:79:23:46:c9:d6:e0:90:5c:
                    ed:3f:3d:e2:3e:6e:e9:70:31:b0:ce:98:c2:16:d4:
                    e9:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:26:9F:44:86:62:D2:1D:AA:7A:A6:13:B8:22:4B:92:C1:B5:90:D1
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214209.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.233.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:c7:07:df:5b:6c:4f:ab:f0:4e:93:66:a3:d9:51:ea:36:e6:
         b8:ec:e7:8e:6f:0e:a1:b2:4e:b9:48:b8:f7:85:05:e8:38:03:
         11:91:9e:7c:26:44:4f:0e:21:d0:9e:77:fc:1b:fa:c7:bf:94:
         16:61:bc:f5:3a:b8:a7:88:72:28:25:0c:93:18:a1:8b:7e:97:
         11:85:3c:03:9b:b3:a4:fd:4c:34:3a:19:be:8d:ac:d1:4d:c6:
         b8:1c:63:1a:e7:3d:6e:70:78:a7:20:13:71:9a:d4:af:eb:cb:
         62:8a:f9:89:9b:02:e7:37:fa:5a:bf:32:78:9e:2e:ab:b9:fd:
         be:9c:65:f4:e9:be:df:37:78:0a:e3:87:64:03:44:25:51:1c:
         9d:1f:15:a1:08:57:f5:44:fe:28:b6:8c:fa:13:0b:6c:c3:15:
         72:8a:ac:66:ca:c4:da:03:0e:5b:81:07:c4:26:8a:2d:f4:e2:
         4b:14:3a:a8:0c:72:ee:87:d6:c9:a1:01:ad:e0:da:37:0f:c8:
         df:c3:f8:75:5f:4f:6d:0f:0e:b1:37:d5:c8:68:ec:7f:39:2a:
         b4:17:28:e2:27:39:a8:d4:88:2f:98:0b:01:bd:fb:3f:47:da:
         7d:69:98:e7:c9:02:41:d6:a2:0e:cc:4a:17:1f:e0:14:db:d1:
         5a:21:1a:f2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURmxoMZiQNeOYQVpqwgd38h/HisQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA5MjMxOTIzMjVaFw0yNTA5MjIxOTI4MjVaMDMxMTAvBgNV
BAMTKDA4MjY5RjQ0ODY2MkQyMURBQTdBQTYxM0I4MjI0QjkyQzFCNTkwRDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdOwY024v9EXaP4tCYqm0+Zq1L
C6E33u9v3FNiQ02q2Ul2YnWyY3SaxaX5OoLGD8wRMbQyMeE2RtBB2h3jXf1D6SE1
a5nGNswVq1/98Sp96gPfjE4IQxoH18P4lAikK5O/cpec7bHzS/fng3xQEOPefgQo
2RKmnnxXuzixRv+SXxV4+pC1lO1y8LUIDFVXAnqZyUy22T9yU1aQgLvEu/mV6/85
se6d7V6MQZ2iWQZoLGyKDYGxQM2NwiMObxu94/9G5ER6zOga46TIva3PkkhRmAVf
84P3Cyn2oVR+wIwAHUskYg8o2G15I0bJ1uCQXO0/PeI+bulwMbDOmMIW1Om3AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUCCafRIZi0h2qeqYTuCJLksG1kNEwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE0MjA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjOm+
MA0GCSqGSIb3DQEBCwUAA4IBAQA4xwffW2xPq/BOk2aj2VHqNua47OeObw6hsk65
SLj3hQXoOAMRkZ58JkRPDiHQnnf8G/rHv5QWYbz1OriniHIoJQyTGKGLfpcRhTwD
m7Ok/Uw0Ohm+jazRTca4HGMa5z1ucHinIBNxmtSv68tiivmJmwLnN/pavzJ4ni6r
uf2+nGX06b7fN3gK44dkA0QlURydHxWhCFf1RP4otoz6EwtswxVyiqxmysTaAw5b
gQfEJoot9OJLFDqoDHLuh9bJoQGt4No3D8jfw/h1X09tDw6xN9XIaOx/OSq0Fyji
Jzmo1IgvmAsBvfs/R9p9aZjnyQJB1qIOzEoXH+AU29FaIRry
-----END CERTIFICATE-----