Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213768.roa
File:                     AS213768.roa (raw, json)
Hash identifier:          w+bKw75u3/sQXslQeKrIr1JU745S34t0ytbJUuffNeo=
Subject key identifier:   5C:B9:C4:4D:91:EB:A2:46:85:52:C5:9A:02:9A:D5:46:49:E7:FE:FB
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       2ED6AF52475C6337313B077EF4D21C6776CEBA5B
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213768.roa
Signing time:             Wed 15 Jan 2025 02:33:58 +0000
ROA not before:           Wed 15 Jan 2025 02:28:58 +0000
ROA not after:            Wed 14 Jan 2026 02:33:58 +0000
asID:                     213768
IP address blocks:        2a0f:85c1:8b6::/48 maxlen: 48
                          2a0f:85c1:b48::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Mar 2025 15:21:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:d6:af:52:47:5c:63:37:31:3b:07:7e:f4:d2:1c:67:76:ce:ba:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jan 15 02:28:58 2025 GMT
            Not After : Jan 14 02:33:58 2026 GMT
        Subject: CN=5CB9C44D91EBA2468552C59A029AD54649E7FEFB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:d8:06:d2:89:51:7c:69:21:52:0e:f1:6b:87:
                    bb:b1:32:95:b9:a5:2d:47:09:23:b9:7c:92:b4:9e:
                    6a:8c:d3:2d:45:dd:34:87:44:96:9f:83:9d:09:cc:
                    da:07:de:2c:b2:3a:8f:6b:ce:a4:85:d4:6e:49:da:
                    be:84:85:cf:fd:6a:dc:75:55:68:4c:e4:7c:92:ed:
                    7f:c3:16:d1:54:51:90:63:3b:93:76:b1:89:8a:68:
                    3b:2f:1a:8d:25:3c:5e:91:45:94:29:66:32:b1:86:
                    7e:a6:7a:fd:ec:97:41:ad:cc:e5:cf:02:4a:be:fa:
                    07:44:b4:a1:59:43:a4:43:48:8c:e6:c9:f6:03:18:
                    19:27:80:10:1f:23:f6:be:7a:46:67:4c:d7:4c:2e:
                    87:b8:41:7e:f8:71:68:d0:6e:6b:b8:6f:a3:cc:d0:
                    10:c8:2c:b8:68:80:a0:35:3a:2e:35:09:74:42:b8:
                    3e:83:cb:92:a7:ee:9f:6c:84:05:71:a5:67:52:00:
                    38:29:da:a4:33:fb:43:92:2f:ec:be:81:6c:49:ea:
                    98:4e:9d:44:1b:65:51:c4:ad:4a:cb:ce:ae:ff:db:
                    6a:e2:6c:5f:25:51:42:84:76:f6:45:e8:2a:9b:b1:
                    35:5d:a0:51:8a:2e:ad:e3:e6:c3:99:d4:90:f2:33:
                    f4:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:B9:C4:4D:91:EB:A2:46:85:52:C5:9A:02:9A:D5:46:49:E7:FE:FB
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213768.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:8b6::/48
                  2a0f:85c1:b48::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:a5:33:4d:2b:89:a5:33:51:c9:e4:ff:3a:69:c4:f9:6d:20:
         a9:a3:6d:1e:2d:46:f9:a2:ff:16:3c:41:e6:69:01:8d:ee:ce:
         d5:5d:4c:ae:f1:d7:7c:d5:ad:40:cd:7d:48:e7:b6:20:3d:ea:
         76:1c:66:0c:fa:d9:dc:5d:90:ac:c9:10:5a:57:f3:4a:19:29:
         63:6f:b5:9c:cf:32:af:90:dc:e9:d7:a5:79:a2:87:80:fc:52:
         66:86:53:1e:da:a0:9f:9d:49:1f:c6:fb:a6:cc:11:09:0e:89:
         2b:db:c5:8d:10:55:4a:62:0e:f3:f3:33:fc:20:ea:aa:de:66:
         0f:3a:28:7d:31:0f:f8:8f:5f:fa:fe:97:26:ac:c3:69:70:fc:
         f0:de:35:ff:65:cc:7f:9e:c9:03:c8:ab:30:0c:2b:53:07:13:
         0d:17:1b:9f:0e:db:7b:2e:27:85:50:35:32:4c:de:b7:20:c6:
         0a:9c:be:c2:a3:f7:80:ad:4c:04:07:4f:e7:fa:0d:eb:24:9f:
         32:3e:b2:ac:95:12:8d:5a:25:13:e9:32:98:9d:35:8e:b7:00:
         06:e8:6f:a2:05:64:26:7d:0e:87:30:a0:7d:67:eb:93:58:3d:
         98:9a:b7:df:69:95:42:7a:68:16:f0:f7:6a:8f:e3:b1:29:fd:
         43:ee:eb:db
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIULtavUkdcYzcxOwd+9NIcZ3bOulswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTAxMTUwMjI4NThaFw0yNjAxMTQwMjMzNThaMDMxMTAvBgNV
BAMTKDVDQjlDNDREOTFFQkEyNDY4NTUyQzU5QTAyOUFENTQ2NDlFN0ZFRkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDb2AbSiVF8aSFSDvFrh7uxMpW5
pS1HCSO5fJK0nmqM0y1F3TSHRJafg50JzNoH3iyyOo9rzqSF1G5J2r6Ehc/9atx1
VWhM5HyS7X/DFtFUUZBjO5N2sYmKaDsvGo0lPF6RRZQpZjKxhn6mev3sl0GtzOXP
Akq++gdEtKFZQ6RDSIzmyfYDGBkngBAfI/a+ekZnTNdMLoe4QX74cWjQbmu4b6PM
0BDILLhogKA1Oi41CXRCuD6Dy5Kn7p9shAVxpWdSADgp2qQz+0OSL+y+gWxJ6phO
nUQbZVHErUrLzq7/22ribF8lUUKEdvZF6CqbsTVdoFGKLq3j5sOZ1JDyM/QHAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUXLnETZHrokaFUsWaAprVRknn/vswHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzNzY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg+F
wQi2AwcAKg+FwQtIMA0GCSqGSIb3DQEBCwUAA4IBAQCRpTNNK4mlM1HJ5P86acT5
bSCpo20eLUb5ov8WPEHmaQGN7s7VXUyu8dd81a1AzX1I57YgPep2HGYM+tncXZCs
yRBaV/NKGSljb7WczzKvkNzp16V5ooeA/FJmhlMe2qCfnUkfxvumzBEJDokr28WN
EFVKYg7z8zP8IOqq3mYPOih9MQ/4j1/6/pcmrMNpcPzw3jX/Zcx/nskDyKswDCtT
BxMNFxufDtt7LieFUDUyTN63IMYKnL7Co/eArUwEB0/n+g3rJJ8yPrKslRKNWiUT
6TKYnTWOtwAG6G+iBWQmfQ6HMKB9Z+uTWD2YmrffaZVCemgW8Pdqj+OxKf1D7uvb
-----END CERTIFICATE-----