Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214028.roa
File:                     AS214028.roa (raw, json)
Hash identifier:          DO51pCTvZhzb07OAH5wNYCXiWLAyDYSPjZ7HctkjglA=
Subject key identifier:   79:59:FC:2E:A8:1D:03:D2:4B:02:3D:F8:B4:CD:81:16:5B:E7:B4:AA
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       18E114C1BC061883E209B96BF9BC5B33407713B8
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214028.roa
Signing time:             Wed 16 Oct 2024 03:04:47 +0000
ROA not before:           Wed 16 Oct 2024 02:59:47 +0000
ROA not after:            Wed 15 Oct 2025 03:04:47 +0000
asID:                     214028
IP address blocks:        2a0f:85c1:8b9::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:e1:14:c1:bc:06:18:83:e2:09:b9:6b:f9:bc:5b:33:40:77:13:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Oct 16 02:59:47 2024 GMT
            Not After : Oct 15 03:04:47 2025 GMT
        Subject: CN=7959FC2EA81D03D24B023DF8B4CD81165BE7B4AA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:dc:77:94:33:65:6c:75:03:96:c4:96:69:4b:
                    81:ec:ca:5f:dd:35:e4:26:7b:78:65:f9:0c:44:ba:
                    b0:f3:93:2b:6f:28:db:0e:62:ff:24:06:ed:fa:07:
                    63:ea:45:91:25:88:1d:7a:2c:76:28:1f:92:72:1c:
                    39:d6:4e:d4:6f:ca:31:91:9e:15:c2:c2:9b:99:7b:
                    54:46:36:c3:62:fe:e6:be:92:a6:8a:06:5a:ea:fb:
                    07:0a:94:6c:a5:b7:f2:05:33:b8:f4:e5:f3:76:18:
                    cd:cd:77:69:97:b4:e3:d5:d4:5b:77:6a:59:4e:48:
                    4d:26:d3:80:25:80:e5:8a:62:f5:c8:87:e7:3b:52:
                    05:ad:19:cd:a2:7a:2c:07:13:f8:93:1a:e6:4c:9c:
                    cb:30:60:9b:1d:16:7f:50:58:c4:a5:7a:53:42:a8:
                    87:e7:d4:38:f1:31:54:bd:69:17:d1:b6:03:34:a4:
                    7c:12:da:f1:46:51:5f:42:53:86:65:10:d8:a1:14:
                    18:16:4b:d7:8f:6d:40:1d:f9:1e:5e:15:7d:e5:d8:
                    45:7f:c2:ef:4d:09:b5:72:19:f2:da:2a:3c:42:55:
                    f4:08:e5:7b:63:6b:79:7e:0a:fb:e2:5f:d2:12:b8:
                    f2:a7:26:6f:0d:05:14:c4:93:36:0c:5e:73:71:02:
                    d4:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:59:FC:2E:A8:1D:03:D2:4B:02:3D:F8:B4:CD:81:16:5B:E7:B4:AA
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214028.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:8b9::/48

    Signature Algorithm: sha256WithRSAEncryption
         cd:c1:10:83:c5:24:c2:61:e7:1b:c4:42:ca:3e:8e:31:aa:1c:
         33:13:d5:9e:6e:9a:37:97:b0:9b:1b:53:0e:d8:44:be:c3:6b:
         af:7c:41:4e:ef:c4:86:8b:5d:35:7c:ac:26:5e:45:6f:45:7e:
         30:60:1f:39:dc:d6:73:cc:bd:b3:42:52:be:42:f7:e1:ad:d2:
         ac:04:a6:3e:a5:b6:47:81:57:cc:eb:d2:01:be:b4:e9:2d:ae:
         ad:6f:ae:4d:65:51:b6:b3:49:5b:29:1c:13:aa:71:38:36:ee:
         49:f0:0b:ff:77:03:aa:50:37:ba:ce:6d:fb:a8:33:3f:d3:28:
         f8:66:bf:4e:6b:63:34:56:26:54:c9:6e:a2:63:f7:59:3f:a3:
         16:b6:5f:3e:f0:db:50:18:16:53:80:78:a5:23:c1:51:7b:18:
         c4:11:21:82:c6:5c:3a:14:99:99:42:15:fe:77:b1:7b:c0:15:
         87:c3:29:c5:d9:3e:57:76:0a:e0:71:cc:da:00:dd:ad:58:09:
         95:46:8f:4f:ea:9f:bf:34:3a:3e:f7:19:36:e3:e9:e6:2e:1b:
         17:10:4b:0b:f5:1a:04:29:6d:a7:a0:be:7c:30:13:4d:67:d4:
         cf:ab:56:0b:ab:36:d6:05:c9:30:b5:68:2e:05:c4:bb:80:5f:
         bf:a9:07:c0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUGOEUwbwGGIPiCblr+bxbM0B3E7gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDEwMTYwMjU5NDdaFw0yNTEwMTUwMzA0NDdaMDMxMTAvBgNV
BAMTKDc5NTlGQzJFQTgxRDAzRDI0QjAyM0RGOEI0Q0Q4MTE2NUJFN0I0QUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC93HeUM2VsdQOWxJZpS4Hsyl/d
NeQme3hl+QxEurDzkytvKNsOYv8kBu36B2PqRZEliB16LHYoH5JyHDnWTtRvyjGR
nhXCwpuZe1RGNsNi/ua+kqaKBlrq+wcKlGylt/IFM7j05fN2GM3Nd2mXtOPV1Ft3
allOSE0m04AlgOWKYvXIh+c7UgWtGc2ieiwHE/iTGuZMnMswYJsdFn9QWMSlelNC
qIfn1DjxMVS9aRfRtgM0pHwS2vFGUV9CU4ZlENihFBgWS9ePbUAd+R5eFX3l2EV/
wu9NCbVyGfLaKjxCVfQI5Xtja3l+CvviX9ISuPKnJm8NBRTEkzYMXnNxAtSdAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUeVn8LqgdA9JLAj34tM2BFlvntKowHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0MDI4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQi5MA0GCSqGSIb3DQEBCwUAA4IBAQDNwRCDxSTCYecbxELKPo4xqhwzE9Webpo3
l7CbG1MO2ES+w2uvfEFO78SGi101fKwmXkVvRX4wYB853NZzzL2zQlK+QvfhrdKs
BKY+pbZHgVfM69IBvrTpLa6tb65NZVG2s0lbKRwTqnE4Nu5J8Av/dwOqUDe6zm37
qDM/0yj4Zr9Oa2M0ViZUyW6iY/dZP6MWtl8+8NtQGBZTgHilI8FRexjEESGCxlw6
FJmZQhX+d7F7wBWHwynF2T5XdgrgcczaAN2tWAmVRo9P6p+/NDo+9xk24+nmLhsX
EEsL9RoEKW2noL58MBNNZ9TPq1YLqzbWBckwtWguBcS7gF+/qQfA
-----END CERTIFICATE-----