Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS3214.roa
File:                     AS3214.roa (raw, json)
Hash identifier:          3hCKwG4k611ujbxzGGc4wjNYe7zfh55n59gVAugna5k=
Subject key identifier:   A0:58:EF:C6:13:67:83:30:05:32:2E:03:B7:F6:C0:1C:C7:9B:85:1A
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       1279E20A2F18AAED1F1B87810ACFDD55F52730A6
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS3214.roa
Signing time:             Sat 27 Jan 2024 06:21:19 +0000
ROA not before:           Sat 27 Jan 2024 06:16:19 +0000
ROA not after:            Sat 25 Jan 2025 06:21:19 +0000
asID:                     3214
IP address blocks:        152.89.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:79:e2:0a:2f:18:aa:ed:1f:1b:87:81:0a:cf:dd:55:f5:27:30:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jan 27 06:16:19 2024 GMT
            Not After : Jan 25 06:21:19 2025 GMT
        Subject: CN=A058EFC61367833005322E03B7F6C01CC79B851A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:57:77:c3:22:91:6b:c9:54:7c:41:62:b0:dd:
                    36:69:78:01:37:36:f1:f1:b8:68:77:0b:be:1a:e9:
                    15:76:46:6c:18:74:12:f5:c2:40:fe:02:72:f4:d7:
                    67:e5:cf:eb:1f:36:94:65:c6:47:81:d5:98:8d:db:
                    06:46:ce:45:1e:3b:6f:fc:e3:24:3d:55:e5:ca:01:
                    a1:c6:2b:80:0f:d2:7f:b3:e3:f6:c5:77:70:36:a0:
                    fb:7a:99:c5:75:aa:24:cf:9f:b6:2a:50:68:10:e6:
                    dc:cc:f9:4d:99:08:92:6c:bd:bd:a6:70:87:a0:65:
                    52:1a:ee:4c:f8:13:f2:d2:8b:31:bd:ed:c2:a4:8b:
                    f9:a7:63:d8:f2:4c:45:fd:22:da:6b:f0:c8:b5:21:
                    61:90:fc:91:c7:c3:b0:86:6d:ec:a9:a4:94:0b:24:
                    1e:ab:4e:ba:d7:27:dc:05:3a:58:4e:a9:78:bc:5f:
                    f9:b3:e4:04:13:de:3b:b4:b0:28:0c:67:31:49:04:
                    d5:1f:95:a8:11:7b:94:db:34:b2:88:ee:9a:dd:15:
                    ec:28:bc:1e:82:3c:95:03:ec:74:00:64:77:7a:a1:
                    54:6a:80:80:56:d3:67:9f:59:ee:c5:22:c5:ea:3f:
                    8b:63:f9:a5:f5:08:e6:ca:3a:98:c5:7b:b5:2e:21:
                    21:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:58:EF:C6:13:67:83:30:05:32:2E:03:B7:F6:C0:1C:C7:9B:85:1A
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS3214.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:46:3d:57:36:e2:de:0a:d2:d4:57:ea:79:1e:5f:07:1a:66:
         7e:f9:f1:73:b9:c4:29:52:a8:61:96:23:96:6c:cf:0f:59:72:
         f9:e5:fc:5d:e5:71:37:1b:6d:01:e8:87:6a:62:b3:d9:51:e3:
         d1:d4:05:68:f9:14:2f:ed:de:12:87:e6:21:4b:12:ab:9b:17:
         b4:0a:4e:cf:40:ab:b9:94:d3:5a:01:9c:2e:ae:0a:dc:09:ef:
         0a:88:bf:eb:4b:45:85:5a:b5:e0:bd:8a:e5:ef:6f:95:61:b0:
         dc:53:89:42:67:ce:79:cb:c3:ce:d1:be:90:16:3e:f8:ec:09:
         30:b8:55:b7:d4:e8:8f:06:2d:34:e3:8b:56:4f:70:5e:37:cf:
         9d:2b:a6:77:39:45:8e:1d:bd:5c:cf:15:d0:be:a9:25:4b:83:
         32:a0:fa:3a:c6:30:ef:8b:8d:ec:c0:e9:87:1e:21:94:84:2b:
         52:b7:1d:a7:ca:65:80:f5:e3:43:84:d7:65:c0:f2:b2:fa:bf:
         1d:33:45:a2:30:55:50:30:c3:07:58:46:e1:07:d7:de:3a:f2:
         cc:38:13:26:e0:f4:93:58:4b:34:6b:7c:22:87:15:91:ec:e2:
         51:bb:ce:cf:aa:71:ff:f5:b4:7c:fe:bd:05:68:88:4f:2c:60:
         9e:57:b3:ac
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUEnniCi8Yqu0fG4eBCs/dVfUnMKYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDAxMjcwNjE2MTlaFw0yNTAxMjUwNjIxMTlaMDMxMTAvBgNV
BAMTKEEwNThFRkM2MTM2NzgzMzAwNTMyMkUwM0I3RjZDMDFDQzc5Qjg1MUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZV3fDIpFryVR8QWKw3TZpeAE3
NvHxuGh3C74a6RV2RmwYdBL1wkD+AnL012flz+sfNpRlxkeB1ZiN2wZGzkUeO2/8
4yQ9VeXKAaHGK4AP0n+z4/bFd3A2oPt6mcV1qiTPn7YqUGgQ5tzM+U2ZCJJsvb2m
cIegZVIa7kz4E/LSizG97cKki/mnY9jyTEX9Itpr8Mi1IWGQ/JHHw7CGbeyppJQL
JB6rTrrXJ9wFOlhOqXi8X/mz5AQT3ju0sCgMZzFJBNUflagRe5TbNLKI7prdFewo
vB6CPJUD7HQAZHd6oVRqgIBW02efWe7FIsXqP4tj+aX1CObKOpjFe7UuISFrAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUoFjvxhNngzAFMi4Dt/bAHMebhRowHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMzIxNC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJhZ+jAN
BgkqhkiG9w0BAQsFAAOCAQEARUY9Vzbi3grS1FfqeR5fBxpmfvnxc7nEKVKoYZYj
lmzPD1ly+eX8XeVxNxttAeiHamKz2VHj0dQFaPkUL+3eEofmIUsSq5sXtApOz0Cr
uZTTWgGcLq4K3AnvCoi/60tFhVq14L2K5e9vlWGw3FOJQmfOecvDztG+kBY++OwJ
MLhVt9TojwYtNOOLVk9wXjfPnSumdzlFjh29XM8V0L6pJUuDMqD6OsYw74uN7MDp
hx4hlIQrUrcdp8plgPXjQ4TXZcDysvq/HTNFojBVUDDDB1hG4QfX3jryzDgTJuD0
k1hLNGt8IocVkeziUbvOz6px//W0fP69BWiITyxgnlezrA==
-----END CERTIFICATE-----