Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213431.roa
File:                     AS213431.roa (raw, json)
Hash identifier:          6pCbY4ARxWIVTSa8kFzNwO62/OPb/PDP20wAkQmQbJE=
Subject key identifier:   99:34:2E:0F:31:D1:FD:51:38:FC:C5:B6:F2:2A:A7:42:7D:5E:3C:60
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       7573937E0F5368597A0C7EE5AE2D943A5E16FA63
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213431.roa
Signing time:             Sat 15 Feb 2025 15:28:14 +0000
ROA not before:           Sat 15 Feb 2025 15:23:14 +0000
ROA not after:            Sat 14 Feb 2026 15:28:14 +0000
asID:                     213431
IP address blocks:        2a0f:85c1:b77::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:73:93:7e:0f:53:68:59:7a:0c:7e:e5:ae:2d:94:3a:5e:16:fa:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Feb 15 15:23:14 2025 GMT
            Not After : Feb 14 15:28:14 2026 GMT
        Subject: CN=99342E0F31D1FD5138FCC5B6F22AA7427D5E3C60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:5c:ba:1e:30:a3:4f:70:00:f4:e0:b6:80:e6:
                    c7:6c:3e:99:d7:51:58:fd:ec:22:97:78:bf:2a:aa:
                    57:04:00:80:59:82:d8:5f:80:31:36:57:6e:ef:46:
                    af:58:e4:5e:4f:bd:d5:3a:9a:7d:85:03:da:55:ea:
                    a1:a1:c5:36:46:0c:a2:c2:2b:26:05:35:60:49:3f:
                    5a:11:cd:46:cc:d8:0e:c7:b4:b5:27:65:b3:62:45:
                    b3:6c:2e:e2:07:5a:1e:59:ee:51:8f:bf:24:9a:a0:
                    fd:97:fb:e5:a7:99:58:2a:b3:8c:3b:30:58:08:79:
                    7e:62:d4:60:5e:4c:28:97:ca:9f:6a:b5:8a:e4:83:
                    7f:11:e7:84:63:ca:19:73:ea:28:be:bf:c1:c4:8b:
                    cc:50:41:71:e7:9b:83:bb:ca:fd:52:b8:1a:6e:d1:
                    fd:c7:b4:4a:b7:47:8d:21:06:13:c2:b9:1c:33:9e:
                    2c:fd:97:b0:c2:1f:9e:dd:c8:87:96:d1:83:35:63:
                    e5:07:b9:a6:2a:03:58:cf:9a:55:00:cd:8b:84:ed:
                    41:9c:b9:e6:b9:99:53:6c:a2:4f:26:52:ec:55:b5:
                    9c:a4:bc:5f:aa:3f:0f:b1:da:e3:df:61:e4:88:40:
                    9e:94:3e:3c:56:80:86:d3:97:3c:cd:13:c1:88:59:
                    ba:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:34:2E:0F:31:D1:FD:51:38:FC:C5:B6:F2:2A:A7:42:7D:5E:3C:60
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:b77::/48

    Signature Algorithm: sha256WithRSAEncryption
         1b:b7:9b:57:29:22:dd:16:ee:0e:92:d4:6e:5f:e3:5f:5d:df:
         0e:f0:0c:25:87:be:e1:ad:1b:81:e9:f7:6d:9a:9f:bd:10:ef:
         68:eb:a4:ad:bb:ce:c7:42:13:5b:0c:af:91:b5:cc:b8:10:53:
         9e:ad:56:9b:d7:bd:d2:53:41:5d:3c:0b:b1:05:53:9b:87:ba:
         44:87:a2:bd:9d:f9:af:2e:a3:10:f9:34:13:03:c6:87:5f:57:
         21:e9:a0:86:22:6e:58:7c:8e:5d:d0:34:8d:9b:5d:fa:be:1e:
         30:d4:ca:04:ce:65:88:e2:dc:a4:a6:05:bf:78:9b:47:88:87:
         72:9d:34:5c:c3:35:da:bc:ed:30:e3:cd:01:29:b8:fc:7f:b6:
         f5:ac:25:67:c6:ba:ce:44:7d:3d:73:6c:fb:c2:f1:b0:f0:8e:
         78:10:d8:3d:6e:7b:b8:14:62:01:ee:a3:b5:01:6b:88:26:85:
         51:8a:6f:96:62:c3:e4:2c:73:d0:af:07:f8:c0:a8:40:16:4d:
         67:5b:74:7f:27:18:75:1f:ca:5a:4f:c1:0f:ca:e4:66:89:e8:
         08:e5:3e:5c:a6:f5:af:3e:4a:d8:8c:17:e7:43:92:85:1b:a8:
         be:ad:ff:46:bd:30:8d:79:b1:2c:a7:eb:b8:fd:4b:e0:66:30:
         f9:17:3e:1c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUdXOTfg9TaFl6DH7lri2UOl4W+mMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTAyMTUxNTIzMTRaFw0yNjAyMTQxNTI4MTRaMDMxMTAvBgNV
BAMTKDk5MzQyRTBGMzFEMUZENTEzOEZDQzVCNkYyMkFBNzQyN0Q1RTNDNjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2XLoeMKNPcAD04LaA5sdsPpnX
UVj97CKXeL8qqlcEAIBZgthfgDE2V27vRq9Y5F5PvdU6mn2FA9pV6qGhxTZGDKLC
KyYFNWBJP1oRzUbM2A7HtLUnZbNiRbNsLuIHWh5Z7lGPvySaoP2X++WnmVgqs4w7
MFgIeX5i1GBeTCiXyp9qtYrkg38R54Rjyhlz6ii+v8HEi8xQQXHnm4O7yv1SuBpu
0f3HtEq3R40hBhPCuRwzniz9l7DCH57dyIeW0YM1Y+UHuaYqA1jPmlUAzYuE7UGc
uea5mVNsok8mUuxVtZykvF+qPw+x2uPfYeSIQJ6UPjxWgIbTlzzNE8GIWbr3AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUmTQuDzHR/VE4/MW28iqnQn1ePGAwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzNDMxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQt3MA0GCSqGSIb3DQEBCwUAA4IBAQAbt5tXKSLdFu4OktRuX+NfXd8O8Awlh77h
rRuB6fdtmp+9EO9o66Stu87HQhNbDK+Rtcy4EFOerVab173SU0FdPAuxBVObh7pE
h6K9nfmvLqMQ+TQTA8aHX1ch6aCGIm5YfI5d0DSNm136vh4w1MoEzmWI4tykpgW/
eJtHiIdynTRcwzXavO0w480BKbj8f7b1rCVnxrrORH09c2z7wvGw8I54ENg9bnu4
FGIB7qO1AWuIJoVRim+WYsPkLHPQrwf4wKhAFk1nW3R/Jxh1H8paT8EPyuRmiegI
5T5cpvWvPkrYjBfnQ5KFG6i+rf9GvTCNebEsp+u4/UvgZjD5Fz4c
-----END CERTIFICATE-----