Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213582.roa
File:                     AS213582.roa (raw, json)
Hash identifier:          b0pjDziTh/evIpShYjxPDSpcuRT6c0DrKADjjT0bWo0=
Subject key identifier:   7C:05:96:41:75:E5:6D:7D:D0:17:B2:3D:B2:B6:08:0E:DE:09:78:0C
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       692A8C9D329AFB858DE67B88BBFAB48F710EF478
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213582.roa
Signing time:             Sat 18 Jan 2025 22:08:38 +0000
ROA not before:           Sat 18 Jan 2025 22:03:38 +0000
ROA not after:            Sat 17 Jan 2026 22:08:38 +0000
asID:                     213582
IP address blocks:        2a0f:85c1:b3a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 14:13:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:2a:8c:9d:32:9a:fb:85:8d:e6:7b:88:bb:fa:b4:8f:71:0e:f4:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jan 18 22:03:38 2025 GMT
            Not After : Jan 17 22:08:38 2026 GMT
        Subject: CN=7C05964175E56D7DD017B23DB2B6080EDE09780C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:c3:e4:4d:7c:e4:d7:a0:8b:56:de:d2:a5:a8:
                    35:55:5a:d2:50:95:3d:d2:31:31:c9:80:76:83:0b:
                    12:78:23:94:4e:11:df:a3:08:bc:7f:7a:cc:68:46:
                    c4:ea:85:7d:15:35:b4:1e:54:a4:fc:11:aa:cf:c8:
                    29:42:dc:b0:40:3d:7e:aa:5a:c8:33:e0:cd:25:21:
                    e1:e7:fb:b9:66:58:45:58:f1:6c:cd:60:5d:af:fb:
                    a8:ed:ec:83:21:e7:29:53:b7:02:9a:d4:0f:9d:17:
                    0a:26:7e:99:a1:06:2b:bc:47:78:69:a2:8f:df:21:
                    73:45:13:0e:bc:9b:19:f8:dc:14:f6:fb:25:c6:3f:
                    ea:81:97:ef:fe:58:61:8d:b8:56:c2:f0:08:f0:da:
                    b9:77:8d:1c:c1:bd:03:d6:8e:e5:6d:80:e4:a3:02:
                    eb:74:2d:02:19:55:3b:c1:df:72:a9:30:09:1b:45:
                    d6:13:d7:30:ec:7f:e5:c5:35:8a:a1:f8:58:23:51:
                    32:1b:72:1c:17:49:dd:92:b7:40:49:fb:73:20:13:
                    10:8a:5f:81:3d:72:89:0c:69:4a:a4:ff:65:85:e0:
                    60:0d:b0:0f:17:bd:54:7f:30:f8:86:8b:7e:83:c2:
                    c6:ec:98:cf:60:f4:44:d1:a7:6d:51:0a:5b:c5:38:
                    5c:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:05:96:41:75:E5:6D:7D:D0:17:B2:3D:B2:B6:08:0E:DE:09:78:0C
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213582.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:b3a::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:cb:6f:57:b5:97:5e:72:1a:77:13:f5:05:6b:39:e6:02:37:
         04:b1:a7:96:42:14:3e:76:d5:e9:81:fe:bc:4f:5a:4b:03:67:
         fb:ee:c0:79:29:35:cf:b9:7c:32:54:d3:89:5c:2a:6d:74:2a:
         51:26:98:d3:e7:76:92:17:ee:cf:60:cc:00:c4:c9:0e:ac:ea:
         ab:a4:0d:52:97:ab:6c:d9:c3:ea:38:2b:95:13:00:35:ec:ef:
         19:41:0d:65:c4:5f:fa:b6:06:43:cf:97:98:45:7f:e5:db:f9:
         72:16:2f:19:eb:b9:3d:c8:af:fe:96:fc:29:79:41:2f:72:f9:
         b1:3a:cd:04:45:e2:5a:b8:83:e4:3f:65:83:b0:3c:d6:ce:63:
         65:c5:45:f4:6c:65:35:16:d4:00:b2:19:66:f0:aa:fa:6c:65:
         17:be:4b:f3:74:94:20:13:a7:a4:10:46:8c:0a:55:16:bf:fb:
         34:59:02:59:8b:68:75:0e:7d:77:6f:91:96:65:62:63:e1:23:
         25:5e:a6:c5:39:8b:c3:81:2a:09:70:6f:da:6e:a8:ea:e5:ea:
         90:a2:4d:68:cc:27:9e:f1:3a:42:bc:22:f8:6b:44:d5:b1:b7:
         fe:f9:80:f2:c8:27:a0:10:6f:53:ea:f6:32:79:47:b9:c5:58:
         89:85:55:e0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUaSqMnTKa+4WN5nuIu/q0j3EO9HgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTAxMTgyMjAzMzhaFw0yNjAxMTcyMjA4MzhaMDMxMTAvBgNV
BAMTKDdDMDU5NjQxNzVFNTZEN0REMDE3QjIzREIyQjYwODBFREUwOTc4MEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjw+RNfOTXoItW3tKlqDVVWtJQ
lT3SMTHJgHaDCxJ4I5ROEd+jCLx/esxoRsTqhX0VNbQeVKT8EarPyClC3LBAPX6q
Wsgz4M0lIeHn+7lmWEVY8WzNYF2v+6jt7IMh5ylTtwKa1A+dFwomfpmhBiu8R3hp
oo/fIXNFEw68mxn43BT2+yXGP+qBl+/+WGGNuFbC8Ajw2rl3jRzBvQPWjuVtgOSj
Aut0LQIZVTvB33KpMAkbRdYT1zDsf+XFNYqh+FgjUTIbchwXSd2St0BJ+3MgExCK
X4E9cokMaUqk/2WF4GANsA8XvVR/MPiGi36DwsbsmM9g9ETRp21RClvFOFx/AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUfAWWQXXlbX3QF7I9srYIDt4JeAwwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzNTgyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQs6MA0GCSqGSIb3DQEBCwUAA4IBAQB8y29XtZdechp3E/UFaznmAjcEsaeWQhQ+
dtXpgf68T1pLA2f77sB5KTXPuXwyVNOJXCptdCpRJpjT53aSF+7PYMwAxMkOrOqr
pA1Sl6ts2cPqOCuVEwA17O8ZQQ1lxF/6tgZDz5eYRX/l2/lyFi8Z67k9yK/+lvwp
eUEvcvmxOs0EReJauIPkP2WDsDzWzmNlxUX0bGU1FtQAshlm8Kr6bGUXvkvzdJQg
E6ekEEaMClUWv/s0WQJZi2h1Dn13b5GWZWJj4SMlXqbFOYvDgSoJcG/abqjq5eqQ
ok1ozCee8TpCvCL4a0TVsbf++YDyyCegEG9T6vYyeUe5xViJhVXg
-----END CERTIFICATE-----