Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214828.roa
File:                     AS214828.roa (raw, json)
Hash identifier:          z22ZXa2yHHVOcol3UadLaTUJaXSPzsvth/M0hb542yg=
Subject key identifier:   DD:D7:CF:7B:BC:65:F6:71:07:3D:67:6F:52:DF:68:D3:77:7A:E1:FC
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       77C77B61F8253B8859872264EBA4B444C13BA616
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214828.roa
Signing time:             Fri 30 May 2025 07:34:45 +0000
ROA not before:           Fri 30 May 2025 07:29:45 +0000
ROA not after:            Fri 29 May 2026 07:34:45 +0000
asID:                     214828
IP address blocks:        2a13:9500:74::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:c7:7b:61:f8:25:3b:88:59:87:22:64:eb:a4:b4:44:c1:3b:a6:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 30 07:29:45 2025 GMT
            Not After : May 29 07:34:45 2026 GMT
        Subject: CN=DDD7CF7BBC65F671073D676F52DF68D3777AE1FC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:01:cc:12:2a:a0:63:b7:f4:37:de:d7:14:62:
                    8f:b9:a9:36:87:ef:d0:df:4f:f3:44:c7:8b:e1:38:
                    42:b4:e0:57:07:9c:8d:fd:ca:ae:7c:2f:21:7f:a1:
                    55:11:da:46:7a:ae:bd:a4:fa:18:d4:1d:6c:f7:a0:
                    64:e5:71:b6:16:33:bc:70:6f:8d:90:f6:f4:7b:da:
                    d5:51:0b:d0:f8:9b:e4:d7:7f:ca:89:07:48:f5:9b:
                    a5:6e:ae:13:56:eb:f6:df:71:95:81:75:5d:98:f2:
                    55:1b:f2:dd:43:3c:51:20:76:6e:b6:11:d5:a6:19:
                    5f:d5:d3:ca:43:71:69:f7:a1:9f:89:0f:61:46:08:
                    f8:02:f5:6a:90:6c:4f:cc:eb:b8:47:10:49:4e:81:
                    00:fb:62:90:be:e9:59:26:7d:df:ef:5f:bf:f5:75:
                    71:88:1e:81:45:fd:d2:3d:da:d4:95:d3:c4:a1:d0:
                    08:92:f5:a4:39:cb:1b:65:08:7b:56:a0:a0:85:f1:
                    20:68:ce:01:b6:35:14:73:6e:97:dc:66:ab:e7:82:
                    85:15:a3:7b:8c:ac:dc:e9:31:2d:0d:90:17:69:c9:
                    ea:2b:74:ce:47:08:2e:e5:2f:69:b6:43:0c:23:bb:
                    cc:e2:ee:9c:d7:54:08:65:c9:df:04:ee:3f:9b:8c:
                    38:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:D7:CF:7B:BC:65:F6:71:07:3D:67:6F:52:DF:68:D3:77:7A:E1:FC
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214828.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:74::/48

    Signature Algorithm: sha256WithRSAEncryption
         3e:87:f8:91:b3:62:a3:ee:cd:f3:aa:48:86:ab:cb:be:3e:ad:
         07:fe:ca:00:1f:ab:03:8a:cf:ac:b7:28:17:11:07:74:44:2b:
         51:3c:50:54:b6:08:4a:b4:c3:f7:7a:af:d3:3c:a3:a0:24:43:
         e0:47:e4:ab:e8:d7:5e:25:4e:cb:c6:7e:94:94:bf:33:68:13:
         06:b2:4f:ec:54:45:19:e7:b7:eb:2e:22:08:c5:41:73:ee:04:
         6c:58:63:10:e0:8e:66:a5:30:6d:11:d4:11:95:e1:c9:8b:f2:
         a0:20:a6:2e:08:04:3b:62:19:4a:bc:3e:c6:c2:24:21:40:75:
         0b:54:db:ec:86:6a:0f:d8:60:17:6f:f3:33:e7:e8:45:5f:7d:
         70:64:b4:47:68:fe:23:1c:e9:b4:0f:48:db:b9:99:53:e8:2a:
         83:88:a8:38:00:1d:a4:02:0f:56:4f:4f:f5:92:76:bd:89:05:
         89:15:33:b4:68:42:3d:2a:8a:6a:c2:c2:a0:90:10:c2:4d:c7:
         6f:50:5e:f1:96:bf:f8:db:6b:64:fe:cc:a2:c2:eb:86:21:72:
         ef:c8:2a:da:21:b3:ec:48:8d:f7:61:56:2b:3a:24:ae:f1:cb:
         3d:1d:7e:dc:7b:da:c4:c3:18:b5:f0:82:22:0b:d3:82:0f:59:
         a3:ad:b9:7d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUd8d7YfglO4hZhyJk66S0RME7phYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA1MzAwNzI5NDVaFw0yNjA1MjkwNzM0NDVaMDMxMTAvBgNV
BAMTKERERDdDRjdCQkM2NUY2NzEwNzNENjc2RjUyREY2OEQzNzc3QUUxRkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuAcwSKqBjt/Q33tcUYo+5qTaH
79DfT/NEx4vhOEK04FcHnI39yq58LyF/oVUR2kZ6rr2k+hjUHWz3oGTlcbYWM7xw
b42Q9vR72tVRC9D4m+TXf8qJB0j1m6VurhNW6/bfcZWBdV2Y8lUb8t1DPFEgdm62
EdWmGV/V08pDcWn3oZ+JD2FGCPgC9WqQbE/M67hHEElOgQD7YpC+6Vkmfd/vX7/1
dXGIHoFF/dI92tSV08Sh0AiS9aQ5yxtlCHtWoKCF8SBozgG2NRRzbpfcZqvngoUV
o3uMrNzpMS0NkBdpyeordM5HCC7lL2m2Qwwju8zi7pzXVAhlyd8E7j+bjDhfAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU3dfPe7xl9nEHPWdvUt9o03d64fwwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0ODI4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAB0MA0GCSqGSIb3DQEBCwUAA4IBAQA+h/iRs2Kj7s3zqkiGq8u+Pq0H/soAH6sD
is+stygXEQd0RCtRPFBUtghKtMP3eq/TPKOgJEPgR+Sr6NdeJU7Lxn6UlL8zaBMG
sk/sVEUZ57frLiIIxUFz7gRsWGMQ4I5mpTBtEdQRleHJi/KgIKYuCAQ7YhlKvD7G
wiQhQHULVNvshmoP2GAXb/Mz5+hFX31wZLRHaP4jHOm0D0jbuZlT6CqDiKg4AB2k
Ag9WT0/1kna9iQWJFTO0aEI9KopqwsKgkBDCTcdvUF7xlr/422tk/syiwuuGIXLv
yCraIbPsSI33YVYrOiSu8cs9HX7ce9rEwxi18IIiC9OCD1mjrbl9
-----END CERTIFICATE-----