Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213626.roa
File:                     AS213626.roa (raw, json)
Hash identifier:          lLsHnXcetxh8kIcKEOCc4rYoXRelr65BAygXBgO0sAA=
Subject key identifier:   D2:BB:27:46:81:40:0F:DF:16:97:45:96:E6:68:B8:9A:B9:BE:FA:0C
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       63BCFFE6260B6BE9B94208C3313EB80FAE4B1E72
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213626.roa
Signing time:             Tue 07 Jan 2025 21:49:14 +0000
ROA not before:           Tue 07 Jan 2025 21:44:14 +0000
ROA not after:            Tue 06 Jan 2026 21:49:14 +0000
asID:                     213626
IP address blocks:        2a0f:85c1:b39::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Mar 2025 21:08:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:bc:ff:e6:26:0b:6b:e9:b9:42:08:c3:31:3e:b8:0f:ae:4b:1e:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jan  7 21:44:14 2025 GMT
            Not After : Jan  6 21:49:14 2026 GMT
        Subject: CN=D2BB274681400FDF16974596E668B89AB9BEFA0C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:76:5e:22:db:be:04:71:f5:14:96:38:dd:46:
                    93:c3:05:17:7f:c3:86:4a:f9:1d:a3:36:dd:3e:b1:
                    42:4f:4a:63:1a:27:c8:78:be:cc:fd:89:18:34:5c:
                    19:f1:fe:b4:39:40:17:fc:8d:01:fe:dc:c0:45:41:
                    bf:b6:9e:01:5d:ad:25:5c:29:25:88:04:35:dc:96:
                    ba:48:3f:9a:77:3c:d2:d2:e5:05:d6:3b:1b:b3:fa:
                    94:02:f5:be:09:35:fa:c9:35:2c:25:8f:54:50:7b:
                    6c:05:d8:b8:4a:30:5a:d5:c2:b2:8e:20:e5:d1:9c:
                    8d:1e:c7:c5:cd:22:c9:5e:5d:1b:fa:a4:6e:68:22:
                    ad:6c:32:9e:d3:df:61:24:ba:dc:64:ba:0a:31:3d:
                    aa:c6:f3:ba:b4:98:0f:6a:ad:e7:82:ef:8a:76:ce:
                    0d:f7:bd:7c:5c:a0:60:75:48:27:b6:9a:10:9a:11:
                    fd:e7:25:94:d1:83:a9:5b:69:8d:99:2e:4f:34:c5:
                    da:59:c9:97:68:6e:85:28:ff:7d:f8:97:69:a2:df:
                    75:b9:a1:a6:d0:64:19:81:6f:41:d8:a3:7c:7f:7d:
                    1f:1b:25:bb:de:68:74:bf:0c:cf:ef:e0:b7:c2:a1:
                    33:ff:11:62:0c:98:bc:bd:79:ef:0e:8d:9d:7e:55:
                    88:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:BB:27:46:81:40:0F:DF:16:97:45:96:E6:68:B8:9A:B9:BE:FA:0C
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213626.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:b39::/48

    Signature Algorithm: sha256WithRSAEncryption
         b7:68:30:6f:91:5f:d9:8c:e5:c1:e3:a1:f6:fd:d2:6d:b5:26:
         fa:a0:51:0f:cf:30:7f:33:83:f4:d5:c7:70:c0:d5:47:6e:74:
         93:11:d1:7c:da:18:a3:9e:0a:4d:1a:d7:7a:b2:7b:f1:56:ed:
         46:25:4b:76:61:57:f5:6b:b6:60:3f:19:de:2f:f1:47:b3:11:
         17:f1:8e:f8:3e:6c:f7:1c:57:e2:3a:1c:46:20:5b:33:9e:14:
         92:f9:b6:e1:61:dd:97:0f:95:ad:c7:ee:77:7c:a2:7a:24:02:
         23:d4:bb:2f:df:18:d8:6f:00:dd:22:47:05:9c:4e:7b:1d:d8:
         5d:dc:87:a1:25:9b:85:e0:cb:bd:e1:b6:a5:a5:ed:a3:ba:b7:
         df:b3:d6:c1:f7:e3:23:07:8b:92:e5:6f:d3:cf:aa:45:11:2b:
         e1:e6:ec:43:c2:65:16:ea:cd:92:e3:da:af:4f:db:b4:54:73:
         59:36:ae:52:f8:64:57:53:35:1b:6c:69:55:fc:0c:fb:5c:2e:
         2d:4d:84:ca:e7:e7:57:ea:3c:cc:7c:69:db:29:a3:18:32:61:
         33:92:2e:b4:92:61:64:27:c8:62:3c:e5:e6:ce:54:f2:57:c5:
         80:bb:8a:30:50:49:a3:9a:f8:46:03:4e:56:83:98:c6:f6:36:
         ec:82:12:f2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUY7z/5iYLa+m5QgjDMT64D65LHnIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTAxMDcyMTQ0MTRaFw0yNjAxMDYyMTQ5MTRaMDMxMTAvBgNV
BAMTKEQyQkIyNzQ2ODE0MDBGREYxNjk3NDU5NkU2NjhCODlBQjlCRUZBMEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVdl4i274EcfUUljjdRpPDBRd/
w4ZK+R2jNt0+sUJPSmMaJ8h4vsz9iRg0XBnx/rQ5QBf8jQH+3MBFQb+2ngFdrSVc
KSWIBDXclrpIP5p3PNLS5QXWOxuz+pQC9b4JNfrJNSwlj1RQe2wF2LhKMFrVwrKO
IOXRnI0ex8XNIsleXRv6pG5oIq1sMp7T32EkutxkugoxParG87q0mA9qreeC74p2
zg33vXxcoGB1SCe2mhCaEf3nJZTRg6lbaY2ZLk80xdpZyZdoboUo/334l2mi33W5
oabQZBmBb0HYo3x/fR8bJbveaHS/DM/v4LfCoTP/EWIMmLy9ee8OjZ1+VYhVAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU0rsnRoFAD98Wl0WW5mi4mrm++gwwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzNjI2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQs5MA0GCSqGSIb3DQEBCwUAA4IBAQC3aDBvkV/ZjOXB46H2/dJttSb6oFEPzzB/
M4P01cdwwNVHbnSTEdF82hijngpNGtd6snvxVu1GJUt2YVf1a7ZgPxneL/FHsxEX
8Y74Pmz3HFfiOhxGIFsznhSS+bbhYd2XD5Wtx+53fKJ6JAIj1Lsv3xjYbwDdIkcF
nE57Hdhd3IehJZuF4Mu94balpe2jurffs9bB9+MjB4uS5W/Tz6pFESvh5uxDwmUW
6s2S49qvT9u0VHNZNq5S+GRXUzUbbGlV/Az7XC4tTYTK5+dX6jzMfGnbKaMYMmEz
ki60kmFkJ8hiPOXmzlTyV8WAu4owUEmjmvhGA05Wg5jG9jbsghLy
-----END CERTIFICATE-----