Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214182.roa
File:                     AS214182.roa (raw, json)
Hash identifier:          7UY0ker8sdpb4fFew6v3ibK7csKpqNkTS2R2v5WIjsw=
Subject key identifier:   32:21:29:91:F1:1D:D5:EF:CD:90:AC:95:56:7E:EE:0C:B2:09:46:76
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       47D7E30E897CDCD190A886B535415981FEF6CE65
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214182.roa
Signing time:             Wed 16 Oct 2024 03:03:57 +0000
ROA not before:           Wed 16 Oct 2024 02:58:57 +0000
ROA not after:            Wed 15 Oct 2025 03:03:57 +0000
asID:                     214182
IP address blocks:        2a0f:85c1:89e::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:d7:e3:0e:89:7c:dc:d1:90:a8:86:b5:35:41:59:81:fe:f6:ce:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Oct 16 02:58:57 2024 GMT
            Not After : Oct 15 03:03:57 2025 GMT
        Subject: CN=32212991F11DD5EFCD90AC95567EEE0CB2094676
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:46:22:8d:82:75:10:da:cc:08:15:60:f9:4e:
                    98:2e:52:6b:cb:a5:9c:15:8a:92:b4:02:a0:95:45:
                    de:d7:a8:6f:49:61:02:bc:58:14:d7:5c:45:db:b3:
                    c3:7f:27:ed:f4:7c:b8:5c:37:d3:8a:33:c2:0b:8c:
                    ac:7f:bd:7a:85:a0:21:b1:90:bd:d3:6d:8c:ba:54:
                    da:ed:76:46:29:22:15:39:ba:8c:e5:7a:88:9f:be:
                    56:21:e3:f3:17:a4:c7:49:e1:5c:4f:fe:85:ee:40:
                    8b:bc:9f:6f:4d:4e:da:6a:55:93:35:2e:35:28:03:
                    05:32:ec:d9:34:63:0b:1d:5b:07:fc:f2:e9:2e:6b:
                    4c:23:c8:7a:b5:17:5c:fe:40:bd:e0:25:67:04:b9:
                    a8:bf:52:1a:3a:b1:9b:b4:4b:c0:73:e2:01:9e:87:
                    ce:85:19:f2:e6:78:30:67:26:72:0e:96:b6:73:2c:
                    16:1c:19:aa:ae:95:f9:3a:92:18:33:36:63:13:b6:
                    54:4d:43:62:8d:bb:42:32:68:44:cb:18:86:ef:35:
                    14:63:35:63:98:fa:4c:95:51:22:34:bb:73:89:07:
                    71:b8:35:b0:e9:e5:1b:76:ef:b6:3e:12:cb:85:3e:
                    23:bf:82:63:49:59:02:9c:64:60:af:6a:e3:43:e4:
                    38:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:21:29:91:F1:1D:D5:EF:CD:90:AC:95:56:7E:EE:0C:B2:09:46:76
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214182.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:89e::/48

    Signature Algorithm: sha256WithRSAEncryption
         47:fd:2f:3a:2b:fb:ae:b7:ae:69:f3:20:cf:19:f1:41:8e:3a:
         6a:dc:a8:3a:f8:9a:35:12:ec:b3:31:ac:1b:96:b0:c5:fd:8d:
         c3:3a:9a:26:ac:aa:5e:0e:ac:9c:d7:1f:21:35:9a:df:cd:bd:
         38:08:21:aa:9f:2c:b7:fd:01:d3:95:a0:1f:3b:aa:34:68:d6:
         c8:76:fb:1b:a7:81:dc:22:b4:7f:fb:e4:eb:01:cf:b4:84:cb:
         e0:a9:b5:1d:62:46:b8:85:07:83:ba:52:cb:46:7d:73:3b:9c:
         55:06:8c:b9:67:9c:2e:aa:89:db:f5:a2:86:a3:f8:a1:66:9a:
         8c:ab:ca:b9:de:3c:53:df:c8:17:71:e6:55:9a:fe:13:5c:5a:
         b4:2a:a6:b8:35:98:f1:ce:d8:28:02:c4:26:0a:70:17:87:2e:
         4f:5a:4f:c6:d8:59:64:e6:d6:f0:3d:91:59:63:db:6a:b3:fc:
         72:6c:40:3d:a3:01:ea:51:ce:82:cb:60:38:bd:a3:78:da:66:
         ad:c8:49:46:e8:3a:7e:9e:5b:bb:f6:bd:6c:35:44:63:23:55:
         19:fb:b9:0a:66:26:78:8b:a8:fc:a6:44:57:af:b7:a0:77:01:
         9f:ae:18:51:be:06:66:57:e3:15:e1:10:a4:6a:b6:7a:ca:36:
         fd:18:54:25
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUR9fjDol83NGQqIa1NUFZgf72zmUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDEwMTYwMjU4NTdaFw0yNTEwMTUwMzAzNTdaMDMxMTAvBgNV
BAMTKDMyMjEyOTkxRjExREQ1RUZDRDkwQUM5NTU2N0VFRTBDQjIwOTQ2NzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwRiKNgnUQ2swIFWD5TpguUmvL
pZwVipK0AqCVRd7XqG9JYQK8WBTXXEXbs8N/J+30fLhcN9OKM8ILjKx/vXqFoCGx
kL3TbYy6VNrtdkYpIhU5uozleoifvlYh4/MXpMdJ4VxP/oXuQIu8n29NTtpqVZM1
LjUoAwUy7Nk0YwsdWwf88ukua0wjyHq1F1z+QL3gJWcEuai/Uho6sZu0S8Bz4gGe
h86FGfLmeDBnJnIOlrZzLBYcGaqulfk6khgzNmMTtlRNQ2KNu0IyaETLGIbvNRRj
NWOY+kyVUSI0u3OJB3G4NbDp5Rt277Y+EsuFPiO/gmNJWQKcZGCvauND5Dh7AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUMiEpkfEd1e/NkKyVVn7uDLIJRnYwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0MTgyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQieMA0GCSqGSIb3DQEBCwUAA4IBAQBH/S86K/uut65p8yDPGfFBjjpq3Kg6+Jo1
EuyzMawblrDF/Y3DOpomrKpeDqyc1x8hNZrfzb04CCGqnyy3/QHTlaAfO6o0aNbI
dvsbp4HcIrR/++TrAc+0hMvgqbUdYka4hQeDulLLRn1zO5xVBoy5Z5wuqonb9aKG
o/ihZpqMq8q53jxT38gXceZVmv4TXFq0Kqa4NZjxztgoAsQmCnAXhy5PWk/G2Flk
5tbwPZFZY9tqs/xybEA9owHqUc6Cy2A4vaN42matyElG6Dp+nlu79r1sNURjI1UZ
+7kKZiZ4i6j8pkRXr7egdwGfrhhRvgZmV+MV4RCkarZ6yjb9GFQl
-----END CERTIFICATE-----