Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214117.roa
File:                     AS214117.roa (raw, json)
Hash identifier:          2WZkzvKKAKhAI+6tekGP6ifTn418hqJwKeCZK/PArXA=
Subject key identifier:   84:92:36:2D:D5:7D:0A:46:2A:F8:DE:64:67:FC:91:F2:02:D2:A3:3F
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       284A7EA878457BA602AE32FF2344C09CE059301B
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214117.roa
Signing time:             Wed 16 Oct 2024 03:05:01 +0000
ROA not before:           Wed 16 Oct 2024 03:00:01 +0000
ROA not after:            Wed 15 Oct 2025 03:05:01 +0000
asID:                     214117
IP address blocks:        2a0f:85c1:8b4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:4a:7e:a8:78:45:7b:a6:02:ae:32:ff:23:44:c0:9c:e0:59:30:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Oct 16 03:00:01 2024 GMT
            Not After : Oct 15 03:05:01 2025 GMT
        Subject: CN=8492362DD57D0A462AF8DE6467FC91F202D2A33F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:6e:25:f8:a4:84:b8:59:2f:25:fc:fb:11:d9:
                    15:b8:0a:54:63:2c:d2:7f:37:c7:34:4e:f0:38:af:
                    05:b1:9e:50:4a:71:36:0a:e8:99:3b:3c:88:77:80:
                    cb:02:05:0f:a9:af:89:b6:fe:c8:6c:8b:de:59:16:
                    89:d0:25:8f:69:c0:97:d1:dc:f9:5e:60:ce:15:69:
                    49:b3:b7:84:7a:3e:c4:92:18:bc:92:5d:6c:ae:e7:
                    c3:5d:66:45:48:8f:20:f4:31:a7:9f:7b:e1:67:ff:
                    12:6d:d6:6b:f4:9a:32:c6:bc:a0:d8:3c:16:5d:1c:
                    75:c1:28:53:f8:87:60:24:c3:e8:c8:b9:af:df:32:
                    51:e0:b3:3a:fa:fd:9d:fb:f5:ac:5c:0d:3e:db:16:
                    3f:72:92:d6:dc:b8:80:9b:89:77:27:bf:96:31:49:
                    f1:c3:00:f7:d0:85:c1:96:d2:f8:56:66:43:36:ca:
                    09:c8:16:08:26:98:37:4c:0f:de:ba:63:a4:b3:d7:
                    81:77:53:93:41:6c:0d:c5:e4:1d:ce:d5:38:5c:37:
                    a3:e2:8e:65:78:88:23:0a:e9:a5:79:b9:d3:f2:51:
                    2e:10:29:5a:bf:eb:49:c3:eb:6a:98:57:3a:1f:98:
                    37:60:9e:3d:40:be:e1:77:d0:f1:25:dc:d9:85:e4:
                    af:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:92:36:2D:D5:7D:0A:46:2A:F8:DE:64:67:FC:91:F2:02:D2:A3:3F
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214117.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:8b4::/48

    Signature Algorithm: sha256WithRSAEncryption
         a2:17:7d:13:18:e3:a8:06:0a:54:02:1d:40:12:4c:9f:4c:6c:
         7a:e0:2e:5a:e6:70:df:e4:30:8b:97:c1:a7:db:64:38:54:ae:
         ea:d6:b5:20:e4:eb:3f:98:ca:76:4c:9e:95:dd:94:13:dd:c8:
         10:ac:e4:d9:a4:47:d8:37:be:17:a2:60:51:3a:ba:4c:6b:4d:
         fe:3d:10:35:12:47:ad:67:08:48:0f:9f:27:dd:40:41:84:92:
         75:02:8f:80:6e:1e:9e:1f:88:dd:88:69:94:2a:b2:a9:80:8e:
         1f:bb:68:12:8e:71:60:40:7f:a2:5c:c2:05:b3:6f:d0:ff:b8:
         f9:df:cf:f8:72:2f:ea:c2:25:7e:4c:c3:7a:16:44:71:6f:31:
         14:b7:66:d5:80:27:75:f1:41:3e:6f:ec:75:2e:27:49:ec:6e:
         9f:91:22:65:7a:c3:d9:a5:c7:f0:c5:9a:8f:fe:25:fe:58:22:
         4f:43:0d:50:ab:c2:a4:2b:2a:ee:a5:fb:28:7a:17:e2:0d:e2:
         b1:77:c0:04:cb:84:ee:b2:bd:d9:88:e3:f7:38:05:2b:1c:fb:
         fd:b1:30:eb:73:e6:5b:a6:50:e9:6d:2e:c7:ca:07:c0:b6:6c:
         49:a0:38:ab:15:45:20:43:5a:41:b2:e9:26:af:6f:14:70:57:
         25:1b:93:c7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUKEp+qHhFe6YCrjL/I0TAnOBZMBswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDEwMTYwMzAwMDFaFw0yNTEwMTUwMzA1MDFaMDMxMTAvBgNV
BAMTKDg0OTIzNjJERDU3RDBBNDYyQUY4REU2NDY3RkM5MUYyMDJEMkEzM0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6biX4pIS4WS8l/PsR2RW4ClRj
LNJ/N8c0TvA4rwWxnlBKcTYK6Jk7PIh3gMsCBQ+pr4m2/shsi95ZFonQJY9pwJfR
3PleYM4VaUmzt4R6PsSSGLySXWyu58NdZkVIjyD0Maefe+Fn/xJt1mv0mjLGvKDY
PBZdHHXBKFP4h2Akw+jIua/fMlHgszr6/Z379axcDT7bFj9yktbcuICbiXcnv5Yx
SfHDAPfQhcGW0vhWZkM2ygnIFggmmDdMD966Y6Sz14F3U5NBbA3F5B3O1ThcN6Pi
jmV4iCMK6aV5udPyUS4QKVq/60nD62qYVzofmDdgnj1AvuF30PEl3NmF5K8VAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUhJI2LdV9CkYq+N5kZ/yR8gLSoz8wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0MTE3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQi0MA0GCSqGSIb3DQEBCwUAA4IBAQCiF30TGOOoBgpUAh1AEkyfTGx64C5a5nDf
5DCLl8Gn22Q4VK7q1rUg5Os/mMp2TJ6V3ZQT3cgQrOTZpEfYN74XomBROrpMa03+
PRA1EketZwhID58n3UBBhJJ1Ao+Abh6eH4jdiGmUKrKpgI4fu2gSjnFgQH+iXMIF
s2/Q/7j538/4ci/qwiV+TMN6FkRxbzEUt2bVgCd18UE+b+x1LidJ7G6fkSJlesPZ
pcfwxZqP/iX+WCJPQw1Qq8KkKyrupfsoehfiDeKxd8AEy4Tusr3ZiOP3OAUrHPv9
sTDrc+ZbplDpbS7HygfAtmxJoDirFUUgQ1pBsukmr28UcFclG5PH
-----END CERTIFICATE-----