Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214161.roa
File:                     AS214161.roa (raw, json)
Hash identifier:          xXWjuqML0ZGJb6E7JwcBLLo13d9/h5c+YdXRGO/3Eos=
Subject key identifier:   C8:6D:00:C4:0F:05:DC:0F:8D:A8:BB:C1:E8:A7:6A:25:25:76:28:C9
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       616825DE74C8CAA80A59BE72BAF28E908EE6C2BD
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214161.roa
Signing time:             Wed 16 Oct 2024 03:04:54 +0000
ROA not before:           Wed 16 Oct 2024 02:59:54 +0000
ROA not after:            Wed 15 Oct 2025 03:04:54 +0000
asID:                     214161
IP address blocks:        2a0f:85c1:89b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:68:25:de:74:c8:ca:a8:0a:59:be:72:ba:f2:8e:90:8e:e6:c2:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Oct 16 02:59:54 2024 GMT
            Not After : Oct 15 03:04:54 2025 GMT
        Subject: CN=C86D00C40F05DC0F8DA8BBC1E8A76A25257628C9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ae:3e:9a:72:be:90:85:9c:43:f4:18:f3:88:
                    50:30:d1:f1:b9:9c:55:2f:07:5a:1f:f6:03:85:d2:
                    22:07:6a:e3:c9:05:30:64:83:e2:a9:23:a6:f6:fe:
                    18:5b:28:3f:b4:f0:3a:f8:ba:fe:d4:49:cc:e3:3f:
                    c0:9a:8b:16:7c:06:62:a5:3e:6e:b9:08:e3:78:6c:
                    95:c4:7f:ed:92:95:b9:97:b2:15:f8:d5:19:2a:aa:
                    c1:b4:27:47:01:54:fd:17:14:2d:28:9d:20:ba:e7:
                    6e:4c:21:e6:95:cd:a2:32:41:05:da:62:fd:d3:94:
                    32:61:f6:7b:aa:b6:d2:98:d8:24:af:2b:2a:47:3b:
                    11:04:11:a0:bc:61:d6:5a:ee:23:35:3c:1c:38:cd:
                    b7:8f:38:e2:c0:45:7a:5e:aa:de:6a:85:9e:55:14:
                    1e:85:25:b1:32:f6:e3:f4:c6:dc:aa:14:12:95:c3:
                    4a:09:6f:05:fa:a9:5c:48:b6:2d:94:19:13:ab:0f:
                    8a:c6:1e:fa:2f:16:98:c6:ae:eb:9a:b2:9c:0c:09:
                    ec:2e:e3:97:5d:72:b1:97:e2:6a:f1:0c:a7:57:0e:
                    ee:3f:bd:84:36:a6:e8:fd:0b:16:9b:cb:aa:40:e5:
                    55:7a:7c:dc:cf:6c:53:10:f6:43:7b:65:d9:8b:dc:
                    1d:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:6D:00:C4:0F:05:DC:0F:8D:A8:BB:C1:E8:A7:6A:25:25:76:28:C9
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214161.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:89b::/48

    Signature Algorithm: sha256WithRSAEncryption
         a4:7d:3a:0d:76:e1:d0:11:86:8b:6b:72:d6:02:6c:4f:93:f5:
         cb:39:aa:67:d1:d0:b3:2b:65:00:98:d2:88:34:e6:17:06:94:
         ff:dd:8c:27:59:04:0e:43:69:2d:49:66:1e:97:a5:74:86:34:
         cc:27:3a:a4:23:27:0d:8f:2f:ef:a8:f2:7e:c5:a5:bc:63:73:
         58:29:84:86:52:ee:9c:dd:14:7c:fa:21:d8:c6:a8:6d:fb:79:
         81:55:0b:e6:6c:26:36:0f:c4:86:e2:f6:2e:bd:3f:48:da:ad:
         7e:b1:41:66:d8:c9:60:a8:95:c2:bd:74:31:08:ac:df:61:15:
         bb:99:46:cb:e9:8b:d1:32:bc:7b:6e:22:68:23:c3:28:91:02:
         93:a2:d1:6a:d4:9b:17:91:ad:45:b0:4b:f4:2d:31:a6:1a:71:
         2d:d7:af:b3:bb:80:8c:93:d2:91:cc:aa:4e:81:b0:50:fc:1e:
         5f:96:c1:1f:85:c3:4e:ec:e4:13:00:a6:06:9a:3c:3f:0c:df:
         09:3e:bb:62:cf:da:dd:ee:0e:9c:b3:a8:5c:03:a2:b2:85:b9:
         6a:8b:4a:ca:8d:46:bc:1a:f3:90:ad:b3:fb:10:b2:aa:a2:35:
         c7:ed:48:b1:41:9c:fa:f0:31:b7:ad:7d:8c:57:1c:19:37:58:
         37:45:a1:e9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUYWgl3nTIyqgKWb5yuvKOkI7mwr0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDEwMTYwMjU5NTRaFw0yNTEwMTUwMzA0NTRaMDMxMTAvBgNV
BAMTKEM4NkQwMEM0MEYwNURDMEY4REE4QkJDMUU4QTc2QTI1MjU3NjI4QzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/rj6acr6QhZxD9BjziFAw0fG5
nFUvB1of9gOF0iIHauPJBTBkg+KpI6b2/hhbKD+08Dr4uv7USczjP8CaixZ8BmKl
Pm65CON4bJXEf+2SlbmXshX41RkqqsG0J0cBVP0XFC0onSC6525MIeaVzaIyQQXa
Yv3TlDJh9nuqttKY2CSvKypHOxEEEaC8YdZa7iM1PBw4zbePOOLARXpeqt5qhZ5V
FB6FJbEy9uP0xtyqFBKVw0oJbwX6qVxIti2UGROrD4rGHvovFpjGruuaspwMCewu
45ddcrGX4mrxDKdXDu4/vYQ2puj9Cxaby6pA5VV6fNzPbFMQ9kN7ZdmL3B3FAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUyG0AxA8F3A+NqLvB6KdqJSV2KMkwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0MTYxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQibMA0GCSqGSIb3DQEBCwUAA4IBAQCkfToNduHQEYaLa3LWAmxPk/XLOapn0dCz
K2UAmNKINOYXBpT/3YwnWQQOQ2ktSWYel6V0hjTMJzqkIycNjy/vqPJ+xaW8Y3NY
KYSGUu6c3RR8+iHYxqht+3mBVQvmbCY2D8SG4vYuvT9I2q1+sUFm2MlgqJXCvXQx
CKzfYRW7mUbL6YvRMrx7biJoI8MokQKTotFq1JsXka1FsEv0LTGmGnEt16+zu4CM
k9KRzKpOgbBQ/B5flsEfhcNO7OQTAKYGmjw/DN8JPrtiz9rd7g6cs6hcA6Kyhblq
i0rKjUa8GvOQrbP7ELKqojXH7UixQZz68DG3rX2MVxwZN1g3RaHp
-----END CERTIFICATE-----