Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214084.roa
File:                     AS214084.roa (raw, json)
Hash identifier:          jIb/aJEBCWBhfPBQZzuJ1YGKstDp2KoukiVHS1/Na8Q=
Subject key identifier:   A8:E3:E3:28:DE:33:75:97:DC:E4:9C:95:F9:60:16:6B:44:28:D1:CC
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       041E2A57E436BA74D4D6CCABB89E1E6836ECBE88
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214084.roa
Signing time:             Wed 16 Oct 2024 03:02:46 +0000
ROA not before:           Wed 16 Oct 2024 02:57:46 +0000
ROA not after:            Wed 15 Oct 2025 03:02:46 +0000
asID:                     214084
IP address blocks:        2a0f:85c1:8b7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:1e:2a:57:e4:36:ba:74:d4:d6:cc:ab:b8:9e:1e:68:36:ec:be:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Oct 16 02:57:46 2024 GMT
            Not After : Oct 15 03:02:46 2025 GMT
        Subject: CN=A8E3E328DE337597DCE49C95F960166B4428D1CC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:ae:82:ca:88:7c:a1:4e:43:f5:79:ce:b9:61:
                    d0:21:f3:80:0b:52:0e:32:ba:73:2e:ee:49:5d:e5:
                    37:fe:c8:a7:55:28:b6:89:88:b9:35:6c:de:fa:2c:
                    27:0b:9e:66:f2:94:a5:c2:4f:96:4e:91:2f:23:99:
                    1b:5d:d7:61:91:b7:f7:c1:38:3b:7e:38:64:6e:bb:
                    2f:e9:34:55:f4:03:18:e5:da:3b:92:e2:02:bd:fc:
                    73:87:11:35:24:23:25:2d:17:65:47:4b:87:e3:89:
                    72:d5:39:80:0c:d8:ce:c0:0f:e5:d2:d2:b5:7d:5f:
                    3a:8d:41:f8:91:06:84:64:ab:44:44:65:af:1d:56:
                    a4:f2:41:a6:16:aa:f2:a4:ac:ca:0c:8d:be:62:22:
                    9d:d6:a8:4c:ff:6d:6d:8a:ed:41:98:66:2e:99:e9:
                    d0:11:e1:50:bc:23:92:31:94:15:f4:4b:68:ec:95:
                    b7:46:88:cc:92:ed:2d:5d:21:e4:be:bb:ef:9e:52:
                    a9:9f:23:67:9e:1b:cf:f8:57:e5:3d:0e:7b:87:7b:
                    71:98:66:18:28:0f:3b:cb:02:28:65:a8:db:10:26:
                    4a:6f:8b:c3:f8:05:5a:51:95:b5:df:26:b9:6e:75:
                    9f:a0:60:c4:27:d1:1c:9d:5b:96:0e:a9:29:b5:01:
                    b7:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:E3:E3:28:DE:33:75:97:DC:E4:9C:95:F9:60:16:6B:44:28:D1:CC
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214084.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:8b7::/48

    Signature Algorithm: sha256WithRSAEncryption
         4e:db:c5:3a:56:6d:b6:99:2e:26:d7:46:a1:3a:29:98:02:a8:
         b8:91:e2:d5:c7:a3:f1:a6:39:b1:b0:64:93:87:1c:26:8f:2b:
         04:ab:23:31:55:7e:bd:d3:c9:f3:71:75:57:67:5d:b5:7d:44:
         fb:de:b9:12:13:f2:f9:41:54:60:ea:cb:46:50:4a:61:49:df:
         7a:13:35:19:00:34:cd:41:9b:c2:c4:e1:14:d4:c2:63:22:59:
         03:5c:f9:70:2a:d2:69:67:59:19:a5:6c:dc:9b:c8:08:3f:39:
         45:e3:f2:df:4b:2d:40:2c:ad:13:60:d4:0b:79:e1:08:08:91:
         70:0c:2c:92:8c:b5:d6:8a:98:da:db:74:3c:7a:05:1a:b6:59:
         6a:00:61:be:a2:43:dd:5d:94:e9:83:2a:5a:a7:10:b0:35:d9:
         cc:43:5b:ec:e6:d3:fd:29:05:bd:5e:d0:47:d0:97:1b:d8:46:
         60:60:fe:ae:09:ce:a9:a4:68:21:96:70:7a:f8:5f:3b:f1:16:
         8d:71:68:51:de:e0:0f:0b:52:10:92:aa:bf:e8:d1:74:af:4a:
         92:9e:a0:6b:40:f6:81:61:89:1b:b9:a2:f7:94:41:59:65:42:
         12:39:77:e4:0e:b8:4c:64:e6:a0:f4:5a:5f:ca:4e:3a:c8:96:
         89:ee:ed:20
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUBB4qV+Q2unTU1syruJ4eaDbsvogwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDEwMTYwMjU3NDZaFw0yNTEwMTUwMzAyNDZaMDMxMTAvBgNV
BAMTKEE4RTNFMzI4REUzMzc1OTdEQ0U0OUM5NUY5NjAxNjZCNDQyOEQxQ0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD2roLKiHyhTkP1ec65YdAh84AL
Ug4yunMu7kld5Tf+yKdVKLaJiLk1bN76LCcLnmbylKXCT5ZOkS8jmRtd12GRt/fB
ODt+OGRuuy/pNFX0Axjl2juS4gK9/HOHETUkIyUtF2VHS4fjiXLVOYAM2M7AD+XS
0rV9XzqNQfiRBoRkq0REZa8dVqTyQaYWqvKkrMoMjb5iIp3WqEz/bW2K7UGYZi6Z
6dAR4VC8I5IxlBX0S2jslbdGiMyS7S1dIeS+u++eUqmfI2eeG8/4V+U9DnuHe3GY
ZhgoDzvLAihlqNsQJkpvi8P4BVpRlbXfJrludZ+gYMQn0RydW5YOqSm1AbejAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUqOPjKN4zdZfc5JyV+WAWa0Qo0cwwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0MDg0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQi3MA0GCSqGSIb3DQEBCwUAA4IBAQBO28U6Vm22mS4m10ahOimYAqi4keLVx6Px
pjmxsGSThxwmjysEqyMxVX6908nzcXVXZ121fUT73rkSE/L5QVRg6stGUEphSd96
EzUZADTNQZvCxOEU1MJjIlkDXPlwKtJpZ1kZpWzcm8gIPzlF4/LfSy1ALK0TYNQL
eeEICJFwDCySjLXWipja23Q8egUatllqAGG+okPdXZTpgypapxCwNdnMQ1vs5tP9
KQW9XtBH0Jcb2EZgYP6uCc6ppGghlnB6+F878RaNcWhR3uAPC1IQkqq/6NF0r0qS
nqBrQPaBYYkbuaL3lEFZZUISOXfkDrhMZOag9Fpfyk46yJaJ7u0g
-----END CERTIFICATE-----