Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213769.roa
File:                     AS213769.roa (raw, json)
Hash identifier:          MXRE6xteZs/wyi6v2ZY6Y+2+LPz0MfvQUOoguV/B8XU=
Subject key identifier:   BA:8C:06:94:09:0C:78:E0:15:28:05:0A:B3:E0:B9:0C:D2:33:A4:D6
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       7B89CFEAE2E8956F7A3CB1A4D044336F80ED89FC
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213769.roa
Signing time:             Fri 06 Dec 2024 12:56:37 +0000
ROA not before:           Fri 06 Dec 2024 12:51:37 +0000
ROA not after:            Fri 05 Dec 2025 12:56:37 +0000
asID:                     213769
IP address blocks:        2a0f:85c1:8f4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:89:cf:ea:e2:e8:95:6f:7a:3c:b1:a4:d0:44:33:6f:80:ed:89:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Dec  6 12:51:37 2024 GMT
            Not After : Dec  5 12:56:37 2025 GMT
        Subject: CN=BA8C0694090C78E01528050AB3E0B90CD233A4D6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:d8:a6:86:d8:62:2b:9b:05:4a:95:78:54:a7:
                    d8:c8:81:4c:30:2a:82:6b:20:1c:ab:39:f5:bf:ba:
                    93:8b:5a:84:88:69:a8:99:ac:00:20:60:19:eb:33:
                    e2:fa:75:e5:26:d5:84:c6:59:71:25:e4:ab:00:cd:
                    b2:77:5e:f2:43:78:37:47:a1:fb:eb:3d:79:0e:c4:
                    d9:e0:cc:c6:bf:45:f6:ee:e5:72:89:bd:91:13:d8:
                    3b:55:d5:8b:1f:b7:fb:55:cd:0b:4e:25:be:db:73:
                    8e:52:5f:64:57:05:7f:ff:fc:c6:e3:ba:d5:04:c3:
                    70:20:7a:06:ee:50:c3:44:ac:8b:3a:6b:b7:b6:f8:
                    58:c2:3d:95:73:4f:3d:b1:7d:3b:4b:3e:bc:2c:0f:
                    fa:3c:ec:ac:87:dd:00:30:25:da:bd:51:ec:de:19:
                    d5:bf:e6:c5:e3:ed:48:bd:fa:eb:6e:49:f5:8e:f8:
                    5f:4c:b6:96:80:2e:4f:23:60:da:4f:f3:3a:23:7f:
                    53:09:31:5e:69:4c:32:f2:e8:10:56:6f:12:a0:dd:
                    d1:33:32:f7:3b:2c:db:ef:78:63:3e:de:fd:8c:f0:
                    87:55:05:44:16:fb:47:71:b7:75:a1:26:09:d5:2f:
                    51:2c:d4:92:64:0d:4b:82:9f:a5:47:1d:c3:fd:85:
                    0d:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:8C:06:94:09:0C:78:E0:15:28:05:0A:B3:E0:B9:0C:D2:33:A4:D6
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213769.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:8f4::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:ea:fe:3f:ce:ed:40:66:13:12:85:9a:4d:9d:8f:73:b3:83:
         ca:3c:53:a1:43:e3:50:d3:04:89:5e:b5:01:a5:db:0d:44:48:
         6c:2b:1d:f6:99:ff:d0:cf:47:30:ca:70:6c:16:dc:60:35:ac:
         84:af:72:8c:a0:2a:6a:39:74:cb:0d:cc:70:a6:05:0a:e3:fa:
         1a:30:c1:ab:ff:9e:4d:92:d9:b0:17:bf:dd:4e:fe:5b:3b:fd:
         d3:92:c0:0c:61:b2:bf:84:8a:34:bb:31:46:87:36:14:05:a6:
         84:7d:30:a9:b0:1d:b7:98:1e:a9:fc:e7:d5:3f:1a:c2:18:8a:
         84:3b:0a:62:51:5b:ef:b2:ed:2a:da:6a:c8:06:e1:c0:7b:d4:
         68:1d:27:a9:69:64:96:41:0f:8f:7b:36:9b:a7:da:82:93:7b:
         e1:fc:ae:77:1d:86:0e:2d:aa:68:a0:5b:02:56:3b:c9:54:96:
         a8:c6:fb:fd:d6:25:07:76:37:d4:83:c8:a0:cf:c4:f3:0c:81:
         3a:69:12:33:19:42:56:d0:17:98:a1:8f:2e:fb:34:01:9d:c3:
         99:c2:bc:8f:e7:65:2e:df:64:26:4d:f4:5f:9a:79:22:d5:2d:
         5d:5c:e1:6b:a2:ba:10:83:96:92:a2:89:eb:a0:06:29:a7:6c:
         79:ae:e7:77
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUe4nP6uLolW96PLGk0EQzb4DtifwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDEyMDYxMjUxMzdaFw0yNTEyMDUxMjU2MzdaMDMxMTAvBgNV
BAMTKEJBOEMwNjk0MDkwQzc4RTAxNTI4MDUwQUIzRTBCOTBDRDIzM0E0RDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC32KaG2GIrmwVKlXhUp9jIgUww
KoJrIByrOfW/upOLWoSIaaiZrAAgYBnrM+L6deUm1YTGWXEl5KsAzbJ3XvJDeDdH
ofvrPXkOxNngzMa/Rfbu5XKJvZET2DtV1Ysft/tVzQtOJb7bc45SX2RXBX///Mbj
utUEw3AgegbuUMNErIs6a7e2+FjCPZVzTz2xfTtLPrwsD/o87KyH3QAwJdq9Ueze
GdW/5sXj7Ui9+utuSfWO+F9MtpaALk8jYNpP8zojf1MJMV5pTDLy6BBWbxKg3dEz
Mvc7LNvveGM+3v2M8IdVBUQW+0dxt3WhJgnVL1Es1JJkDUuCn6VHHcP9hQ3rAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUuowGlAkMeOAVKAUKs+C5DNIzpNYwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzNzY5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQj0MA0GCSqGSIb3DQEBCwUAA4IBAQBR6v4/zu1AZhMShZpNnY9zs4PKPFOhQ+NQ
0wSJXrUBpdsNREhsKx32mf/Qz0cwynBsFtxgNayEr3KMoCpqOXTLDcxwpgUK4/oa
MMGr/55NktmwF7/dTv5bO/3TksAMYbK/hIo0uzFGhzYUBaaEfTCpsB23mB6p/OfV
PxrCGIqEOwpiUVvvsu0q2mrIBuHAe9RoHSepaWSWQQ+Pezabp9qCk3vh/K53HYYO
LapooFsCVjvJVJaoxvv91iUHdjfUg8igz8TzDIE6aRIzGUJW0BeYoY8u+zQBncOZ
wryP52Uu32QmTfRfmnki1S1dXOFroroQg5aSoonroAYpp2x5rud3
-----END CERTIFICATE-----