Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214199.roa
File:                     AS214199.roa (raw, json)
Hash identifier:          tDkDPbFdMDNvgeBMBCfgBRj8Ty4JQCJmTs0AwOxaTJU=
Subject key identifier:   8E:D0:32:AC:2B:5E:95:1D:DC:DF:63:EF:A7:1E:69:7C:BA:DC:84:2E
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       4641A76AF2EF354459BAF6DE77DC051E38E14DDF
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214199.roa
Signing time:             Tue 17 Sep 2024 04:23:28 +0000
ROA not before:           Tue 17 Sep 2024 04:18:28 +0000
ROA not after:            Tue 16 Sep 2025 04:23:28 +0000
asID:                     214199
IP address blocks:        2a0f:85c1:897::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:41:a7:6a:f2:ef:35:44:59:ba:f6:de:77:dc:05:1e:38:e1:4d:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Sep 17 04:18:28 2024 GMT
            Not After : Sep 16 04:23:28 2025 GMT
        Subject: CN=8ED032AC2B5E951DDCDF63EFA71E697CBADC842E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:f7:a7:26:fc:e4:b1:55:d7:aa:22:be:d5:10:
                    59:41:b7:a0:4d:c1:8d:2b:05:b8:1f:7d:c5:5d:b4:
                    20:01:12:b9:13:9d:11:56:25:84:ed:cd:1a:03:c2:
                    05:7d:9e:3f:fc:59:37:f2:62:d6:3a:3f:fd:88:fe:
                    21:a3:00:e8:92:8a:30:49:18:b8:f5:74:3c:03:3b:
                    da:fb:38:1b:78:dd:91:82:ba:0c:66:8e:e3:13:0f:
                    14:ec:33:2d:f4:34:87:fc:e1:f1:6a:1c:e2:6a:fc:
                    55:d1:2a:29:6e:8a:b8:1a:49:24:33:de:28:30:bb:
                    21:3e:cb:31:1f:c8:b6:fe:6d:b6:25:ea:9b:cf:dd:
                    0d:5c:78:aa:20:fb:b2:9c:85:57:e6:c4:d5:80:0f:
                    9b:da:5b:69:e3:fb:8d:80:53:5b:87:f5:d2:8f:44:
                    28:b8:72:b6:ba:e6:87:5b:a4:29:60:44:2a:aa:96:
                    f0:62:34:b4:f9:d9:0c:f9:f5:71:84:29:84:88:4a:
                    97:63:0d:5a:e2:66:e5:a1:62:06:8e:c2:37:56:5b:
                    53:ce:5b:e4:dc:b9:4f:9a:2e:b3:1a:65:e6:3e:65:
                    44:a6:a8:3e:a9:10:9b:5a:b5:62:ee:1c:d6:91:af:
                    a1:5b:bb:14:7f:82:f2:11:2c:09:62:1b:5e:6b:c2:
                    b2:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:D0:32:AC:2B:5E:95:1D:DC:DF:63:EF:A7:1E:69:7C:BA:DC:84:2E
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214199.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:897::/48

    Signature Algorithm: sha256WithRSAEncryption
         ab:74:f0:a3:e2:a5:b5:34:67:e5:03:5d:06:30:f2:aa:43:9c:
         89:a4:26:c7:71:7c:41:9a:25:6c:63:d6:19:5a:6a:32:09:2b:
         aa:74:24:a9:d9:40:95:08:d3:16:ac:88:b5:1d:b3:9f:2b:25:
         d4:77:7c:47:97:bc:43:97:98:0c:02:20:92:f2:4b:d2:b5:f7:
         53:fa:b9:5a:d0:08:f1:03:e6:13:09:b3:cd:6a:18:fe:e0:cd:
         48:84:d0:d1:43:60:47:94:f3:93:78:e0:72:a9:90:70:4e:9f:
         a4:ad:50:18:b4:7c:86:b4:26:ef:09:ad:4b:86:60:33:76:41:
         a3:77:c8:31:26:3f:3d:d2:8c:94:de:10:50:a9:0b:02:38:6e:
         ee:3a:99:a3:ca:b6:2a:d4:d4:e2:64:42:e6:ec:98:10:31:19:
         9d:c8:3d:69:42:0e:1a:b2:38:9e:2e:2f:82:45:c4:50:44:d8:
         65:df:bc:a1:28:f4:ad:59:b2:c0:fc:2f:03:99:9e:46:bf:22:
         e5:82:de:cb:c2:fb:3c:01:a0:2a:ae:37:f4:c8:64:d6:61:fe:
         a1:fa:8a:36:88:7c:89:81:40:28:53:1b:cd:f1:9b:07:50:5f:
         2e:76:f8:65:bb:31:1c:56:08:a8:82:82:c7:cc:80:ad:34:45:
         ed:3b:72:90
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIURkGnavLvNURZuvbed9wFHjjhTd8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA5MTcwNDE4MjhaFw0yNTA5MTYwNDIzMjhaMDMxMTAvBgNV
BAMTKDhFRDAzMkFDMkI1RTk1MUREQ0RGNjNFRkE3MUU2OTdDQkFEQzg0MkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw96cm/OSxVdeqIr7VEFlBt6BN
wY0rBbgffcVdtCABErkTnRFWJYTtzRoDwgV9nj/8WTfyYtY6P/2I/iGjAOiSijBJ
GLj1dDwDO9r7OBt43ZGCugxmjuMTDxTsMy30NIf84fFqHOJq/FXRKiluirgaSSQz
3igwuyE+yzEfyLb+bbYl6pvP3Q1ceKog+7KchVfmxNWAD5vaW2nj+42AU1uH9dKP
RCi4cra65odbpClgRCqqlvBiNLT52Qz59XGEKYSISpdjDVriZuWhYgaOwjdWW1PO
W+TcuU+aLrMaZeY+ZUSmqD6pEJtatWLuHNaRr6FbuxR/gvIRLAliG15rwrIrAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUjtAyrCtelR3c32Pvpx5pfLrchC4wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0MTk5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQiXMA0GCSqGSIb3DQEBCwUAA4IBAQCrdPCj4qW1NGflA10GMPKqQ5yJpCbHcXxB
miVsY9YZWmoyCSuqdCSp2UCVCNMWrIi1HbOfKyXUd3xHl7xDl5gMAiCS8kvStfdT
+rla0AjxA+YTCbPNahj+4M1IhNDRQ2BHlPOTeOByqZBwTp+krVAYtHyGtCbvCa1L
hmAzdkGjd8gxJj890oyU3hBQqQsCOG7uOpmjyrYq1NTiZELm7JgQMRmdyD1pQg4a
sjieLi+CRcRQRNhl37yhKPStWbLA/C8DmZ5GvyLlgt7Lwvs8AaAqrjf0yGTWYf6h
+oo2iHyJgUAoUxvN8ZsHUF8udvhluzEcVgiogoLHzICtNEXtO3KQ
-----END CERTIFICATE-----