Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213714.roa
File:                     AS213714.roa (raw, json)
Hash identifier:          jFxitBbK7+Z60MHBYoz8yxQkiCzTYV3JifN6x1yHGxk=
Subject key identifier:   38:90:EA:50:F0:D5:E2:44:AE:AE:ED:1F:0F:59:C9:B8:E0:69:A2:5C
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       61AADDB0625B2EEC18986F09F5250880F1022037
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213714.roa
Signing time:             Tue 17 Dec 2024 00:45:52 +0000
ROA not before:           Tue 17 Dec 2024 00:40:51 +0000
ROA not after:            Tue 16 Dec 2025 00:45:51 +0000
asID:                     213714
IP address blocks:        2a0f:85c1:b34::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:aa:dd:b0:62:5b:2e:ec:18:98:6f:09:f5:25:08:80:f1:02:20:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Dec 17 00:40:51 2024 GMT
            Not After : Dec 16 00:45:51 2025 GMT
        Subject: CN=3890EA50F0D5E244AEAEED1F0F59C9B8E069A25C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:2e:1e:19:7b:fd:b8:5a:c2:a1:f9:47:f4:a9:
                    17:69:e0:37:af:f8:9a:67:4f:cd:2c:40:fd:0e:12:
                    b9:32:e7:67:6e:1b:c8:5b:8f:60:3b:98:05:36:61:
                    79:e6:37:7b:28:c5:e7:c2:37:f4:97:37:3d:d7:c3:
                    48:fc:9f:37:34:a5:ac:91:3e:78:21:5f:37:03:aa:
                    83:c2:ec:da:b3:a3:b0:61:3a:bb:f7:cf:66:a4:33:
                    78:c4:23:e9:d6:2b:a2:42:6d:c9:c0:be:d9:1c:f2:
                    89:72:97:e4:3a:b4:b2:8c:37:b2:46:2f:31:83:9d:
                    7e:40:88:af:47:85:85:78:18:9b:b7:53:d6:3b:7a:
                    ff:6b:e3:ed:07:97:f0:0d:92:b1:77:e4:5d:d4:97:
                    07:07:5c:09:c7:88:e0:50:56:ec:3e:c7:9d:53:b8:
                    ff:47:a2:fe:82:82:9e:77:06:5e:cc:f2:0a:a8:d1:
                    8c:b4:50:8f:71:89:f8:4b:8b:73:ba:71:3c:e4:f3:
                    4d:b1:57:f0:f7:55:7f:ad:21:42:06:96:68:34:06:
                    69:9b:84:48:ef:10:02:93:0a:eb:3c:b8:fb:b6:c9:
                    f8:65:7d:2f:83:75:e0:cf:0d:5d:20:e2:62:52:ea:
                    b3:b4:54:56:4c:9d:c6:da:90:01:91:b4:61:bb:9c:
                    5a:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:90:EA:50:F0:D5:E2:44:AE:AE:ED:1F:0F:59:C9:B8:E0:69:A2:5C
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213714.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:b34::/48

    Signature Algorithm: sha256WithRSAEncryption
         46:d4:36:99:bc:1d:c3:c7:88:46:b7:9d:c8:e3:61:08:e0:ac:
         33:db:1c:f7:4d:ab:27:11:6a:67:22:2e:67:d5:5a:e9:95:52:
         fc:14:54:bd:9e:17:61:c8:f1:6d:c8:0d:44:4c:3f:a9:6d:ce:
         c6:fa:bc:8d:10:34:fa:df:9c:2d:21:1f:0e:bd:d3:1c:6a:8f:
         96:e1:3e:65:13:be:32:e2:38:dd:aa:df:46:69:0a:ba:6c:c3:
         5a:66:3e:87:c8:3b:80:be:35:34:ec:b4:5c:ec:5f:4f:10:11:
         9e:b6:23:18:36:78:3e:50:7d:95:c1:06:74:ba:37:92:29:2a:
         2e:cb:73:e2:25:2c:aa:49:27:eb:73:ec:50:34:02:f0:2d:5d:
         4a:d4:51:55:4b:5b:aa:d5:5c:ae:68:e1:98:4c:aa:80:16:e0:
         92:8c:15:c3:9e:de:bd:33:90:26:cf:67:3a:8b:f6:48:df:e8:
         97:fd:8d:26:33:c6:da:2c:63:83:cf:76:0b:dd:1c:63:07:41:
         29:96:93:69:e6:4f:b8:68:4f:cf:58:fb:a2:37:e9:b2:9c:21:
         6c:0f:55:d6:80:5a:c2:aa:c9:f3:c9:2c:b8:a5:48:40:1b:72:
         c0:1b:95:ee:0b:4f:c5:a5:3e:d4:c3:12:2b:a9:ed:55:a4:3c:
         6a:f9:d9:27
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUYardsGJbLuwYmG8J9SUIgPECIDcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDEyMTcwMDQwNTFaFw0yNTEyMTYwMDQ1NTFaMDMxMTAvBgNV
BAMTKDM4OTBFQTUwRjBENUUyNDRBRUFFRUQxRjBGNTlDOUI4RTA2OUEyNUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8Lh4Ze/24WsKh+Uf0qRdp4Dev
+JpnT80sQP0OErky52duG8hbj2A7mAU2YXnmN3soxefCN/SXNz3Xw0j8nzc0payR
PnghXzcDqoPC7Nqzo7BhOrv3z2akM3jEI+nWK6JCbcnAvtkc8olyl+Q6tLKMN7JG
LzGDnX5AiK9HhYV4GJu3U9Y7ev9r4+0Hl/ANkrF35F3UlwcHXAnHiOBQVuw+x51T
uP9Hov6Cgp53Bl7M8gqo0Yy0UI9xifhLi3O6cTzk802xV/D3VX+tIUIGlmg0Bmmb
hEjvEAKTCus8uPu2yfhlfS+DdeDPDV0g4mJS6rO0VFZMncbakAGRtGG7nFpBAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUOJDqUPDV4kSuru0fD1nJuOBpolwwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzNzE0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQs0MA0GCSqGSIb3DQEBCwUAA4IBAQBG1DaZvB3Dx4hGt53I42EI4Kwz2xz3Tasn
EWpnIi5n1VrplVL8FFS9nhdhyPFtyA1ETD+pbc7G+ryNEDT635wtIR8OvdMcao+W
4T5lE74y4jjdqt9GaQq6bMNaZj6HyDuAvjU07LRc7F9PEBGetiMYNng+UH2VwQZ0
ujeSKSouy3PiJSyqSSfrc+xQNALwLV1K1FFVS1uq1VyuaOGYTKqAFuCSjBXDnt69
M5Amz2c6i/ZI3+iX/Y0mM8baLGODz3YL3RxjB0EplpNp5k+4aE/PWPuiN+mynCFs
D1XWgFrCqsnzySy4pUhAG3LAG5XuC0/FpT7UwxIrqe1VpDxq+dkn
-----END CERTIFICATE-----