Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213954.roa
File:                     AS213954.roa (raw, json)
Hash identifier:          cPxrhv1Nn/iAHStF5JCaMc0AlxaIjb6g5CQgIkk9Cmc=
Subject key identifier:   BC:A9:A9:62:61:46:53:CD:F2:32:98:51:60:26:9C:EE:54:17:A7:FD
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       69470F2F9AC5725D3B7C025BCC14B488F057DCE6
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213954.roa
Signing time:             Thu 07 Nov 2024 18:09:30 +0000
ROA not before:           Thu 07 Nov 2024 18:04:30 +0000
ROA not after:            Thu 06 Nov 2025 18:09:30 +0000
asID:                     213954
IP address blocks:        2a0f:85c1:8c4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:47:0f:2f:9a:c5:72:5d:3b:7c:02:5b:cc:14:b4:88:f0:57:dc:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Nov  7 18:04:30 2024 GMT
            Not After : Nov  6 18:09:30 2025 GMT
        Subject: CN=BCA9A962614653CDF232985160269CEE5417A7FD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:bc:d0:c9:04:5a:44:bf:22:65:ed:2b:8d:de:
                    a7:2c:7e:9e:dc:2d:a3:f1:c0:bf:61:82:38:eb:cc:
                    2d:3a:64:18:da:6b:d1:b2:6f:17:3b:ed:c1:6d:c1:
                    80:71:b2:1c:9f:86:46:2b:fc:ab:fc:37:8b:34:af:
                    7c:e9:72:2a:61:b0:99:88:9f:53:86:33:21:ce:98:
                    64:d2:44:4a:11:63:9a:09:94:27:2f:3a:3d:79:2c:
                    00:0a:ef:7a:5d:2c:39:24:23:2d:b0:ac:60:06:83:
                    70:f3:ec:4b:7d:9c:13:30:9f:08:ac:bd:93:10:b4:
                    af:fb:04:b2:9f:92:1d:3b:b4:a4:79:e5:1f:4a:60:
                    12:11:ed:45:46:6b:62:73:4b:91:af:db:76:fe:57:
                    1c:c1:9f:1c:2f:7f:52:93:1c:b1:c8:0d:f9:b9:d9:
                    69:ee:72:69:d2:2d:6b:fc:32:8b:47:9f:4f:8a:16:
                    b0:ee:bf:8a:33:6d:5f:57:f7:be:bc:18:b7:7e:6e:
                    01:3d:84:ac:4b:6a:f8:7a:25:41:59:3c:c8:75:b3:
                    95:08:e0:7a:27:20:56:7a:b7:c7:6f:6c:47:72:4b:
                    d0:21:d2:64:f7:b0:c6:51:5e:ee:de:60:07:7a:16:
                    84:d5:f6:76:be:f5:a8:1b:0f:59:89:c9:06:ec:71:
                    93:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:A9:A9:62:61:46:53:CD:F2:32:98:51:60:26:9C:EE:54:17:A7:FD
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213954.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:8c4::/48

    Signature Algorithm: sha256WithRSAEncryption
         a1:e5:8b:8e:09:d0:ed:29:9d:b7:c7:ba:9f:75:63:ac:a7:9e:
         5b:79:c1:6f:86:87:5b:32:7a:c9:3e:86:53:b1:1a:a7:ce:ea:
         14:9e:e5:42:7e:52:78:5d:0f:75:72:b6:81:04:43:c6:90:de:
         f1:e1:2b:ad:11:56:e6:c0:5a:ba:fa:aa:69:eb:c4:41:1d:bd:
         07:0f:63:6e:64:fd:85:33:58:9e:a7:7c:cc:07:ac:0b:71:32:
         cc:d6:b4:c2:b9:9c:12:cb:c6:36:77:8b:6a:7b:af:8c:36:76:
         09:c6:5f:84:78:c0:8d:1b:4a:22:3b:ce:4f:fb:7e:29:4d:92:
         68:b2:f7:fa:92:73:88:a4:a7:da:18:2d:99:27:3d:9d:6d:bd:
         f3:b8:68:8f:ea:ff:5a:79:e8:f1:0b:16:42:1e:2b:90:be:6e:
         15:a2:58:da:f7:33:65:fd:3d:94:5d:df:98:88:3f:4c:0d:1c:
         5c:3a:23:91:23:40:72:08:07:67:43:2a:34:64:82:ef:06:45:
         1c:95:da:86:46:ec:4c:4e:57:58:0d:9b:4c:92:d6:3c:d1:1e:
         6b:63:82:29:e3:3b:1e:a0:89:cf:74:84:4d:08:d0:0e:b2:11:
         2f:f4:db:ff:68:52:2f:3d:46:6a:45:7d:4a:c0:d4:e0:35:94:
         00:2d:87:8c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUaUcPL5rFcl07fAJbzBS0iPBX3OYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDExMDcxODA0MzBaFw0yNTExMDYxODA5MzBaMDMxMTAvBgNV
BAMTKEJDQTlBOTYyNjE0NjUzQ0RGMjMyOTg1MTYwMjY5Q0VFNTQxN0E3RkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrvNDJBFpEvyJl7SuN3qcsfp7c
LaPxwL9hgjjrzC06ZBjaa9Gybxc77cFtwYBxshyfhkYr/Kv8N4s0r3zpciphsJmI
n1OGMyHOmGTSREoRY5oJlCcvOj15LAAK73pdLDkkIy2wrGAGg3Dz7Et9nBMwnwis
vZMQtK/7BLKfkh07tKR55R9KYBIR7UVGa2JzS5Gv23b+VxzBnxwvf1KTHLHIDfm5
2WnucmnSLWv8MotHn0+KFrDuv4ozbV9X9768GLd+bgE9hKxLavh6JUFZPMh1s5UI
4HonIFZ6t8dvbEdyS9Ah0mT3sMZRXu7eYAd6FoTV9na+9agbD1mJyQbscZMxAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUvKmpYmFGU83yMphRYCac7lQXp/0wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzOTU0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQjEMA0GCSqGSIb3DQEBCwUAA4IBAQCh5YuOCdDtKZ23x7qfdWOsp55becFvhodb
MnrJPoZTsRqnzuoUnuVCflJ4XQ91craBBEPGkN7x4SutEVbmwFq6+qpp68RBHb0H
D2NuZP2FM1iep3zMB6wLcTLM1rTCuZwSy8Y2d4tqe6+MNnYJxl+EeMCNG0oiO85P
+34pTZJosvf6knOIpKfaGC2ZJz2dbb3zuGiP6v9aeejxCxZCHiuQvm4Volja9zNl
/T2UXd+YiD9MDRxcOiORI0ByCAdnQyo0ZILvBkUcldqGRuxMTldYDZtMktY80R5r
Y4Ip4zseoInPdIRNCNAOshEv9Nv/aFIvPUZqRX1KwNTgNZQALYeM
-----END CERTIFICATE-----