Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214022.roa
File:                     AS214022.roa (raw, json)
Hash identifier:          vqbVwBm8OeOy5+wT1XP2jel9QUmGqSRFahtZNFDDquk=
Subject key identifier:   1F:A7:65:7F:5D:C1:78:42:24:C7:F5:EF:70:1D:29:75:21:11:38:8F
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       723CD6E27C5FFBFA818F7675D2F31CC50AE45FFD
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214022.roa
Signing time:             Thu 07 Nov 2024 18:09:11 +0000
ROA not before:           Thu 07 Nov 2024 18:04:11 +0000
ROA not after:            Thu 06 Nov 2025 18:09:11 +0000
asID:                     214022
IP address blocks:        2a0f:85c1:8b5::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:3c:d6:e2:7c:5f:fb:fa:81:8f:76:75:d2:f3:1c:c5:0a:e4:5f:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Nov  7 18:04:11 2024 GMT
            Not After : Nov  6 18:09:11 2025 GMT
        Subject: CN=1FA7657F5DC1784224C7F5EF701D29752111388F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:16:bc:4b:79:48:3a:df:ef:fb:5d:10:8c:1b:
                    8b:09:84:b2:1c:03:46:75:1f:65:55:a7:41:e5:2b:
                    08:e3:5f:01:17:21:76:a8:0b:41:ba:95:09:a6:27:
                    c4:4d:ee:f5:6f:15:35:14:b8:91:82:85:b8:8c:1e:
                    fe:b3:80:e7:74:31:44:e5:74:aa:05:2a:35:5f:04:
                    cf:49:17:ab:44:e6:99:63:1c:ad:96:9a:e8:ca:2d:
                    1c:31:55:80:ca:61:74:7c:aa:0a:61:d2:f4:05:82:
                    e9:14:ab:e7:71:9d:8f:c4:35:3b:f3:5f:08:b2:5a:
                    c9:7b:5d:06:39:e5:0a:b2:52:18:ab:e7:5e:79:eb:
                    fc:78:cb:73:dc:5e:6e:ee:15:31:27:26:14:a8:38:
                    f3:2a:b0:2a:98:fb:bf:71:5b:29:f0:eb:a8:97:f2:
                    8c:db:96:3b:3f:68:a2:f2:ed:c1:82:5b:50:e0:dd:
                    5a:b4:0d:42:b2:7e:2f:d1:48:b8:42:f4:61:e4:9d:
                    b4:d8:23:67:a6:86:b2:77:be:a5:05:47:fb:2b:82:
                    a4:aa:bb:39:c9:5e:4e:dd:08:5a:04:72:34:57:9e:
                    1d:e4:db:ef:ce:c2:d9:24:f2:e8:ef:4f:18:6f:9c:
                    8e:97:05:e5:10:8b:8c:e7:16:23:11:e6:48:05:0e:
                    7a:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:A7:65:7F:5D:C1:78:42:24:C7:F5:EF:70:1D:29:75:21:11:38:8F
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214022.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:8b5::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:01:85:75:4a:fc:76:95:61:68:3d:a3:79:ce:ca:5e:9b:a7:
         d4:b9:71:88:68:0f:4e:9f:5e:95:d8:08:f2:d7:99:09:e0:ef:
         3c:3d:b8:55:74:a7:db:ff:12:30:e4:0d:b2:62:68:98:bd:30:
         d0:c5:e7:a2:c2:0a:45:2d:df:57:91:1d:b6:d4:43:85:f3:50:
         cd:62:01:8a:c6:27:a4:18:cd:4e:4b:c6:11:61:52:c0:bc:e6:
         81:6e:5e:41:1f:fe:40:37:f8:4d:dd:2f:1d:85:57:f7:10:f4:
         de:a8:73:cc:4f:bf:29:a0:9e:f7:75:0b:32:c9:6e:c5:29:28:
         be:c0:80:f1:a7:56:36:fe:18:f1:55:a2:1c:36:65:38:29:f1:
         2d:b6:b0:e5:82:44:c3:17:89:b9:18:51:fc:a0:7c:2d:17:fb:
         7b:c6:c6:08:de:30:70:07:5d:8f:aa:fb:96:38:84:05:56:3f:
         f1:c9:a7:58:13:20:87:44:3e:ee:29:73:e9:fb:83:62:60:a4:
         df:25:a6:e9:aa:8c:f9:40:07:41:05:ed:02:36:6e:b2:93:e4:
         45:72:ae:b2:1d:f3:e1:0b:ad:85:e1:e5:cb:45:bf:71:ba:22:
         09:ee:6c:66:a8:6b:b3:9c:dc:65:b8:42:1b:4a:2e:6a:f4:ac:
         f3:40:7f:0e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUcjzW4nxf+/qBj3Z10vMcxQrkX/0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDExMDcxODA0MTFaFw0yNTExMDYxODA5MTFaMDMxMTAvBgNV
BAMTKDFGQTc2NTdGNURDMTc4NDIyNEM3RjVFRjcwMUQyOTc1MjExMTM4OEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHFrxLeUg63+/7XRCMG4sJhLIc
A0Z1H2VVp0HlKwjjXwEXIXaoC0G6lQmmJ8RN7vVvFTUUuJGChbiMHv6zgOd0MUTl
dKoFKjVfBM9JF6tE5pljHK2WmujKLRwxVYDKYXR8qgph0vQFgukUq+dxnY/ENTvz
XwiyWsl7XQY55QqyUhir51556/x4y3PcXm7uFTEnJhSoOPMqsCqY+79xWynw66iX
8ozbljs/aKLy7cGCW1Dg3Vq0DUKyfi/RSLhC9GHknbTYI2emhrJ3vqUFR/srgqSq
uznJXk7dCFoEcjRXnh3k2+/Owtkk8ujvTxhvnI6XBeUQi4znFiMR5kgFDnrlAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUH6dlf13BeEIkx/XvcB0pdSEROI8wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0MDIyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQi1MA0GCSqGSIb3DQEBCwUAA4IBAQARAYV1Svx2lWFoPaN5zspem6fUuXGIaA9O
n16V2Ajy15kJ4O88PbhVdKfb/xIw5A2yYmiYvTDQxeeiwgpFLd9XkR221EOF81DN
YgGKxiekGM1OS8YRYVLAvOaBbl5BH/5AN/hN3S8dhVf3EPTeqHPMT78poJ73dQsy
yW7FKSi+wIDxp1Y2/hjxVaIcNmU4KfEttrDlgkTDF4m5GFH8oHwtF/t7xsYI3jBw
B12PqvuWOIQFVj/xyadYEyCHRD7uKXPp+4NiYKTfJabpqoz5QAdBBe0CNm6yk+RF
cq6yHfPhC62F4eXLRb9xuiIJ7mxmqGuznNxluEIbSi5q9KzzQH8O
-----END CERTIFICATE-----