Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS211314.roa
File:                     AS211314.roa (raw, json)
Hash identifier:          PFFb3ao/Y7qEQ6IVJ/WECWp+mEh44c37EMOYqVkajtI=
Subject key identifier:   E9:73:36:82:2C:0A:39:DC:5D:A8:F7:36:F4:E1:ED:E6:DE:65:8E:65
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       2F1E0F9771CB74CC9EA94C21040205C00D03B5B0
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS211314.roa
Signing time:             Wed 26 Mar 2025 21:50:20 +0000
ROA not before:           Wed 26 Mar 2025 21:45:20 +0000
ROA not after:            Wed 25 Mar 2026 21:50:20 +0000
asID:                     211314
IP address blocks:        2a0f:85c1:bf5::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:1e:0f:97:71:cb:74:cc:9e:a9:4c:21:04:02:05:c0:0d:03:b5:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Mar 26 21:45:20 2025 GMT
            Not After : Mar 25 21:50:20 2026 GMT
        Subject: CN=E97336822C0A39DC5DA8F736F4E1EDE6DE658E65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:6a:e6:1f:38:7a:0a:4b:f1:bd:20:5b:b8:66:
                    e9:39:ce:ce:b5:68:af:27:85:6f:36:62:0a:c0:82:
                    db:a0:70:de:1e:9f:e4:66:43:d3:dd:65:de:4b:cf:
                    93:e3:f2:c7:9f:94:e6:16:6a:ba:4b:6a:b1:a4:99:
                    e5:54:2f:32:7a:d1:d9:9b:ee:30:16:56:8e:d5:5e:
                    5a:87:e1:c9:a0:92:14:64:be:cf:47:0f:4e:8b:d7:
                    27:80:f9:cf:d9:46:be:7f:50:36:fd:fc:b8:72:59:
                    ea:52:d8:c6:65:9c:11:e7:dd:1d:d9:51:cf:80:71:
                    c4:f9:6a:41:45:2b:62:c7:a8:69:1b:61:1b:a2:c6:
                    1d:58:7d:85:3a:32:c7:a8:0c:ed:88:22:9a:c3:cf:
                    e4:be:8f:b1:64:72:83:19:fd:a5:cf:55:05:87:1f:
                    4a:fe:25:06:a9:67:71:45:a6:cb:44:6b:62:70:4f:
                    53:81:02:7c:0a:7c:ea:70:7a:8d:50:86:13:4f:d9:
                    26:e5:09:4d:e9:4c:0c:12:7d:15:94:bb:12:24:ce:
                    49:ed:03:46:54:c0:db:49:a9:81:1f:8e:bd:22:05:
                    15:e4:f6:bf:dd:4b:23:41:c1:c8:b3:cb:ed:34:03:
                    5e:5d:e8:62:d6:0a:63:67:56:50:22:84:2b:58:c5:
                    43:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:73:36:82:2C:0A:39:DC:5D:A8:F7:36:F4:E1:ED:E6:DE:65:8E:65
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS211314.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:bf5::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:78:d4:20:13:9b:dd:c4:79:2f:26:db:48:b0:75:28:08:91:
         ab:1f:b5:df:e7:f6:00:05:e2:c2:4d:83:14:45:de:3e:1c:12:
         75:28:c7:11:5d:9e:e1:6c:bc:b7:13:0f:fa:25:1e:ef:70:95:
         51:a8:2e:33:8d:32:cd:bd:f2:1a:86:22:f9:07:29:e4:4a:4d:
         82:7d:d4:8a:ac:d9:a8:6d:a2:3a:5b:37:19:d0:92:ee:dc:fb:
         78:3b:21:32:7a:94:42:9c:92:be:d4:59:9b:29:e7:13:1a:26:
         e1:ec:53:25:d8:47:fd:05:91:14:d9:e7:38:09:ac:bf:44:c1:
         7c:55:35:70:d1:ec:1b:0a:b6:48:7c:e2:b1:c3:11:69:29:d9:
         b7:0f:6e:1d:fb:c2:92:f4:97:75:5c:e0:07:ab:35:7b:3d:68:
         15:f0:54:fe:da:30:5f:1d:40:fb:10:f3:3d:01:d9:09:78:66:
         88:6a:ad:23:22:4b:a5:5a:51:8e:c7:8d:e0:20:b5:22:bf:a1:
         af:e5:31:9c:30:43:b7:4f:bc:f3:ac:59:d1:41:e9:5f:1a:2a:
         ad:62:c9:0f:b4:fe:1f:67:32:65:93:a2:da:ae:f6:e0:a8:d7:
         79:ad:16:4c:09:67:76:9d:c7:cc:b8:63:1a:c4:02:90:f3:4c:
         f4:6f:81:27
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIULx4Pl3HLdMyeqUwhBAIFwA0DtbAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTAzMjYyMTQ1MjBaFw0yNjAzMjUyMTUwMjBaMDMxMTAvBgNV
BAMTKEU5NzMzNjgyMkMwQTM5REM1REE4RjczNkY0RTFFREU2REU2NThFNjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0auYfOHoKS/G9IFu4Zuk5zs61
aK8nhW82YgrAgtugcN4en+RmQ9PdZd5Lz5Pj8seflOYWarpLarGkmeVULzJ60dmb
7jAWVo7VXlqH4cmgkhRkvs9HD06L1yeA+c/ZRr5/UDb9/LhyWepS2MZlnBHn3R3Z
Uc+AccT5akFFK2LHqGkbYRuixh1YfYU6MseoDO2IIprDz+S+j7FkcoMZ/aXPVQWH
H0r+JQapZ3FFpstEa2JwT1OBAnwKfOpweo1QhhNP2SblCU3pTAwSfRWUuxIkzknt
A0ZUwNtJqYEfjr0iBRXk9r/dSyNBwcizy+00A15d6GLWCmNnVlAihCtYxUMDAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU6XM2giwKOdxdqPc29OHt5t5ljmUwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjExMzE0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQv1MA0GCSqGSIb3DQEBCwUAA4IBAQAceNQgE5vdxHkvJttIsHUoCJGrH7Xf5/YA
BeLCTYMURd4+HBJ1KMcRXZ7hbLy3Ew/6JR7vcJVRqC4zjTLNvfIahiL5BynkSk2C
fdSKrNmobaI6WzcZ0JLu3Pt4OyEyepRCnJK+1FmbKecTGibh7FMl2Ef9BZEU2ec4
Cay/RMF8VTVw0ewbCrZIfOKxwxFpKdm3D24d+8KS9Jd1XOAHqzV7PWgV8FT+2jBf
HUD7EPM9AdkJeGaIaq0jIkulWlGOx43gILUiv6Gv5TGcMEO3T7zzrFnRQelfGiqt
YskPtP4fZzJlk6LarvbgqNd5rRZMCWd2ncfMuGMaxAKQ80z0b4En
-----END CERTIFICATE-----