Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214457.roa
File:                     AS214457.roa (raw, json)
Hash identifier:          9Rxl8OGvlelmSe03GfyD/qxiAmRuBae2JCUMJHIewKw=
Subject key identifier:   AD:D7:6E:D1:43:A3:1F:0A:C8:E6:A8:13:8D:EC:5B:52:48:CB:71:AE
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       08FA83058D38CDDBC5919AC5ACC6E58AD0BCB104
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214457.roa
Signing time:             Wed 15 Jan 2025 15:06:50 +0000
ROA not before:           Wed 15 Jan 2025 15:01:50 +0000
ROA not after:            Wed 14 Jan 2026 15:06:50 +0000
asID:                     214457
IP address blocks:        82.29.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:fa:83:05:8d:38:cd:db:c5:91:9a:c5:ac:c6:e5:8a:d0:bc:b1:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan 15 15:01:50 2025 GMT
            Not After : Jan 14 15:06:50 2026 GMT
        Subject: CN=ADD76ED143A31F0AC8E6A8138DEC5B5248CB71AE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:2d:c4:e2:08:ca:68:7a:7d:4a:d0:73:8d:20:
                    46:c6:38:26:0e:01:c8:34:ae:56:d3:ed:ac:3d:a2:
                    44:fe:23:b5:5d:cb:16:2a:41:d0:f2:29:b0:06:bf:
                    a9:74:d1:12:4a:a0:da:0a:7d:4f:3a:62:54:d4:b5:
                    9c:5d:14:81:ae:bd:6a:74:d5:dc:45:d0:55:2b:52:
                    92:78:a2:e5:d0:60:9d:07:8a:ad:ca:23:ab:6e:6d:
                    77:a6:8b:50:ea:32:7b:4d:2a:c6:b3:ab:04:1b:24:
                    a1:a2:62:35:50:30:40:fe:fb:87:5c:2b:95:18:c1:
                    da:ab:6d:c0:0e:38:f0:2d:87:5c:23:46:ad:a9:0c:
                    d8:21:fb:cc:43:3c:1d:74:36:85:82:bd:bb:1f:10:
                    12:20:8a:28:35:08:4d:6a:54:f7:ff:fa:76:cd:66:
                    43:21:7e:59:47:f5:dc:0d:e0:d4:25:67:73:99:64:
                    0a:47:af:3f:5b:03:d1:c0:bf:96:f5:c3:86:8b:2e:
                    7b:19:d8:77:ba:7e:78:1e:cf:4e:f5:a5:6f:90:1c:
                    94:07:cd:36:d0:e5:1a:fe:70:65:fa:60:70:8e:a8:
                    e7:a1:37:b7:da:03:87:a6:68:9a:17:56:3f:82:c5:
                    c1:f9:5b:af:b0:b9:f0:5b:52:c7:a0:c1:e2:f0:35:
                    02:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:D7:6E:D1:43:A3:1F:0A:C8:E6:A8:13:8D:EC:5B:52:48:CB:71:AE
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214457.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.29.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:2c:7a:d9:9e:be:c6:6d:bf:eb:a8:25:fd:de:4f:b6:4d:50:
         67:24:c1:4f:21:dc:26:51:69:b3:f6:9e:a9:2d:32:07:ec:93:
         ad:c0:ce:ab:9e:21:a2:a9:ee:bc:56:ea:2e:94:a5:77:57:43:
         9b:44:d2:5b:74:e7:f2:4c:ad:d0:2c:5d:3e:7c:de:e2:bf:cd:
         3b:d3:f9:ed:39:84:32:73:ab:d6:75:09:c8:00:8f:47:1f:17:
         bf:49:a9:43:a9:03:0c:c9:c6:8c:b2:53:a8:5f:a1:c0:bf:5b:
         5e:3a:4e:e9:75:7f:d9:47:7e:80:ba:66:9d:df:b2:df:22:6b:
         3d:20:c8:ca:d3:24:fc:8e:63:d7:aa:0d:0f:c8:ee:15:84:57:
         92:5c:9e:61:9c:70:36:24:75:d9:a7:c4:e0:20:18:53:8f:cc:
         3d:fe:3b:61:5c:5b:ab:72:5d:aa:4a:9c:09:df:db:9d:93:0c:
         07:82:f1:ec:3a:79:28:64:7f:38:77:d5:5d:6e:18:43:40:bc:
         52:56:e0:63:a9:a5:ab:19:68:a9:ef:06:16:00:7f:0c:26:56:
         3d:8e:06:12:c0:12:e6:07:bd:50:e6:4f:a5:ce:fc:a8:17:cc:
         d5:a1:f1:0c:48:81:bb:84:23:42:0e:3a:c8:0f:4a:b9:6c:18:
         c8:64:82:f2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUCPqDBY04zdvFkZrFrMblitC8sQQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAxMTUxNTAxNTBaFw0yNjAxMTQxNTA2NTBaMDMxMTAvBgNV
BAMTKEFERDc2RUQxNDNBMzFGMEFDOEU2QTgxMzhERUM1QjUyNDhDQjcxQUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDyLcTiCMpoen1K0HONIEbGOCYO
Acg0rlbT7aw9okT+I7VdyxYqQdDyKbAGv6l00RJKoNoKfU86YlTUtZxdFIGuvWp0
1dxF0FUrUpJ4ouXQYJ0Hiq3KI6tubXemi1DqMntNKsazqwQbJKGiYjVQMED++4dc
K5UYwdqrbcAOOPAth1wjRq2pDNgh+8xDPB10NoWCvbsfEBIgiig1CE1qVPf/+nbN
ZkMhfllH9dwN4NQlZ3OZZApHrz9bA9HAv5b1w4aLLnsZ2He6fngez071pW+QHJQH
zTbQ5Rr+cGX6YHCOqOehN7faA4emaJoXVj+CxcH5W6+wufBbUsegweLwNQJnAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUrddu0UOjHwrI5qgTjexbUkjLca4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0NDU3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUh1A
MA0GCSqGSIb3DQEBCwUAA4IBAQAjLHrZnr7Gbb/rqCX93k+2TVBnJMFPIdwmUWmz
9p6pLTIH7JOtwM6rniGiqe68VuoulKV3V0ObRNJbdOfyTK3QLF0+fN7iv8070/nt
OYQyc6vWdQnIAI9HHxe/SalDqQMMycaMslOoX6HAv1teOk7pdX/ZR36Aumad37Lf
Ims9IMjK0yT8jmPXqg0PyO4VhFeSXJ5hnHA2JHXZp8TgIBhTj8w9/jthXFurcl2q
SpwJ39udkwwHgvHsOnkoZH84d9VdbhhDQLxSVuBjqaWrGWip7wYWAH8MJlY9jgYS
wBLmB71Q5k+lzvyoF8zVofEMSIG7hCNCDjrID0q5bBjIZILy
-----END CERTIFICATE-----