Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214310.roa
File:                     AS214310.roa (raw, json)
Hash identifier:          qfTbQedCv+w28k4FZh10X7oGBCwR/BT0cHH7ZUFqzXw=
Subject key identifier:   75:48:76:52:C4:7B:68:5B:A4:1E:9E:51:86:D2:1B:00:CB:6C:A1:67
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       30B469F37DA34887979ED5D20758911B9B9A286E
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214310.roa
Signing time:             Thu 07 Nov 2024 18:09:22 +0000
ROA not before:           Thu 07 Nov 2024 18:04:22 +0000
ROA not after:            Thu 06 Nov 2025 18:09:22 +0000
asID:                     214310
IP address blocks:        2a0f:85c1:891::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:b4:69:f3:7d:a3:48:87:97:9e:d5:d2:07:58:91:1b:9b:9a:28:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Nov  7 18:04:22 2024 GMT
            Not After : Nov  6 18:09:22 2025 GMT
        Subject: CN=75487652C47B685BA41E9E5186D21B00CB6CA167
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:4e:f5:c2:3e:28:88:3a:3f:2f:af:21:ab:81:
                    bd:dd:2c:ab:29:dc:62:49:53:49:b7:1c:e4:69:6e:
                    62:60:46:be:56:24:57:b2:df:19:06:00:a3:65:fd:
                    d3:37:bc:34:a3:9f:5c:3d:f3:f3:db:62:15:44:d0:
                    be:8f:de:09:a7:8b:02:b3:b6:b0:a8:11:b0:cf:b6:
                    94:cb:b7:b6:07:6b:52:32:f8:0e:aa:b0:8b:93:30:
                    ef:08:49:fb:15:5c:59:c6:6c:61:90:94:75:b4:a3:
                    14:b1:6c:5e:41:6b:a3:40:89:8b:8a:5f:c1:82:57:
                    36:92:b7:76:36:d9:30:4d:65:c2:b7:77:f5:04:dd:
                    d8:c2:dc:19:11:39:51:c9:4c:2f:9c:06:ad:75:a1:
                    b5:a7:a2:76:a5:11:f8:3e:81:5a:d9:75:4e:f6:c5:
                    a8:e6:74:23:57:33:2d:f8:38:ec:60:da:05:cf:eb:
                    d8:6c:ff:39:7c:0e:13:4f:68:2d:86:02:27:9b:4f:
                    a7:ae:75:60:cf:58:69:5f:d0:7c:47:7a:f7:15:13:
                    f0:f5:79:39:f9:f4:6b:e7:97:ef:a8:70:f4:bd:89:
                    07:e0:9e:7d:da:79:4c:f3:18:53:33:9e:57:bd:e0:
                    2f:7f:4e:f8:8b:aa:cc:82:c3:5e:da:c2:e0:eb:33:
                    a4:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:48:76:52:C4:7B:68:5B:A4:1E:9E:51:86:D2:1B:00:CB:6C:A1:67
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214310.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:891::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:a4:ce:c7:e1:89:c0:73:df:aa:2d:b1:46:90:cd:62:db:26:
         69:07:f3:02:78:60:3f:fd:42:0c:e1:ab:d7:81:8a:c3:f3:d5:
         d7:c6:85:37:e9:fa:5f:4c:47:c8:e0:ce:eb:a4:31:36:64:cc:
         f6:2f:3f:45:b7:9a:b3:c9:9d:03:db:2a:95:09:2f:9f:22:27:
         e5:06:71:73:81:63:f5:e4:aa:08:0c:1d:a0:5d:62:67:ba:c6:
         f3:03:de:73:60:b4:81:c2:2c:d6:ff:5b:7d:cb:89:77:87:35:
         b9:ae:b6:1e:af:20:84:d3:04:7d:72:79:b4:4e:bc:58:04:6d:
         1d:a0:9a:12:82:a7:ad:c5:a0:7d:1c:1c:10:13:f6:ec:3b:ff:
         d5:71:77:f9:5c:8e:5b:26:00:e9:08:18:60:47:29:72:27:32:
         03:22:4e:11:d7:b2:1b:55:6e:2f:ef:61:e8:a2:4b:07:fb:87:
         91:55:e3:92:d0:ef:fd:db:1c:9f:59:e3:52:4b:71:82:34:96:
         3c:c5:5d:e8:f7:40:7e:a9:5a:e3:59:e2:56:91:67:8a:ce:34:
         b2:ec:3d:cf:70:0e:4c:49:81:e8:ec:59:be:7c:29:dc:51:65:
         9f:28:a2:09:de:a3:64:e1:89:fe:10:6c:46:84:92:40:fa:db:
         20:7a:a1:49
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUMLRp832jSIeXntXSB1iRG5uaKG4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDExMDcxODA0MjJaFw0yNTExMDYxODA5MjJaMDMxMTAvBgNV
BAMTKDc1NDg3NjUyQzQ3QjY4NUJBNDFFOUU1MTg2RDIxQjAwQ0I2Q0ExNjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDITvXCPiiIOj8vryGrgb3dLKsp
3GJJU0m3HORpbmJgRr5WJFey3xkGAKNl/dM3vDSjn1w98/PbYhVE0L6P3gmniwKz
trCoEbDPtpTLt7YHa1Iy+A6qsIuTMO8ISfsVXFnGbGGQlHW0oxSxbF5Ba6NAiYuK
X8GCVzaSt3Y22TBNZcK3d/UE3djC3BkROVHJTC+cBq11obWnonalEfg+gVrZdU72
xajmdCNXMy34OOxg2gXP69hs/zl8DhNPaC2GAiebT6eudWDPWGlf0HxHevcVE/D1
eTn59Gvnl++ocPS9iQfgnn3aeUzzGFMznle94C9/TviLqsyCw17awuDrM6QLAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUdUh2UsR7aFukHp5RhtIbAMtsoWcwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0MzEwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQiRMA0GCSqGSIb3DQEBCwUAA4IBAQBKpM7H4YnAc9+qLbFGkM1i2yZpB/MCeGA/
/UIM4avXgYrD89XXxoU36fpfTEfI4M7rpDE2ZMz2Lz9Ft5qzyZ0D2yqVCS+fIifl
BnFzgWP15KoIDB2gXWJnusbzA95zYLSBwizW/1t9y4l3hzW5rrYeryCE0wR9cnm0
TrxYBG0doJoSgqetxaB9HBwQE/bsO//VcXf5XI5bJgDpCBhgRylyJzIDIk4R17Ib
VW4v72HooksH+4eRVeOS0O/92xyfWeNSS3GCNJY8xV3o90B+qVrjWeJWkWeKzjSy
7D3PcA5MSYHo7Fm+fCncUWWfKKIJ3qNk4Yn+EGxGhJJA+tsgeqFJ
-----END CERTIFICATE-----