Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214618.roa
File:                     AS214618.roa (raw, json)
Hash identifier:          w5b+gJLpz1ij+vu1de76IfTYlr86kESghxT4uU8tTt4=
Subject key identifier:   EB:EA:FF:6B:0A:63:94:D2:23:F5:CD:62:86:64:04:CB:C7:AB:BF:12
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       26A35FA2065B129221D7799AEC88F1A8F889A1FD
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214618.roa
Signing time:             Mon 01 Jul 2024 09:59:32 +0000
ROA not before:           Mon 01 Jul 2024 09:54:32 +0000
ROA not after:            Mon 30 Jun 2025 09:59:32 +0000
asID:                     214618
IP address blocks:        146.103.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:a3:5f:a2:06:5b:12:92:21:d7:79:9a:ec:88:f1:a8:f8:89:a1:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul  1 09:54:32 2024 GMT
            Not After : Jun 30 09:59:32 2025 GMT
        Subject: CN=EBEAFF6B0A6394D223F5CD62866404CBC7ABBF12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:cd:3b:67:07:bb:a1:5c:07:15:e4:58:99:c8:
                    cf:b5:a0:27:95:1b:d3:6e:22:c1:76:ea:b1:7f:bc:
                    8b:e0:33:b9:b2:43:e3:f8:8a:72:d7:e3:3d:a6:77:
                    7d:66:8d:8a:b3:a4:80:f0:94:50:e5:3c:df:e3:7c:
                    34:18:45:5e:24:c0:33:cf:aa:f3:ac:b2:f8:c8:ac:
                    a0:fc:bf:86:3e:f4:d7:f9:8f:ae:a8:78:da:f4:80:
                    b7:5d:e5:5d:6a:a9:58:c4:91:d0:ac:be:11:c5:d7:
                    3f:43:99:55:97:d0:9a:56:be:18:46:b1:de:88:c0:
                    34:ce:2e:e7:b3:69:d4:fe:51:cf:73:f2:e2:05:18:
                    f0:6d:71:ca:b9:2b:18:fd:1c:f2:54:31:e3:f0:44:
                    f1:67:ec:90:1f:0c:d4:25:80:25:6a:55:ea:3d:51:
                    ab:42:9f:01:02:d0:25:ea:05:f8:29:27:a2:24:48:
                    9d:e3:b5:cd:f8:07:89:85:96:0b:41:a1:7c:e1:8c:
                    be:2c:8f:b2:3e:38:64:87:e1:78:29:a3:9d:74:53:
                    8a:1d:ab:ce:97:ba:e7:29:1d:95:03:0a:f1:a6:57:
                    17:81:d6:b0:50:12:f0:19:c2:eb:90:d4:f2:9d:78:
                    d0:6b:86:56:d2:58:a9:28:ba:6b:d6:9f:03:2b:d5:
                    2d:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:EA:FF:6B:0A:63:94:D2:23:F5:CD:62:86:64:04:CB:C7:AB:BF:12
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214618.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:4d:48:59:0a:ea:3a:9a:59:66:a8:18:43:6f:60:6b:2d:89:
         a8:76:ce:50:52:be:6f:a1:41:72:8d:12:70:0a:1a:d9:7a:31:
         31:eb:68:83:1e:32:df:c8:8e:2a:8a:c0:1b:1d:99:d7:34:ea:
         42:6c:d4:b8:db:bd:50:21:9c:1d:61:d7:11:6f:b5:b3:d5:6f:
         8b:5a:a1:d8:c1:9a:53:af:ec:0e:a4:67:dc:7b:3f:08:d5:64:
         ea:8d:3b:77:74:e5:7f:be:04:ea:68:a3:ea:36:8e:ad:81:fe:
         a1:e0:b6:e0:7e:f3:d9:79:23:99:1a:59:b4:24:4f:ca:3f:fd:
         a9:70:be:e1:bb:aa:97:49:dd:67:26:fb:2c:2f:de:b4:c7:d0:
         c8:33:a6:12:6d:07:37:48:48:36:04:e5:7e:16:c3:e9:a1:93:
         cf:36:f1:9e:c0:46:6e:69:f2:3e:66:e5:19:91:ba:0f:d8:46:
         0a:ea:fd:65:ab:d8:08:07:a7:77:2d:02:15:cb:99:6f:33:3a:
         06:4b:81:13:5a:b7:78:97:d1:ef:54:6f:e7:27:bc:6c:55:ff:
         a5:e5:2a:13:56:10:78:4c:42:06:0e:03:b2:7e:1f:7c:16:6e:
         9c:48:ad:f2:5a:97:05:ef:83:7f:33:54:3d:ce:98:87:04:75:
         7f:fa:16:b1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUJqNfogZbEpIh13ma7IjxqPiJof0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA3MDEwOTU0MzJaFw0yNTA2MzAwOTU5MzJaMDMxMTAvBgNV
BAMTKEVCRUFGRjZCMEE2Mzk0RDIyM0Y1Q0Q2Mjg2NjQwNENCQzdBQkJGMTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtzTtnB7uhXAcV5FiZyM+1oCeV
G9NuIsF26rF/vIvgM7myQ+P4inLX4z2md31mjYqzpIDwlFDlPN/jfDQYRV4kwDPP
qvOssvjIrKD8v4Y+9Nf5j66oeNr0gLdd5V1qqVjEkdCsvhHF1z9DmVWX0JpWvhhG
sd6IwDTOLuezadT+Uc9z8uIFGPBtccq5Kxj9HPJUMePwRPFn7JAfDNQlgCVqVeo9
UatCnwEC0CXqBfgpJ6IkSJ3jtc34B4mFlgtBoXzhjL4sj7I+OGSH4Xgpo510U4od
q86XuucpHZUDCvGmVxeB1rBQEvAZwuuQ1PKdeNBrhlbSWKkoumvWnwMr1S2tAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU6+r/awpjlNIj9c1ihmQEy8ervxIwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE0NjE4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkmc8
MA0GCSqGSIb3DQEBCwUAA4IBAQA0TUhZCuo6mllmqBhDb2BrLYmods5QUr5voUFy
jRJwChrZejEx62iDHjLfyI4qisAbHZnXNOpCbNS4271QIZwdYdcRb7Wz1W+LWqHY
wZpTr+wOpGfcez8I1WTqjTt3dOV/vgTqaKPqNo6tgf6h4LbgfvPZeSOZGlm0JE/K
P/2pcL7hu6qXSd1nJvssL960x9DIM6YSbQc3SEg2BOV+FsPpoZPPNvGewEZuafI+
ZuUZkboP2EYK6v1lq9gIB6d3LQIVy5lvMzoGS4ETWrd4l9HvVG/nJ7xsVf+l5SoT
VhB4TEIGDgOyfh98Fm6cSK3yWpcF74N/M1Q9zpiHBHV/+hax
-----END CERTIFICATE-----