Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213977.roa
File:                     AS213977.roa (raw, json)
Hash identifier:          ErxImV4lZUY+CMMaHMHERa1D5whcfgT4SEstPwpUKcY=
Subject key identifier:   F8:29:6B:19:34:A1:C7:E2:E2:52:2E:6A:FB:17:ED:43:18:B4:13:6D
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       21C6171DBA14CE0FE4FD22DF05D3C67E8FB60906
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213977.roa
Signing time:             Thu 07 Nov 2024 18:09:53 +0000
ROA not before:           Thu 07 Nov 2024 18:04:53 +0000
ROA not after:            Thu 06 Nov 2025 18:09:53 +0000
asID:                     213977
IP address blocks:        2a0f:85c1:8c1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:c6:17:1d:ba:14:ce:0f:e4:fd:22:df:05:d3:c6:7e:8f:b6:09:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Nov  7 18:04:53 2024 GMT
            Not After : Nov  6 18:09:53 2025 GMT
        Subject: CN=F8296B1934A1C7E2E2522E6AFB17ED4318B4136D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:36:88:e3:06:f5:69:36:55:0d:65:fe:27:8b:
                    5b:87:d1:d1:f7:8e:05:c6:02:4f:ff:df:f9:8c:ae:
                    3e:20:41:f0:bf:ac:bc:3f:af:db:29:09:0f:7d:91:
                    84:36:41:63:ed:ae:35:5e:89:41:12:4a:03:c6:7e:
                    6e:13:94:fd:fc:79:8e:4d:43:2f:bf:b6:d3:3e:dd:
                    5a:d1:54:e8:c3:11:16:63:cc:4d:ce:8d:31:36:d4:
                    35:dc:2b:30:16:6b:4b:56:10:7c:a1:c4:b8:37:fc:
                    da:a8:04:2b:29:43:d9:76:1f:c0:c0:ce:e6:b4:27:
                    a7:50:dc:27:ad:39:20:12:32:e6:8a:a1:3d:7d:14:
                    ef:75:91:d0:6f:04:2b:9a:e1:13:15:e2:7c:21:be:
                    ba:c7:66:ef:d6:dd:4f:86:f8:72:3b:78:3e:e0:b0:
                    62:5e:57:ce:cd:9e:40:0b:cd:ac:4e:b4:aa:70:f8:
                    6c:06:93:15:86:fc:28:d8:e4:88:7b:5d:49:6a:18:
                    c4:29:3a:be:29:69:b4:28:5a:19:3d:d3:49:56:25:
                    af:a6:67:31:f2:26:ee:bb:a2:be:c6:46:1c:cb:4f:
                    20:1d:0e:47:aa:0a:9f:dc:b4:78:98:a8:71:99:8e:
                    73:16:ac:7d:db:e7:1e:33:41:47:29:28:f1:68:46:
                    59:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:29:6B:19:34:A1:C7:E2:E2:52:2E:6A:FB:17:ED:43:18:B4:13:6D
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213977.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:8c1::/48

    Signature Algorithm: sha256WithRSAEncryption
         82:70:40:5a:b1:8e:b8:88:0b:54:0b:9f:6b:41:99:9f:81:95:
         77:b6:96:57:42:bd:44:7d:c8:a3:e9:a7:3d:7e:55:a8:43:7c:
         3f:de:c5:9c:cc:29:dc:63:0c:22:d2:d0:f1:a7:99:b4:bf:35:
         28:cd:7d:12:59:1e:18:50:09:f0:ce:41:92:17:37:6e:6a:a5:
         a5:a9:bb:f2:ec:1f:05:22:df:6d:64:80:97:a2:f4:35:cb:41:
         81:44:15:7f:d1:c1:ad:f8:2b:c6:1d:d8:94:9a:0f:3c:85:d9:
         9a:62:01:d1:86:20:6e:84:1c:a5:c1:f0:b2:2f:3e:88:f2:e8:
         10:ff:a6:3c:60:de:dd:21:10:4b:13:f5:fc:06:d9:14:6c:50:
         12:31:00:48:47:2f:a2:54:63:ea:be:26:c5:2a:3d:cd:f4:fb:
         d0:a9:af:2c:5d:97:55:ec:2d:c2:ac:ed:39:be:49:4c:07:75:
         c1:29:c1:6f:df:b5:14:63:66:27:e4:a9:05:ce:9f:04:2a:65:
         93:44:bf:38:db:63:9d:b9:0f:6b:b1:89:8b:05:14:6c:63:75:
         7d:e4:83:87:2f:a9:98:1f:ef:b3:64:61:82:3d:9b:53:19:76:
         34:23:57:7e:41:5c:c4:9d:39:e3:fc:f4:84:3d:83:88:7e:72:
         f0:ee:d3:df
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUIcYXHboUzg/k/SLfBdPGfo+2CQYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDExMDcxODA0NTNaFw0yNTExMDYxODA5NTNaMDMxMTAvBgNV
BAMTKEY4Mjk2QjE5MzRBMUM3RTJFMjUyMkU2QUZCMTdFRDQzMThCNDEzNkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7NojjBvVpNlUNZf4ni1uH0dH3
jgXGAk//3/mMrj4gQfC/rLw/r9spCQ99kYQ2QWPtrjVeiUESSgPGfm4TlP38eY5N
Qy+/ttM+3VrRVOjDERZjzE3OjTE21DXcKzAWa0tWEHyhxLg3/NqoBCspQ9l2H8DA
zua0J6dQ3CetOSASMuaKoT19FO91kdBvBCua4RMV4nwhvrrHZu/W3U+G+HI7eD7g
sGJeV87NnkALzaxOtKpw+GwGkxWG/CjY5Ih7XUlqGMQpOr4pabQoWhk900lWJa+m
ZzHyJu67or7GRhzLTyAdDkeqCp/ctHiYqHGZjnMWrH3b5x4zQUcpKPFoRllBAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU+ClrGTShx+LiUi5q+xftQxi0E20wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzOTc3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQjBMA0GCSqGSIb3DQEBCwUAA4IBAQCCcEBasY64iAtUC59rQZmfgZV3tpZXQr1E
fcij6ac9flWoQ3w/3sWczCncYwwi0tDxp5m0vzUozX0SWR4YUAnwzkGSFzduaqWl
qbvy7B8FIt9tZICXovQ1y0GBRBV/0cGt+CvGHdiUmg88hdmaYgHRhiBuhBylwfCy
Lz6I8ugQ/6Y8YN7dIRBLE/X8BtkUbFASMQBIRy+iVGPqvibFKj3N9PvQqa8sXZdV
7C3CrO05vklMB3XBKcFv37UUY2Yn5KkFzp8EKmWTRL8422OduQ9rsYmLBRRsY3V9
5IOHL6mYH++zZGGCPZtTGXY0I1d+QVzEnTnj/PSEPYOIfnLw7tPf
-----END CERTIFICATE-----