Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213608.roa
File:                     AS213608.roa (raw, json)
Hash identifier:          VQdVjBsPy48WElrkQ0J/keFkRcXJIPmFdhlh5hfVWOw=
Subject key identifier:   88:33:1D:91:31:1E:C3:C6:E9:2B:21:DE:98:E6:28:60:3A:AC:D1:D5
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       4151FB914EB4CC6996954F9AEBB80CD3A623B9B8
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213608.roa
Signing time:             Fri 10 Jan 2025 12:52:10 +0000
ROA not before:           Fri 10 Jan 2025 12:47:10 +0000
ROA not after:            Fri 09 Jan 2026 12:52:10 +0000
asID:                     213608
IP address blocks:        2a0f:85c1:b3d::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:51:fb:91:4e:b4:cc:69:96:95:4f:9a:eb:b8:0c:d3:a6:23:b9:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jan 10 12:47:10 2025 GMT
            Not After : Jan  9 12:52:10 2026 GMT
        Subject: CN=88331D91311EC3C6E92B21DE98E628603AACD1D5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:02:61:c7:6d:13:b0:c1:55:df:a6:12:af:a2:
                    c0:4b:2f:c4:e0:ca:e6:0c:fd:5f:63:44:2e:68:cf:
                    0d:38:96:9a:51:33:3e:40:92:e7:df:cb:81:c4:34:
                    24:4a:04:2f:05:5f:b7:37:97:63:b0:da:69:b3:04:
                    0a:13:58:e0:6e:ef:66:e2:3c:8a:b7:ae:a9:4c:00:
                    cc:28:8c:ce:ab:27:1b:72:77:44:3e:d7:e7:b7:a5:
                    15:fc:e9:ed:2c:b6:2a:00:8a:21:41:eb:65:75:4a:
                    8f:4f:53:a7:01:f5:5c:24:eb:08:20:3d:45:9b:3b:
                    79:59:3b:60:b6:36:1a:d7:64:7e:82:ee:6e:4d:22:
                    c5:b0:b3:91:fe:24:fd:0e:bb:d9:44:19:b7:9a:e5:
                    ff:bb:ce:be:65:a5:37:a1:ed:60:82:29:47:0c:18:
                    64:01:6f:a2:28:4f:8f:36:e5:94:06:3a:59:33:4e:
                    48:ac:f3:d1:55:6f:fd:cd:cb:d4:65:54:ba:fe:41:
                    47:c2:54:78:4a:57:03:af:71:1f:95:87:db:3b:a2:
                    7b:4d:68:76:b6:03:27:46:9e:1f:f7:95:2f:9b:25:
                    45:e5:57:9d:29:1c:6f:54:f1:b9:67:60:c2:df:59:
                    f8:ca:89:91:31:61:71:2c:ae:c7:53:12:a3:80:95:
                    a5:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:33:1D:91:31:1E:C3:C6:E9:2B:21:DE:98:E6:28:60:3A:AC:D1:D5
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213608.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:b3d::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:a6:e4:1c:4b:b0:c9:fe:a1:d0:b5:be:e3:ec:68:d8:52:df:
         a0:bd:b3:23:4c:cc:fe:8a:bb:34:f3:e2:ef:05:22:1b:73:5e:
         76:d5:b7:6f:12:ea:c0:0b:6e:04:77:68:ad:a4:2e:46:16:e9:
         00:c7:22:00:e3:dc:eb:5b:ef:3d:20:f7:a2:08:95:f3:99:4d:
         17:45:75:5d:3e:51:24:e6:84:cf:e4:6f:ca:c9:e8:7c:31:9f:
         fc:30:5a:1a:5a:31:31:a4:c0:bc:c9:bb:93:30:11:e8:d0:34:
         ef:87:b6:7c:ec:58:ce:d5:f7:10:38:81:77:e1:73:d0:48:f1:
         7f:56:9c:0c:9a:35:12:44:32:6b:17:a5:41:13:eb:d2:a6:f2:
         88:27:b5:80:aa:d5:a2:b5:6f:36:37:8d:86:03:49:17:95:b2:
         5c:09:1e:1f:16:d8:db:a4:bc:f4:b8:8f:68:e8:57:ff:2b:10:
         cb:5b:e1:66:0e:40:3d:cb:fd:43:d6:e0:f3:d0:6c:5e:8a:41:
         43:19:7f:ae:40:94:76:d5:c3:68:c8:a6:49:7e:ef:b3:61:b4:
         8a:21:f5:78:1b:5a:3a:ba:ae:28:f8:c9:6c:ce:15:ac:63:c4:
         85:d3:6a:4b:27:39:65:60:d2:f1:98:1a:f1:07:64:b5:c6:38:
         93:cf:a3:a7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUQVH7kU60zGmWlU+a67gM06YjubgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTAxMTAxMjQ3MTBaFw0yNjAxMDkxMjUyMTBaMDMxMTAvBgNV
BAMTKDg4MzMxRDkxMzExRUMzQzZFOTJCMjFERTk4RTYyODYwM0FBQ0QxRDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQAmHHbROwwVXfphKvosBLL8Tg
yuYM/V9jRC5ozw04lppRMz5Akuffy4HENCRKBC8FX7c3l2Ow2mmzBAoTWOBu72bi
PIq3rqlMAMwojM6rJxtyd0Q+1+e3pRX86e0stioAiiFB62V1So9PU6cB9Vwk6wgg
PUWbO3lZO2C2NhrXZH6C7m5NIsWws5H+JP0Ou9lEGbea5f+7zr5lpTeh7WCCKUcM
GGQBb6IoT4825ZQGOlkzTkis89FVb/3Ny9RlVLr+QUfCVHhKVwOvcR+Vh9s7ontN
aHa2AydGnh/3lS+bJUXlV50pHG9U8blnYMLfWfjKiZExYXEsrsdTEqOAlaWRAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUiDMdkTEew8bpKyHemOYoYDqs0dUwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzNjA4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQs9MA0GCSqGSIb3DQEBCwUAA4IBAQARpuQcS7DJ/qHQtb7j7GjYUt+gvbMjTMz+
irs08+LvBSIbc1521bdvEurAC24Ed2itpC5GFukAxyIA49zrW+89IPeiCJXzmU0X
RXVdPlEk5oTP5G/Kyeh8MZ/8MFoaWjExpMC8ybuTMBHo0DTvh7Z87FjO1fcQOIF3
4XPQSPF/VpwMmjUSRDJrF6VBE+vSpvKIJ7WAqtWitW82N42GA0kXlbJcCR4fFtjb
pLz0uI9o6Ff/KxDLW+FmDkA9y/1D1uDz0GxeikFDGX+uQJR21cNoyKZJfu+zYbSK
IfV4G1o6uq4o+MlszhWsY8SF02pLJzllYNLxmBrxB2S1xjiTz6On
-----END CERTIFICATE-----