Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213427.roa
File:                     AS213427.roa (raw, json)
Hash identifier:          BjY7Lj6pH1NtQ1BEjaa62iVaVZYpbpDo+fikkh4WgWY=
Subject key identifier:   06:4A:45:66:CB:8D:72:09:1B:66:1B:79:A9:5A:41:2C:CF:60:5D:6B
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       35EE86BB0B668887845FEEB27220F0B1B8FDDE5B
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213427.roa
Signing time:             Mon 17 Feb 2025 20:15:22 +0000
ROA not before:           Mon 17 Feb 2025 20:10:22 +0000
ROA not after:            Mon 16 Feb 2026 20:15:22 +0000
asID:                     213427
IP address blocks:        2a0f:85c1:b74::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:ee:86:bb:0b:66:88:87:84:5f:ee:b2:72:20:f0:b1:b8:fd:de:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Feb 17 20:10:22 2025 GMT
            Not After : Feb 16 20:15:22 2026 GMT
        Subject: CN=064A4566CB8D72091B661B79A95A412CCF605D6B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:6a:f1:ed:c8:64:ee:d6:82:b8:7b:3b:46:ce:
                    fd:2f:1c:26:07:ce:4b:10:38:c2:82:8b:ad:4e:e5:
                    48:94:ae:01:58:9a:e6:0f:ee:86:3f:80:67:26:78:
                    d9:d4:16:7f:56:63:44:7f:e6:a8:a1:e5:65:ae:26:
                    8e:64:7a:b0:bc:b2:1b:cd:07:cf:c4:28:46:f3:89:
                    9e:5b:42:f2:47:bb:d8:04:a1:54:20:c7:53:fe:e0:
                    d4:71:42:b2:a2:b2:02:f3:a9:b8:3e:cb:0b:fb:bb:
                    70:2f:e9:3c:62:15:84:f7:3e:d0:97:1f:de:ef:77:
                    bc:3d:b2:65:9b:0b:75:59:61:a5:41:a8:4e:46:38:
                    93:cc:bb:bd:9e:92:af:36:43:ed:c6:82:33:a7:69:
                    3d:65:a8:53:b8:10:3e:7f:19:07:24:04:8c:85:a7:
                    e0:ac:10:26:14:cc:bf:db:0b:fb:84:24:31:ce:dd:
                    c0:b8:ed:6e:f2:cd:9d:8f:91:5a:ae:6e:ed:44:4d:
                    b4:d2:88:71:e9:f9:a1:29:ef:f4:da:89:5e:87:ff:
                    26:22:08:a2:e7:a4:20:92:3a:49:dc:24:5b:68:22:
                    8b:c7:57:77:f0:2d:65:30:1a:1e:d0:39:d8:bf:57:
                    8e:c3:cc:6c:38:f2:f7:6b:99:e1:8a:27:9c:cd:5d:
                    fe:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:4A:45:66:CB:8D:72:09:1B:66:1B:79:A9:5A:41:2C:CF:60:5D:6B
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213427.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:b74::/48

    Signature Algorithm: sha256WithRSAEncryption
         cb:e0:33:62:b9:2b:a8:1c:6b:e0:b7:cf:91:a5:22:97:65:ed:
         71:7c:05:2c:1b:67:bd:97:a1:07:96:51:f1:d3:e7:f7:25:b5:
         65:66:b6:3a:a9:f1:ed:8d:d2:4b:b0:7d:b9:fa:b7:55:0b:27:
         9b:51:b2:45:22:58:b5:a2:1c:fe:5d:32:07:99:89:56:cd:dd:
         fd:7d:cd:7f:0c:95:89:ec:99:63:63:c2:82:cd:c2:86:4a:cc:
         4c:0d:b5:c5:34:54:e7:b1:8f:e3:ca:71:29:33:4c:6b:7f:2e:
         42:f3:39:48:1c:d8:6a:8f:30:ee:8e:73:0e:f4:e7:ab:db:58:
         5c:5d:b9:86:d9:d3:f2:14:3c:8e:b7:15:1d:69:a7:4b:cd:e9:
         a5:d5:28:0d:07:3d:d1:67:79:5d:a0:6f:9f:35:d5:44:7d:26:
         bd:a8:7a:fa:3c:10:fc:5e:95:1f:b4:f8:4a:f4:1f:18:d0:76:
         60:20:40:81:a1:c6:90:3b:ee:40:07:09:1c:a3:8b:95:8a:89:
         7b:b9:26:38:5a:38:90:0f:fc:76:60:9f:67:bf:09:0d:67:f1:
         e1:1d:3f:42:02:a8:13:e2:d8:b6:16:19:b6:80:a2:d6:4b:0b:
         01:72:4a:d5:35:f6:9e:23:c3:ac:86:d0:ac:f6:d6:8a:d1:5b:
         a6:93:3b:22
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUNe6GuwtmiIeEX+6yciDwsbj93lswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTAyMTcyMDEwMjJaFw0yNjAyMTYyMDE1MjJaMDMxMTAvBgNV
BAMTKDA2NEE0NTY2Q0I4RDcyMDkxQjY2MUI3OUE5NUE0MTJDQ0Y2MDVENkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzavHtyGTu1oK4eztGzv0vHCYH
zksQOMKCi61O5UiUrgFYmuYP7oY/gGcmeNnUFn9WY0R/5qih5WWuJo5kerC8shvN
B8/EKEbziZ5bQvJHu9gEoVQgx1P+4NRxQrKisgLzqbg+ywv7u3Av6TxiFYT3PtCX
H97vd7w9smWbC3VZYaVBqE5GOJPMu72ekq82Q+3GgjOnaT1lqFO4ED5/GQckBIyF
p+CsECYUzL/bC/uEJDHO3cC47W7yzZ2PkVqubu1ETbTSiHHp+aEp7/TaiV6H/yYi
CKLnpCCSOkncJFtoIovHV3fwLWUwGh7QOdi/V47DzGw48vdrmeGKJ5zNXf59AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUBkpFZsuNcgkbZht5qVpBLM9gXWswHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzNDI3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQt0MA0GCSqGSIb3DQEBCwUAA4IBAQDL4DNiuSuoHGvgt8+RpSKXZe1xfAUsG2e9
l6EHllHx0+f3JbVlZrY6qfHtjdJLsH25+rdVCyebUbJFIli1ohz+XTIHmYlWzd39
fc1/DJWJ7JljY8KCzcKGSsxMDbXFNFTnsY/jynEpM0xrfy5C8zlIHNhqjzDujnMO
9Oer21hcXbmG2dPyFDyOtxUdaadLzeml1SgNBz3RZ3ldoG+fNdVEfSa9qHr6PBD8
XpUftPhK9B8Y0HZgIECBocaQO+5ABwkco4uViol7uSY4WjiQD/x2YJ9nvwkNZ/Hh
HT9CAqgT4ti2Fhm2gKLWSwsBckrVNfaeI8OshtCs9taK0Vumkzsi
-----END CERTIFICATE-----