Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213796.roa
File:                     AS213796.roa (raw, json)
Hash identifier:          S3kSo0OTAvx+beBkblThjgX/A+kzQsvTjXokUJmKMGE=
Subject key identifier:   CA:F0:DD:DD:9B:E0:0A:CD:3B:E0:56:B2:64:B7:13:DF:EB:3C:BF:69
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       056224D2F805BF5814F09D69C820E86C7B4B6379
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213796.roa
Signing time:             Tue 03 Dec 2024 00:22:05 +0000
ROA not before:           Tue 03 Dec 2024 00:17:05 +0000
ROA not after:            Tue 02 Dec 2025 00:22:05 +0000
asID:                     213796
IP address blocks:        2a0f:85c1:8f3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:62:24:d2:f8:05:bf:58:14:f0:9d:69:c8:20:e8:6c:7b:4b:63:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Dec  3 00:17:05 2024 GMT
            Not After : Dec  2 00:22:05 2025 GMT
        Subject: CN=CAF0DDDD9BE00ACD3BE056B264B713DFEB3CBF69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:fa:f4:47:08:c8:10:49:5e:ad:97:cb:75:4f:
                    ea:b7:10:ed:77:16:95:9c:85:b7:57:06:03:01:8d:
                    e2:39:89:61:ac:8e:d2:4d:bb:84:56:e2:64:99:61:
                    cb:f5:cd:57:1b:ea:f1:f8:91:e2:8e:32:07:77:de:
                    08:da:f4:64:82:e7:ee:fa:41:27:ab:76:95:3b:c7:
                    67:7d:2f:2c:5b:da:9b:be:4e:a3:bd:60:29:ad:0a:
                    cc:c3:e3:a7:2a:5d:f3:eb:b0:1a:f5:e6:03:65:4b:
                    2b:d2:f7:1c:5d:2b:96:1a:89:b3:0f:d3:24:10:5e:
                    47:73:f2:03:56:e0:86:f3:0c:ee:54:33:4b:47:be:
                    58:95:15:07:14:76:18:ec:bd:09:cd:50:73:80:35:
                    c2:1d:06:2e:95:e1:96:95:f1:82:cf:78:87:39:f6:
                    37:5c:84:bf:ac:80:91:32:0a:4f:44:b2:3e:70:b6:
                    8c:42:06:43:ff:d5:88:72:07:fd:dd:79:e3:6d:a4:
                    fe:42:3f:e1:38:5c:5c:28:68:ca:03:37:cb:fc:a9:
                    f1:02:f6:9a:fa:de:f8:ef:be:5b:88:dc:d6:f8:19:
                    ab:ad:6f:ed:d5:95:e2:55:0b:85:45:a4:a7:14:31:
                    70:5d:b9:95:78:8d:e7:10:09:d6:2e:1e:57:96:33:
                    4b:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:F0:DD:DD:9B:E0:0A:CD:3B:E0:56:B2:64:B7:13:DF:EB:3C:BF:69
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213796.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:8f3::/48

    Signature Algorithm: sha256WithRSAEncryption
         93:87:4e:a9:6f:86:42:b5:1b:31:13:8d:85:f7:39:95:e2:a4:
         b7:7a:0b:f1:f8:ec:f0:9a:a3:7a:a4:c8:26:46:78:d1:07:df:
         14:e7:a2:b5:b3:fe:39:b5:2b:fc:e1:75:cc:ac:47:7f:10:31:
         0a:29:bc:2c:59:af:13:87:83:21:70:99:ac:17:ca:a5:ad:c8:
         0c:0e:bb:2b:84:c6:a2:77:18:4c:44:63:64:4d:fd:c2:01:3e:
         19:41:89:ca:a3:d6:a3:95:7a:69:47:47:ff:35:4c:cb:67:47:
         d2:b3:04:26:5d:d6:dd:4d:58:f7:9b:a2:36:fa:89:3e:3b:96:
         06:db:be:41:c8:71:21:51:21:1e:4d:26:08:e2:ee:c1:64:52:
         75:e8:41:60:96:01:9c:59:ff:df:87:1d:18:13:b0:f2:0e:03:
         8b:88:f0:20:bf:87:3a:e7:e9:d9:da:3d:a6:21:5f:ee:ec:09:
         e9:2d:23:2c:d2:9e:ba:4a:c1:a6:27:82:28:64:e0:5b:fd:1d:
         df:1e:b3:d7:c0:26:8c:11:77:17:9d:65:c8:f4:c5:31:1a:18:
         29:c3:89:04:dd:70:41:e7:fe:44:99:ef:b3:a4:2d:d4:db:4e:
         6e:46:e4:91:69:a0:9e:c9:4c:ba:37:b8:22:38:d4:25:eb:ac:
         1e:6d:c8:b6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUBWIk0vgFv1gU8J1pyCDobHtLY3kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDEyMDMwMDE3MDVaFw0yNTEyMDIwMDIyMDVaMDMxMTAvBgNV
BAMTKENBRjBEREREOUJFMDBBQ0QzQkUwNTZCMjY0QjcxM0RGRUIzQ0JGNjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs+vRHCMgQSV6tl8t1T+q3EO13
FpWchbdXBgMBjeI5iWGsjtJNu4RW4mSZYcv1zVcb6vH4keKOMgd33gja9GSC5+76
QSerdpU7x2d9Lyxb2pu+TqO9YCmtCszD46cqXfPrsBr15gNlSyvS9xxdK5YaibMP
0yQQXkdz8gNW4IbzDO5UM0tHvliVFQcUdhjsvQnNUHOANcIdBi6V4ZaV8YLPeIc5
9jdchL+sgJEyCk9Esj5wtoxCBkP/1YhyB/3deeNtpP5CP+E4XFwoaMoDN8v8qfEC
9pr63vjvvluI3Nb4Gautb+3VleJVC4VFpKcUMXBduZV4jecQCdYuHleWM0v1AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUyvDd3ZvgCs074FayZLcT3+s8v2kwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzNzk2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQjzMA0GCSqGSIb3DQEBCwUAA4IBAQCTh06pb4ZCtRsxE42F9zmV4qS3egvx+Ozw
mqN6pMgmRnjRB98U56K1s/45tSv84XXMrEd/EDEKKbwsWa8Th4MhcJmsF8qlrcgM
DrsrhMaidxhMRGNkTf3CAT4ZQYnKo9ajlXppR0f/NUzLZ0fSswQmXdbdTVj3m6I2
+ok+O5YG275ByHEhUSEeTSYI4u7BZFJ16EFglgGcWf/fhx0YE7DyDgOLiPAgv4c6
5+nZ2j2mIV/u7AnpLSMs0p66SsGmJ4IoZOBb/R3fHrPXwCaMEXcXnWXI9MUxGhgp
w4kE3XBB5/5Eme+zpC3U205uRuSRaaCeyUy6N7giONQl66webci2
-----END CERTIFICATE-----