Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS211224.roa
File:                     AS211224.roa (raw, json)
Hash identifier:          Y4GBfYU9SSTw/Tp2bka36sS+iGwwCMVV0q0ftAKoGvI=
Subject key identifier:   25:25:42:21:DE:DD:BB:91:2F:D6:3C:80:49:2E:72:ED:41:C3:0E:88
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       3738BB50428EC10D37194560538C3BB84A7D75DB
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS211224.roa
Signing time:             Fri 23 Aug 2024 08:01:23 +0000
ROA not before:           Fri 23 Aug 2024 07:56:23 +0000
ROA not after:            Fri 22 Aug 2025 08:01:23 +0000
asID:                     211224
IP address blocks:        2a0f:85c1:23::/48 maxlen: 48
                          2a0f:85c1:60::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:38:bb:50:42:8e:c1:0d:37:19:45:60:53:8c:3b:b8:4a:7d:75:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:23 2024 GMT
            Not After : Aug 22 08:01:23 2025 GMT
        Subject: CN=25254221DEDDBB912FD63C80492E72ED41C30E88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:bc:7f:c9:95:56:9e:37:10:01:5e:dd:1e:e2:
                    fe:89:d9:ed:32:c8:f5:72:bb:f7:6d:c5:8d:dd:49:
                    fe:82:d4:f9:f7:7e:1c:d1:cf:f8:1a:cb:b6:c8:2b:
                    a2:2e:82:67:19:fd:ca:d5:7a:66:ff:5a:6c:39:84:
                    05:b4:e1:6d:47:58:70:2a:a4:a0:e2:57:13:4c:b4:
                    ec:1e:a7:8a:f8:9b:13:df:b0:80:5f:a6:5d:ae:f6:
                    3c:25:a3:20:9b:45:27:53:3d:77:a8:5e:fd:6b:18:
                    8f:70:57:07:26:40:54:51:9f:a1:c7:9e:38:76:d8:
                    7a:b9:5f:70:01:fa:3e:2c:16:4b:71:02:f9:3d:6a:
                    3e:48:7b:ea:35:4b:60:ee:ce:72:e9:b3:12:7d:ff:
                    08:9e:d2:44:81:13:86:a4:4f:b3:94:08:c7:ff:3f:
                    e0:8d:69:2f:46:3f:84:3c:db:55:c1:b6:f6:be:0e:
                    49:7a:f9:f8:33:0d:c0:ec:e4:67:ed:70:33:82:55:
                    4b:05:39:b2:ea:31:92:02:e4:c4:32:69:25:5d:f4:
                    2e:80:88:da:3c:0d:87:f0:a3:cb:d0:c2:9c:71:88:
                    ac:4c:eb:53:0d:f3:b0:98:19:b4:42:f5:37:99:da:
                    57:7a:0f:ef:b1:52:99:f4:54:7c:dd:be:cd:1a:63:
                    55:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:25:42:21:DE:DD:BB:91:2F:D6:3C:80:49:2E:72:ED:41:C3:0E:88
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS211224.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:23::/48
                  2a0f:85c1:60::/44

    Signature Algorithm: sha256WithRSAEncryption
         b1:6f:91:64:04:49:b7:1c:c7:4b:4b:c7:f5:66:9f:68:ef:e9:
         00:e3:90:4c:e1:54:66:e8:7b:e1:e0:0b:c7:60:ca:70:b5:9a:
         d0:75:41:18:1f:61:90:51:b7:02:66:13:11:1b:12:b6:6b:5f:
         f7:ae:46:6b:e6:45:82:bb:b2:43:58:25:d1:36:ea:39:24:9c:
         4e:c4:55:79:44:ae:c6:cc:3f:30:0c:99:e4:c6:9e:29:e3:77:
         69:5d:3c:5d:ed:b3:9f:17:b5:b8:8c:bf:50:fc:cd:67:c8:5b:
         3d:0f:2d:6f:78:84:74:78:a2:d4:64:94:c9:2f:88:e0:88:79:
         c4:d5:59:b1:1d:3f:46:f9:87:b2:c4:d7:3f:aa:07:f2:82:30:
         88:51:72:ce:5f:e0:2d:ec:ec:20:86:f3:68:7b:e4:4e:cd:db:
         e2:8c:f5:37:2b:a6:10:15:cf:ce:b7:cf:7c:ea:c3:e0:35:25:
         75:11:5b:79:eb:9d:a2:8b:5a:e2:c8:c8:4f:0b:55:8a:7d:4d:
         2f:6e:a8:94:7e:c4:64:13:bb:55:6c:cd:81:16:39:92:ee:8b:
         ef:31:dc:c5:b9:28:a4:43:2b:e1:04:77:b0:12:31:61:34:6a:
         0d:62:3f:09:6b:0d:fc:11:66:74:d1:5a:0b:32:8b:ed:cb:5e:
         ae:5a:70:d6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUNzi7UEKOwQ03GUVgU4w7uEp9ddswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MjNaFw0yNTA4MjIwODAxMjNaMDMxMTAvBgNV
BAMTKDI1MjU0MjIxREVEREJCOTEyRkQ2M0M4MDQ5MkU3MkVENDFDMzBFODgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXvH/JlVaeNxABXt0e4v6J2e0y
yPVyu/dtxY3dSf6C1Pn3fhzRz/gay7bIK6IugmcZ/crVemb/Wmw5hAW04W1HWHAq
pKDiVxNMtOwep4r4mxPfsIBfpl2u9jwloyCbRSdTPXeoXv1rGI9wVwcmQFRRn6HH
njh22Hq5X3AB+j4sFktxAvk9aj5Ie+o1S2DuznLpsxJ9/wie0kSBE4akT7OUCMf/
P+CNaS9GP4Q821XBtva+Dkl6+fgzDcDs5GftcDOCVUsFObLqMZIC5MQyaSVd9C6A
iNo8DYfwo8vQwpxxiKxM61MN87CYGbRC9TeZ2ld6D++xUpn0VHzdvs0aY1VFAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUJSVCId7du5Ev1jyASS5y7UHDDogwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjExMjI0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg+F
wQAjAwcEKg+FwQBgMA0GCSqGSIb3DQEBCwUAA4IBAQCxb5FkBEm3HMdLS8f1Zp9o
7+kA45BM4VRm6Hvh4AvHYMpwtZrQdUEYH2GQUbcCZhMRGxK2a1/3rkZr5kWCu7JD
WCXRNuo5JJxOxFV5RK7GzD8wDJnkxp4p43dpXTxd7bOfF7W4jL9Q/M1nyFs9Dy1v
eIR0eKLUZJTJL4jgiHnE1VmxHT9G+YeyxNc/qgfygjCIUXLOX+At7OwghvNoe+RO
zdvijPU3K6YQFc/Ot8986sPgNSV1EVt5652ii1riyMhPC1WKfU0vbqiUfsRkE7tV
bM2BFjmS7ovvMdzFuSikQyvhBHewEjFhNGoNYj8Jaw38EWZ00VoLMovty16uWnDW
-----END CERTIFICATE-----