Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214409.roa
File:                     AS214409.roa (raw, json)
Hash identifier:          dxMjrB6vMJathpqRWGG/lDc4XPUTtcQ/ZtKW4OXi2LI=
Subject key identifier:   C3:FA:F2:A5:5D:22:A8:47:EC:2F:CB:F4:79:C1:A6:FE:31:3D:8F:E9
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       663C8AE754B3F1AAEF256CE04107B63DC72BD9EE
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214409.roa
Signing time:             Tue 17 Sep 2024 04:25:28 +0000
ROA not before:           Tue 17 Sep 2024 04:20:28 +0000
ROA not after:            Tue 16 Sep 2025 04:25:28 +0000
asID:                     214409
IP address blocks:        2a0f:85c1:84d::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:3c:8a:e7:54:b3:f1:aa:ef:25:6c:e0:41:07:b6:3d:c7:2b:d9:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Sep 17 04:20:28 2024 GMT
            Not After : Sep 16 04:25:28 2025 GMT
        Subject: CN=C3FAF2A55D22A847EC2FCBF479C1A6FE313D8FE9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ae:1b:78:2c:c7:65:47:da:7a:b1:91:a2:1f:
                    f0:d7:59:52:27:dc:d9:87:6f:ed:83:5a:29:43:4f:
                    ab:df:23:e2:e9:38:d1:2d:c2:23:21:c0:f1:ff:3c:
                    be:9a:44:fd:42:60:81:d2:72:ee:ed:bb:21:61:72:
                    f2:05:3b:17:a8:98:80:c3:22:47:36:60:44:58:b2:
                    86:9f:9e:30:4b:8e:52:fd:da:6e:01:c6:c6:66:af:
                    8a:fc:30:42:28:be:5d:18:ce:25:ca:4c:f3:51:d4:
                    c9:33:1a:3d:a7:cf:a2:14:88:a6:e6:0e:f5:0d:07:
                    23:2f:0b:dc:9f:ab:92:1a:54:ca:92:d1:5d:ec:07:
                    de:74:03:9d:80:e7:1e:71:fd:5e:31:31:2b:ed:d9:
                    b6:51:20:48:a6:63:0e:96:88:d0:e5:1d:18:5b:5f:
                    db:3e:54:48:e8:77:ac:f0:fa:8b:5c:c7:6f:a9:62:
                    57:70:78:c0:65:35:d7:7b:65:1c:5c:d4:29:67:57:
                    80:7c:9b:40:c6:07:8b:32:af:bc:bb:cc:e8:6b:a4:
                    dc:28:95:e2:2e:c7:8a:04:1b:16:7a:1d:40:7a:36:
                    d2:2e:45:e2:ac:43:b7:38:72:8a:af:27:86:6b:60:
                    e1:27:09:e6:e7:a6:e2:2e:ad:e7:02:22:c3:35:9a:
                    08:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:FA:F2:A5:5D:22:A8:47:EC:2F:CB:F4:79:C1:A6:FE:31:3D:8F:E9
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214409.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:84d::/48

    Signature Algorithm: sha256WithRSAEncryption
         46:59:3a:b3:c0:8c:52:72:83:ec:3e:5b:ed:83:e1:88:c7:57:
         d7:74:6f:13:18:2a:62:14:87:aa:7d:7c:b0:49:1d:51:c0:64:
         8a:b9:81:73:bb:cb:7f:83:af:15:c3:21:2f:c9:6e:13:8f:99:
         1f:e1:29:1e:23:b2:36:27:35:dc:57:4a:a1:e7:90:2d:e7:3e:
         a3:af:64:24:f6:dc:16:e2:5a:f2:5a:d1:05:c6:0f:bc:60:fe:
         44:34:b4:60:79:fe:b6:07:f2:c6:72:ef:fc:85:fe:dc:b1:d2:
         74:93:6f:de:4f:f0:4e:0e:59:8a:1d:65:8c:bb:ed:60:ad:99:
         21:7a:e2:fd:89:cb:85:7e:ae:b9:0f:73:15:e8:5d:f5:1e:08:
         17:73:41:6c:93:ee:57:09:22:64:af:0e:24:af:d9:90:5b:a5:
         9a:9b:72:48:f5:0b:80:dd:f3:f1:c5:cf:49:d0:82:fa:cd:cc:
         12:89:02:e8:6f:d0:b5:48:ce:7a:e4:04:15:65:2b:5b:80:cc:
         10:fe:c6:4a:9d:d9:bf:96:ee:5d:bb:4d:36:4a:b6:c8:14:4b:
         56:df:25:83:a8:2d:db:d7:9f:31:0d:c8:a7:8a:e5:30:99:17:
         77:42:76:44:97:e1:eb:6d:1c:d3:3c:44:51:bd:b3:a0:6d:89:
         96:5d:2d:d8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUZjyK51Sz8arvJWzgQQe2Pccr2e4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA5MTcwNDIwMjhaFw0yNTA5MTYwNDI1MjhaMDMxMTAvBgNV
BAMTKEMzRkFGMkE1NUQyMkE4NDdFQzJGQ0JGNDc5QzFBNkZFMzEzRDhGRTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7rht4LMdlR9p6sZGiH/DXWVIn
3NmHb+2DWilDT6vfI+LpONEtwiMhwPH/PL6aRP1CYIHScu7tuyFhcvIFOxeomIDD
Ikc2YERYsoafnjBLjlL92m4BxsZmr4r8MEIovl0YziXKTPNR1MkzGj2nz6IUiKbm
DvUNByMvC9yfq5IaVMqS0V3sB950A52A5x5x/V4xMSvt2bZRIEimYw6WiNDlHRhb
X9s+VEjod6zw+otcx2+pYldweMBlNdd7ZRxc1ClnV4B8m0DGB4syr7y7zOhrpNwo
leIux4oEGxZ6HUB6NtIuReKsQ7c4coqvJ4ZrYOEnCebnpuIurecCIsM1mgiLAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUw/rypV0iqEfsL8v0ecGm/jE9j+kwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NDA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQhNMA0GCSqGSIb3DQEBCwUAA4IBAQBGWTqzwIxScoPsPlvtg+GIx1fXdG8TGCpi
FIeqfXywSR1RwGSKuYFzu8t/g68VwyEvyW4Tj5kf4SkeI7I2JzXcV0qh55At5z6j
r2Qk9twW4lryWtEFxg+8YP5ENLRgef62B/LGcu/8hf7csdJ0k2/eT/BODlmKHWWM
u+1grZkheuL9icuFfq65D3MV6F31HggXc0Fsk+5XCSJkrw4kr9mQW6Wam3JI9QuA
3fPxxc9J0IL6zcwSiQLob9C1SM565AQVZStbgMwQ/sZKndm/lu5du002SrbIFEtW
3yWDqC3b158xDciniuUwmRd3QnZEl+HrbRzTPERRvbOgbYmWXS3Y
-----END CERTIFICATE-----