Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS210940.roa
File:                     AS210940.roa (raw, json)
Hash identifier:          DFFRHeKRzMJlUBEbAPpTQwelxAszF8+aEN63p6toEVg=
Subject key identifier:   A6:E4:9E:75:1A:9D:D5:DB:FE:11:E8:81:31:D1:E2:91:26:7F:C6:B7
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       1C802B31267B12584502901EC51779AF323861D9
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS210940.roa
Signing time:             Thu 03 Apr 2025 12:28:08 +0000
ROA not before:           Thu 03 Apr 2025 12:23:08 +0000
ROA not after:            Thu 02 Apr 2026 12:28:08 +0000
asID:                     210940
IP address blocks:        2a0f:85c1:bfb::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:80:2b:31:26:7b:12:58:45:02:90:1e:c5:17:79:af:32:38:61:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Apr  3 12:23:08 2025 GMT
            Not After : Apr  2 12:28:08 2026 GMT
        Subject: CN=A6E49E751A9DD5DBFE11E88131D1E291267FC6B7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:dd:56:f1:9d:57:54:1d:34:18:fd:f8:ee:f6:
                    b3:ed:5a:62:63:24:1c:ac:0b:58:18:68:a7:e0:08:
                    c9:67:80:cf:af:de:a1:fe:b5:c4:36:5a:05:56:61:
                    e9:c7:69:69:89:7d:80:1d:5a:1d:cc:b7:fd:6c:cc:
                    2d:1e:f6:16:33:c2:f2:3c:5c:10:24:32:c7:90:cf:
                    2d:e8:71:50:63:d8:1a:40:9a:c5:3c:52:53:4c:f1:
                    3c:46:72:02:3a:ce:50:ef:12:bf:cb:b1:4a:c1:37:
                    f6:c2:89:fd:26:e2:63:6a:b4:1c:3e:64:d5:bb:88:
                    b3:6e:cb:67:22:e4:e9:13:5b:7e:72:01:e5:27:eb:
                    20:2f:c5:92:41:0d:16:51:34:b3:bd:0d:9a:61:8c:
                    8d:bc:a2:1b:2f:6e:f2:08:01:a3:2a:66:d3:9b:fb:
                    f5:c4:3e:84:de:bc:f9:cd:da:c4:32:f0:29:d9:41:
                    49:3b:64:2e:54:23:2e:26:b7:d6:4d:53:d7:8e:5a:
                    2d:74:69:d4:4d:ad:af:87:cd:f6:22:4b:97:df:e0:
                    35:85:02:90:54:6d:a2:55:7c:d0:4b:21:f9:52:52:
                    b6:4f:36:24:46:84:ac:a1:49:94:1d:c8:97:01:81:
                    56:40:64:23:41:14:4a:fb:a5:17:0a:52:2a:63:c3:
                    40:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:E4:9E:75:1A:9D:D5:DB:FE:11:E8:81:31:D1:E2:91:26:7F:C6:B7
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS210940.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:bfb::/48

    Signature Algorithm: sha256WithRSAEncryption
         8a:8b:f7:c8:73:46:d4:21:2d:9a:a1:af:71:33:5b:27:97:c2:
         03:a9:7f:3c:f9:9d:a3:53:f2:4f:1b:da:9a:20:28:9a:4d:87:
         f5:63:78:2c:a7:bc:40:0e:de:81:33:ff:ce:90:cc:d0:b3:68:
         55:99:a0:66:3f:fe:c3:3f:cc:34:81:30:2e:f5:c8:e3:59:f5:
         e6:84:1b:d6:79:b5:40:1c:bd:55:fb:f5:f3:f4:e7:f6:77:eb:
         96:ce:1b:86:f4:72:15:3a:31:b2:2e:be:02:54:0d:a0:bc:2f:
         e7:ab:c7:3f:d2:74:6b:f7:c8:a4:23:64:d6:2a:37:6c:fe:2b:
         dc:d7:97:8c:3b:14:d6:6d:75:97:bb:74:29:ad:be:88:2f:11:
         7e:cf:b7:7c:80:6a:45:a6:2f:3d:78:51:9f:bc:83:69:de:20:
         5d:fe:af:4b:41:df:6e:e6:5c:de:5b:1c:d0:4c:80:df:00:2e:
         47:2a:aa:e4:fb:07:24:f7:7c:28:45:31:de:f8:5e:4a:6f:e8:
         e4:b9:9d:a6:11:2e:e4:69:35:37:d2:47:40:6a:94:c3:85:00:
         83:b3:c3:d8:8a:37:70:75:f6:af:b8:31:57:c1:6c:13:ee:a1:
         97:46:1f:ab:5e:42:a3:60:d7:dc:3d:27:2e:82:84:61:a6:6b:
         8b:cd:e8:6f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUHIArMSZ7ElhFApAexRd5rzI4YdkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA0MDMxMjIzMDhaFw0yNjA0MDIxMjI4MDhaMDMxMTAvBgNV
BAMTKEE2RTQ5RTc1MUE5REQ1REJGRTExRTg4MTMxRDFFMjkxMjY3RkM2QjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDM3VbxnVdUHTQY/fju9rPtWmJj
JBysC1gYaKfgCMlngM+v3qH+tcQ2WgVWYenHaWmJfYAdWh3Mt/1szC0e9hYzwvI8
XBAkMseQzy3ocVBj2BpAmsU8UlNM8TxGcgI6zlDvEr/LsUrBN/bCif0m4mNqtBw+
ZNW7iLNuy2ci5OkTW35yAeUn6yAvxZJBDRZRNLO9DZphjI28ohsvbvIIAaMqZtOb
+/XEPoTevPnN2sQy8CnZQUk7ZC5UIy4mt9ZNU9eOWi10adRNra+HzfYiS5ff4DWF
ApBUbaJVfNBLIflSUrZPNiRGhKyhSZQdyJcBgVZAZCNBFEr7pRcKUipjw0ANAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUpuSedRqd1dv+EeiBMdHikSZ/xrcwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEwOTQwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQv7MA0GCSqGSIb3DQEBCwUAA4IBAQCKi/fIc0bUIS2aoa9xM1snl8IDqX88+Z2j
U/JPG9qaICiaTYf1Y3gsp7xADt6BM//OkMzQs2hVmaBmP/7DP8w0gTAu9cjjWfXm
hBvWebVAHL1V+/Xz9Of2d+uWzhuG9HIVOjGyLr4CVA2gvC/nq8c/0nRr98ikI2TW
Kjds/ivc15eMOxTWbXWXu3Qprb6ILxF+z7d8gGpFpi89eFGfvINp3iBd/q9LQd9u
5lzeWxzQTIDfAC5HKqrk+wck93woRTHe+F5Kb+jkuZ2mES7kaTU30kdAapTDhQCD
s8PYijdwdfavuDFXwWwT7qGXRh+rXkKjYNfcPScugoRhpmuLzehv
-----END CERTIFICATE-----