Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214394.roa
File:                     AS214394.roa (raw, json)
Hash identifier:          5AuJgyf5MlK/hAYiijhDxk58wfqPwOkNI/846o+oZc8=
Subject key identifier:   45:00:83:49:5D:39:90:4E:FD:68:B0:8F:37:DD:21:74:B3:C7:33:1E
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       7AAC3CA79543683255E56CA17E4875DFA72BEBD3
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214394.roa
Signing time:             Tue 17 Sep 2024 04:25:18 +0000
ROA not before:           Tue 17 Sep 2024 04:20:18 +0000
ROA not after:            Tue 16 Sep 2025 04:25:18 +0000
asID:                     214394
IP address blocks:        2a0f:85c1:880::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:ac:3c:a7:95:43:68:32:55:e5:6c:a1:7e:48:75:df:a7:2b:eb:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Sep 17 04:20:18 2024 GMT
            Not After : Sep 16 04:25:18 2025 GMT
        Subject: CN=450083495D39904EFD68B08F37DD2174B3C7331E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:09:9d:19:37:51:ed:1a:bf:b1:36:9d:7f:8c:
                    bb:68:17:f4:32:3c:68:7e:78:4d:f5:77:ca:f6:66:
                    7b:3e:b9:93:47:3b:5f:b7:0f:fa:09:ad:9c:e2:25:
                    d0:aa:45:47:da:61:10:a2:8e:61:87:6d:93:ee:80:
                    1b:c1:c5:ac:bb:f1:45:1f:2a:30:84:2f:09:6a:60:
                    af:71:30:e0:bc:ca:43:73:f8:3c:45:4a:8e:91:e2:
                    da:20:f8:b2:97:ad:ff:c4:95:75:85:28:0f:41:0c:
                    34:29:12:f0:73:77:9c:cd:46:38:99:d2:29:71:5e:
                    4d:63:c1:5c:f4:ab:f2:a4:8e:62:6f:e7:ba:ed:a9:
                    c3:49:f8:af:6a:24:1f:fa:3a:e5:40:de:cf:cb:06:
                    8a:b8:90:a8:e2:92:93:e2:dc:6d:5c:d8:7f:79:fc:
                    cf:23:c9:df:6a:88:5a:51:f6:1c:3f:04:7a:f5:89:
                    bd:a0:29:e7:d8:d2:77:cb:f3:28:32:1c:f8:3e:05:
                    09:e1:be:1d:da:c1:f0:80:29:4e:35:b5:ea:54:75:
                    f9:dd:10:73:33:a0:75:24:65:94:fc:ab:45:17:a7:
                    84:0a:f3:03:87:5d:ac:0a:a1:aa:dc:a5:d5:27:87:
                    35:38:f8:bf:92:df:a9:c3:4d:88:2e:31:25:e9:81:
                    4a:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:00:83:49:5D:39:90:4E:FD:68:B0:8F:37:DD:21:74:B3:C7:33:1E
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214394.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:880::/48

    Signature Algorithm: sha256WithRSAEncryption
         d2:11:5b:1a:81:c9:39:63:49:86:dd:eb:4a:1c:f3:db:4e:e7:
         9a:e3:ba:96:24:39:02:0a:74:e1:88:bf:c7:8a:b8:b0:3d:3c:
         18:e5:22:90:40:ff:b6:3d:98:22:c9:0e:cc:a4:51:71:15:fc:
         5b:a6:48:b8:55:12:cf:6f:64:2a:37:95:c6:72:e8:92:c9:da:
         41:1a:22:3b:be:a1:f1:fe:51:af:1a:6c:f6:22:72:89:51:c0:
         d3:a1:af:84:b8:c2:f3:d8:b8:d8:fe:f2:cb:55:75:74:8c:60:
         d3:2a:dd:56:8c:1c:b1:7a:be:83:ff:dd:06:3c:04:1d:22:e4:
         b7:81:98:70:f7:ce:6a:6d:fe:3e:46:ad:4b:dd:93:5b:b8:ca:
         71:4b:93:83:58:a6:a6:2f:eb:51:20:d3:cf:f2:08:54:37:20:
         79:36:0d:10:0d:c7:a3:84:f6:88:47:c7:ae:4c:9f:b7:ca:05:
         2f:6b:0b:92:a7:3b:04:70:4b:7e:ce:b7:cd:cb:eb:ef:d8:b6:
         01:47:57:e5:ee:cc:86:db:c3:15:92:a6:19:b7:1b:77:0f:d3:
         7b:84:52:26:78:69:c0:20:28:28:69:b3:1e:0e:c7:0d:77:ad:
         0a:57:bd:54:91:56:92:35:8c:7f:ba:d4:ca:5d:c7:9f:46:79:
         c3:e5:05:f8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUeqw8p5VDaDJV5Wyhfkh136cr69MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA5MTcwNDIwMThaFw0yNTA5MTYwNDI1MThaMDMxMTAvBgNV
BAMTKDQ1MDA4MzQ5NUQzOTkwNEVGRDY4QjA4RjM3REQyMTc0QjNDNzMzMUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnCZ0ZN1HtGr+xNp1/jLtoF/Qy
PGh+eE31d8r2Zns+uZNHO1+3D/oJrZziJdCqRUfaYRCijmGHbZPugBvBxay78UUf
KjCELwlqYK9xMOC8ykNz+DxFSo6R4tog+LKXrf/ElXWFKA9BDDQpEvBzd5zNRjiZ
0ilxXk1jwVz0q/KkjmJv57rtqcNJ+K9qJB/6OuVA3s/LBoq4kKjikpPi3G1c2H95
/M8jyd9qiFpR9hw/BHr1ib2gKefY0nfL8ygyHPg+BQnhvh3awfCAKU41tepUdfnd
EHMzoHUkZZT8q0UXp4QK8wOHXawKoarcpdUnhzU4+L+S36nDTYguMSXpgUrtAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQURQCDSV05kE79aLCPN90hdLPHMx4wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0Mzk0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQiAMA0GCSqGSIb3DQEBCwUAA4IBAQDSEVsagck5Y0mG3etKHPPbTuea47qWJDkC
CnThiL/HiriwPTwY5SKQQP+2PZgiyQ7MpFFxFfxbpki4VRLPb2QqN5XGcuiSydpB
GiI7vqHx/lGvGmz2InKJUcDToa+EuMLz2LjY/vLLVXV0jGDTKt1WjByxer6D/90G
PAQdIuS3gZhw985qbf4+Rq1L3ZNbuMpxS5ODWKamL+tRINPP8ghUNyB5Ng0QDcej
hPaIR8euTJ+3ygUvawuSpzsEcEt+zrfNy+vv2LYBR1fl7syG28MVkqYZtxt3D9N7
hFImeGnAICgoabMeDscNd60KV71UkVaSNYx/utTKXcefRnnD5QX4
-----END CERTIFICATE-----