Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS212128.roa
File:                     AS212128.roa (raw, json)
Hash identifier:          dJ5x+G5hNEds88unfttq1DBdg9BH0vylnHMJhTJ4hMk=
Subject key identifier:   DD:F6:ED:DB:2C:7E:F8:84:1B:C4:45:8B:95:4F:87:59:37:61:9F:DB
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       67A10B35429DC976A0855A85C759453284FEEE10
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS212128.roa
Signing time:             Wed 16 Oct 2024 03:03:46 +0000
ROA not before:           Wed 16 Oct 2024 02:58:46 +0000
ROA not after:            Wed 15 Oct 2025 03:03:46 +0000
asID:                     212128
IP address blocks:        2a0f:85c1:88b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:a1:0b:35:42:9d:c9:76:a0:85:5a:85:c7:59:45:32:84:fe:ee:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Oct 16 02:58:46 2024 GMT
            Not After : Oct 15 03:03:46 2025 GMT
        Subject: CN=DDF6EDDB2C7EF8841BC4458B954F875937619FDB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:58:cd:aa:6f:b3:b3:5d:ef:8d:8a:ea:34:74:
                    97:41:b6:f5:5a:60:9f:5a:2d:0d:a5:ce:a2:67:1f:
                    16:72:8d:fb:76:86:4b:8d:e1:2d:73:de:0d:5c:ba:
                    04:50:9f:8f:d6:2a:b3:66:57:70:4c:e2:74:95:a5:
                    39:61:35:a2:5d:7b:01:96:f2:c1:1d:7a:fc:ba:2c:
                    9b:42:4c:c0:38:45:36:df:c7:61:e7:45:18:70:79:
                    56:82:95:51:19:cc:04:48:57:9d:d3:b6:23:95:c3:
                    c5:c1:a8:02:e4:5d:b3:7b:88:e4:9a:53:ac:9b:be:
                    9d:15:41:0d:f2:69:a1:eb:bd:b6:1e:76:c6:2a:30:
                    b1:10:91:dd:13:f9:c8:5f:44:4c:ce:87:eb:0d:3d:
                    d3:72:c9:89:fa:d0:40:1d:fd:b8:3a:0e:64:c9:27:
                    fc:5f:30:94:47:63:94:e5:bb:06:c6:97:01:2e:53:
                    39:e7:c2:a3:fd:9c:39:90:13:5f:a2:1a:9e:a8:aa:
                    ac:87:6c:bb:da:2d:04:39:d7:f5:18:30:31:e5:7e:
                    0f:2c:8d:4b:ff:a9:b5:0c:13:7b:03:d3:da:b1:b2:
                    0f:9d:cc:31:85:c8:77:fe:a1:f3:b6:52:86:ab:7f:
                    28:fe:94:90:cd:d2:54:53:cc:9e:0f:c9:e1:bc:1a:
                    82:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:F6:ED:DB:2C:7E:F8:84:1B:C4:45:8B:95:4F:87:59:37:61:9F:DB
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS212128.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:88b::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:0c:89:c6:de:19:50:62:e4:6f:a3:3a:aa:e3:73:d5:08:a8:
         5b:f8:d6:00:b7:6e:ac:7d:e1:27:04:9d:8e:72:1d:da:00:a4:
         5e:12:d0:12:47:e4:97:c2:cb:c5:40:98:6d:ae:62:04:53:e3:
         e2:7d:62:48:a0:70:5f:32:11:cb:68:3e:9a:13:24:58:21:d0:
         96:56:b7:ee:f0:70:91:14:24:7c:98:7c:24:b3:a7:15:90:a5:
         d4:79:da:b6:e1:2b:3a:b1:13:a2:7f:43:f5:1d:84:61:34:63:
         23:bd:97:1d:2d:d6:7b:54:ff:03:83:f6:2f:33:57:25:2f:4d:
         26:7d:f8:89:a2:cd:28:e1:a5:5d:0f:52:80:67:bb:85:26:19:
         3c:91:4f:d5:e1:be:f1:da:f9:69:02:2c:5c:96:be:4f:cb:d4:
         e8:b7:ad:a3:b1:fc:14:cd:78:f3:89:a2:b4:f4:da:15:7d:d3:
         7a:cf:f1:b6:ca:a5:9b:0c:aa:73:4d:10:5b:d1:7c:8b:66:39:
         48:0f:55:58:18:12:48:03:42:ef:65:57:00:13:a5:de:c3:50:
         80:67:6d:ca:ba:73:a9:c7:97:0c:b6:8d:5d:1c:fc:fc:9b:69:
         39:86:40:7f:a3:03:3b:50:3b:0a:ef:62:b3:42:10:21:31:c4:
         a7:63:a3:de
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUZ6ELNUKdyXaghVqFx1lFMoT+7hAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDEwMTYwMjU4NDZaFw0yNTEwMTUwMzAzNDZaMDMxMTAvBgNV
BAMTKERERjZFRERCMkM3RUY4ODQxQkM0NDU4Qjk1NEY4NzU5Mzc2MTlGREIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtWM2qb7OzXe+Niuo0dJdBtvVa
YJ9aLQ2lzqJnHxZyjft2hkuN4S1z3g1cugRQn4/WKrNmV3BM4nSVpTlhNaJdewGW
8sEdevy6LJtCTMA4RTbfx2HnRRhweVaClVEZzARIV53TtiOVw8XBqALkXbN7iOSa
U6ybvp0VQQ3yaaHrvbYedsYqMLEQkd0T+chfREzOh+sNPdNyyYn60EAd/bg6DmTJ
J/xfMJRHY5TluwbGlwEuUznnwqP9nDmQE1+iGp6oqqyHbLvaLQQ51/UYMDHlfg8s
jUv/qbUME3sD09qxsg+dzDGFyHf+ofO2Uoarfyj+lJDN0lRTzJ4PyeG8GoJPAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU3fbt2yx++IQbxEWLlU+HWTdhn9swHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEyMTI4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQiLMA0GCSqGSIb3DQEBCwUAA4IBAQAtDInG3hlQYuRvozqq43PVCKhb+NYAt26s
feEnBJ2Och3aAKReEtASR+SXwsvFQJhtrmIEU+PifWJIoHBfMhHLaD6aEyRYIdCW
Vrfu8HCRFCR8mHwks6cVkKXUedq24Ss6sROif0P1HYRhNGMjvZcdLdZ7VP8Dg/Yv
M1clL00mffiJos0o4aVdD1KAZ7uFJhk8kU/V4b7x2vlpAixclr5Py9Tot62jsfwU
zXjziaK09NoVfdN6z/G2yqWbDKpzTRBb0XyLZjlID1VYGBJIA0LvZVcAE6Xew1CA
Z23KunOpx5cMto1dHPz8m2k5hkB/owM7UDsK72KzQhAhMcSnY6Pe
-----END CERTIFICATE-----