Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213543.roa
File:                     AS213543.roa (raw, json)
Hash identifier:          TfBP0kks4b3C8qIuUc9dtrPTfDe0UbguChqjvMJVIMU=
Subject key identifier:   AD:4E:C9:82:09:4D:1D:31:AF:B4:A0:8C:87:D1:5E:57:14:0E:C9:BF
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       6986395E0299F67FB22E3509E579EF732AEA789B
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213543.roa
Signing time:             Tue 28 Jan 2025 10:46:26 +0000
ROA not before:           Tue 28 Jan 2025 10:41:26 +0000
ROA not after:            Tue 27 Jan 2026 10:46:26 +0000
asID:                     213543
IP address blocks:        2a0f:85c1:b4e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:86:39:5e:02:99:f6:7f:b2:2e:35:09:e5:79:ef:73:2a:ea:78:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jan 28 10:41:26 2025 GMT
            Not After : Jan 27 10:46:26 2026 GMT
        Subject: CN=AD4EC982094D1D31AFB4A08C87D15E57140EC9BF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:cb:51:8d:0c:71:72:af:4a:6d:fe:95:71:fd:
                    75:fe:48:e8:31:e4:c2:4d:7d:8e:d2:48:a7:b2:aa:
                    89:e6:18:42:86:02:31:b1:d9:f4:31:29:0e:2e:08:
                    b7:53:b3:84:02:65:a8:8c:bf:4b:4a:98:a2:86:dd:
                    21:92:5c:e8:e2:ae:fd:3a:07:23:a8:82:60:90:69:
                    0d:61:91:35:f3:e4:15:40:7a:aa:ad:af:44:77:93:
                    ae:7d:6a:7f:b7:53:bd:1b:a6:f5:b0:aa:e2:9e:8a:
                    64:3a:54:ca:19:55:a4:d4:19:04:60:8f:b1:1d:e3:
                    85:8b:35:3b:18:4c:58:1e:73:ea:86:7f:36:1b:ec:
                    8f:e0:7b:dc:6a:2d:74:b4:56:25:dc:19:39:5f:5a:
                    92:f1:6d:af:bf:0b:f6:9e:72:a9:58:3e:c1:ed:d8:
                    88:5b:85:28:ac:9c:c7:ff:13:c3:3e:28:52:10:8c:
                    4a:8e:3d:eb:33:24:e7:10:61:f8:13:11:e5:15:3c:
                    e8:18:83:a0:9e:01:db:bc:42:16:af:d7:af:0d:0c:
                    a7:c7:80:4d:33:ca:d8:26:bb:2c:b0:6a:da:96:24:
                    1b:a2:c3:f4:92:aa:da:b4:e7:9e:56:c3:f8:6b:7e:
                    21:3d:f6:86:13:8c:6e:f9:0d:84:68:8f:c5:ac:78:
                    1a:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:4E:C9:82:09:4D:1D:31:AF:B4:A0:8C:87:D1:5E:57:14:0E:C9:BF
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213543.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:b4e::/48

    Signature Algorithm: sha256WithRSAEncryption
         e3:6f:36:2c:c6:f3:28:55:cb:9a:85:b6:83:de:6d:f8:9f:9e:
         69:72:41:17:10:36:52:7c:97:6e:06:dd:72:2d:28:0e:d4:e5:
         cd:e9:6d:65:75:23:48:b8:88:8f:18:6d:0f:4c:ee:fe:bb:9f:
         bb:68:b5:ae:b9:82:d7:b4:92:ff:9c:82:26:89:74:aa:29:1a:
         a3:66:13:5a:c0:f9:a6:e9:a2:da:38:b8:c2:98:07:23:36:0e:
         18:71:a3:bc:52:fd:ec:d1:30:bb:49:e9:94:b2:04:1c:31:86:
         82:ce:c7:d3:cf:e6:db:84:15:e6:d6:17:c3:1d:8d:3d:28:11:
         8a:03:f7:77:cf:f3:72:cb:ae:94:4c:25:1c:46:67:f4:02:c8:
         ba:a1:30:70:ed:72:e6:0c:3f:a9:e3:fa:4c:81:f2:a2:da:5a:
         7f:c3:61:11:8a:1b:f1:6a:fa:b3:82:d7:e5:a0:26:88:eb:5e:
         f6:41:4f:ee:c6:8a:ea:c2:d2:f2:82:4a:a8:84:4a:3b:7e:0c:
         6c:9d:fe:d0:b7:b1:f1:fd:29:9f:16:bc:29:85:a7:24:b9:97:
         af:d4:59:50:b6:07:1c:5e:87:dc:d8:68:28:f3:a4:af:72:89:
         5a:fa:74:0c:0b:d1:38:3e:4d:43:19:44:91:a2:14:b8:a4:65:
         8a:b5:87:48
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUaYY5XgKZ9n+yLjUJ5XnvcyrqeJswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTAxMjgxMDQxMjZaFw0yNjAxMjcxMDQ2MjZaMDMxMTAvBgNV
BAMTKEFENEVDOTgyMDk0RDFEMzFBRkI0QTA4Qzg3RDE1RTU3MTQwRUM5QkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQy1GNDHFyr0pt/pVx/XX+SOgx
5MJNfY7SSKeyqonmGEKGAjGx2fQxKQ4uCLdTs4QCZaiMv0tKmKKG3SGSXOjirv06
ByOogmCQaQ1hkTXz5BVAeqqtr0R3k659an+3U70bpvWwquKeimQ6VMoZVaTUGQRg
j7Ed44WLNTsYTFgec+qGfzYb7I/ge9xqLXS0ViXcGTlfWpLxba+/C/aecqlYPsHt
2IhbhSisnMf/E8M+KFIQjEqOPeszJOcQYfgTEeUVPOgYg6CeAdu8Qhav168NDKfH
gE0zytgmuyywatqWJBuiw/SSqtq0555Ww/hrfiE99oYTjG75DYRoj8WseBrPAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUrU7JgglNHTGvtKCMh9FeVxQOyb8wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzNTQzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQtOMA0GCSqGSIb3DQEBCwUAA4IBAQDjbzYsxvMoVcuahbaD3m34n55pckEXEDZS
fJduBt1yLSgO1OXN6W1ldSNIuIiPGG0PTO7+u5+7aLWuuYLXtJL/nIImiXSqKRqj
ZhNawPmm6aLaOLjCmAcjNg4YcaO8Uv3s0TC7SemUsgQcMYaCzsfTz+bbhBXm1hfD
HY09KBGKA/d3z/Nyy66UTCUcRmf0Asi6oTBw7XLmDD+p4/pMgfKi2lp/w2ERihvx
avqzgtfloCaI6172QU/uxorqwtLygkqohEo7fgxsnf7Qt7Hx/SmfFrwphackuZev
1FlQtgccXofc2Ggo86Svcola+nQMC9E4Pk1DGUSRohS4pGWKtYdI
-----END CERTIFICATE-----