Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214179.roa
File:                     AS214179.roa (raw, json)
Hash identifier:          mAA56hOf7+wFFgErx6MBG5VqclZ70VUc6iWLxQyvby8=
Subject key identifier:   71:5B:A7:9A:60:5E:46:51:DB:92:21:FE:C7:9C:DF:96:2D:A5:99:08
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       2ECE0D23DF62A3C2DD88628B750A8B26C183BCD1
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214179.roa
Signing time:             Wed 16 Oct 2024 03:04:39 +0000
ROA not before:           Wed 16 Oct 2024 02:59:39 +0000
ROA not after:            Wed 15 Oct 2025 03:04:39 +0000
asID:                     214179
IP address blocks:        2a0f:85c1:896::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:ce:0d:23:df:62:a3:c2:dd:88:62:8b:75:0a:8b:26:c1:83:bc:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Oct 16 02:59:39 2024 GMT
            Not After : Oct 15 03:04:39 2025 GMT
        Subject: CN=715BA79A605E4651DB9221FEC79CDF962DA59908
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:a8:68:e8:87:2e:51:3e:85:4d:81:3d:f1:b4:
                    29:e1:e2:f4:74:ce:2a:32:63:68:51:86:d9:c4:99:
                    3f:41:9c:83:7c:e4:e7:79:5d:c1:13:9c:9d:f6:02:
                    04:6f:af:3e:14:d2:54:d7:1a:ca:5d:8a:b8:73:b5:
                    d6:77:f2:b0:33:50:16:fe:0d:71:21:92:92:59:a3:
                    3d:6d:68:d8:f4:ee:05:e9:22:47:d0:c0:d0:12:c3:
                    c9:a9:48:67:b7:bb:c2:d9:cf:5b:f6:c3:23:92:dd:
                    48:90:03:04:32:65:9e:d7:f4:3d:fa:92:2c:2f:b9:
                    4f:b3:00:8e:96:ef:01:8b:30:e8:26:b0:76:af:ac:
                    d6:13:95:34:0a:9c:0e:74:43:78:9c:7f:82:19:03:
                    13:4f:75:04:61:63:6a:78:32:8e:52:b4:3b:70:f4:
                    78:27:ee:f4:8f:e4:3b:be:ba:23:f8:e4:45:23:4e:
                    d9:4f:b2:61:98:52:a3:b1:d7:d0:e3:02:28:9e:bc:
                    bc:d9:74:6c:32:9d:d7:da:88:27:c7:b5:e5:88:44:
                    4b:bf:6d:97:5c:37:77:fc:0c:70:9f:7d:85:30:d1:
                    3a:47:88:08:5e:ff:ae:5f:bc:c4:d6:b3:1a:bc:ad:
                    b2:da:4c:2c:47:f0:67:6c:40:fe:a7:a7:0b:4f:a4:
                    9c:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:5B:A7:9A:60:5E:46:51:DB:92:21:FE:C7:9C:DF:96:2D:A5:99:08
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214179.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:896::/48

    Signature Algorithm: sha256WithRSAEncryption
         4d:69:9b:e5:6b:fc:3e:23:ce:bf:bb:c3:45:a1:4c:aa:1c:15:
         92:94:10:3a:ab:fa:13:e5:09:80:09:43:00:2f:27:ad:07:e1:
         03:04:e6:e7:25:f5:6f:ea:29:0e:70:b1:e6:0b:f5:1d:58:cd:
         53:da:20:c7:f9:14:38:f2:f7:da:ae:57:b2:27:ea:cf:4f:fe:
         b1:7e:69:86:c2:87:aa:25:7a:c5:03:08:f5:79:0c:68:9d:77:
         b7:93:66:fb:53:8f:74:3c:0f:f1:95:41:a4:89:0f:f2:cf:18:
         c3:0f:fb:f2:a0:86:4c:3f:c1:5c:6d:2d:67:9e:4d:4d:55:95:
         f5:24:0f:d9:87:9d:64:b6:a1:9e:56:6d:db:4d:bd:03:58:bf:
         86:00:45:a1:a9:d4:85:7a:67:8a:ef:c3:88:d9:57:8c:dd:ea:
         72:05:d7:09:7f:ce:54:68:e2:0b:64:fc:14:87:3c:99:f1:d2:
         7e:2e:c2:7c:75:14:33:e8:af:cd:bb:98:db:e3:8d:79:91:10:
         7c:b5:98:46:55:c8:76:22:50:19:9d:b9:10:4b:7d:e4:24:9a:
         06:c2:e9:73:b7:dd:b6:7a:67:52:10:6e:e0:33:40:c3:a8:b9:
         89:fc:4e:51:c9:f7:40:85:ff:05:79:fc:4f:51:c3:e4:26:98:
         bb:aa:84:7b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIULs4NI99io8LdiGKLdQqLJsGDvNEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDEwMTYwMjU5MzlaFw0yNTEwMTUwMzA0MzlaMDMxMTAvBgNV
BAMTKDcxNUJBNzlBNjA1RTQ2NTFEQjkyMjFGRUM3OUNERjk2MkRBNTk5MDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZqGjohy5RPoVNgT3xtCnh4vR0
zioyY2hRhtnEmT9BnIN85Od5XcETnJ32AgRvrz4U0lTXGspdirhztdZ38rAzUBb+
DXEhkpJZoz1taNj07gXpIkfQwNASw8mpSGe3u8LZz1v2wyOS3UiQAwQyZZ7X9D36
kiwvuU+zAI6W7wGLMOgmsHavrNYTlTQKnA50Q3icf4IZAxNPdQRhY2p4Mo5StDtw
9Hgn7vSP5Du+uiP45EUjTtlPsmGYUqOx19DjAiievLzZdGwyndfaiCfHteWIREu/
bZdcN3f8DHCffYUw0TpHiAhe/65fvMTWsxq8rbLaTCxH8GdsQP6npwtPpJw1AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUcVunmmBeRlHbkiH+x5zfli2lmQgwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0MTc5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQiWMA0GCSqGSIb3DQEBCwUAA4IBAQBNaZvla/w+I86/u8NFoUyqHBWSlBA6q/oT
5QmACUMALyetB+EDBObnJfVv6ikOcLHmC/UdWM1T2iDH+RQ48vfarleyJ+rPT/6x
fmmGwoeqJXrFAwj1eQxonXe3k2b7U490PA/xlUGkiQ/yzxjDD/vyoIZMP8FcbS1n
nk1NVZX1JA/Zh51ktqGeVm3bTb0DWL+GAEWhqdSFemeK78OI2VeM3epyBdcJf85U
aOILZPwUhzyZ8dJ+LsJ8dRQz6K/Nu5jb4415kRB8tZhGVch2IlAZnbkQS33kJJoG
wulzt922emdSEG7gM0DDqLmJ/E5RyfdAhf8FefxPUcPkJpi7qoR7
-----END CERTIFICATE-----