Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214446.roa
File:                     AS214446.roa (raw, json)
Hash identifier:          Y7m8AyCSeHzVlvgqBIlOFdi0dl6jY1JORa+Wtkek4nE=
Subject key identifier:   DC:7E:F8:9B:13:33:58:84:33:73:9F:75:04:7A:FE:AF:4A:29:B7:CF
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       1A5AF6BF1FB6F2F2D9E6683D5E50BE65CEC06994
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214446.roa
Signing time:             Tue 17 Sep 2024 04:25:36 +0000
ROA not before:           Tue 17 Sep 2024 04:20:36 +0000
ROA not after:            Tue 16 Sep 2025 04:25:36 +0000
asID:                     214446
IP address blocks:        2a0f:85c1:847::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:5a:f6:bf:1f:b6:f2:f2:d9:e6:68:3d:5e:50:be:65:ce:c0:69:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Sep 17 04:20:36 2024 GMT
            Not After : Sep 16 04:25:36 2025 GMT
        Subject: CN=DC7EF89B1333588433739F75047AFEAF4A29B7CF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:4a:8d:22:89:51:a1:20:91:5d:bd:cb:12:ed:
                    aa:15:08:5f:25:c6:97:69:67:76:7b:cf:f5:db:33:
                    fd:e5:f1:dc:02:c9:f2:5f:b2:6b:77:02:85:19:13:
                    c0:5e:c3:5a:03:ca:dd:9b:c1:d0:56:f1:64:68:2a:
                    82:7f:dc:bd:80:22:14:8b:44:a1:9b:ac:58:e7:33:
                    a2:f0:fd:72:4c:8b:25:c0:ac:3c:63:3a:f1:8a:41:
                    0c:65:fd:d5:4a:34:5e:42:b2:41:49:44:b2:03:b4:
                    56:3c:a6:8e:6a:8d:a4:58:d7:a6:93:95:be:87:14:
                    f4:96:39:02:07:73:87:b6:b7:af:2b:ef:51:5f:43:
                    a3:cc:42:fd:fc:f7:76:05:14:c3:7b:68:33:35:7b:
                    e3:88:86:73:69:b2:45:49:45:75:57:1d:7c:28:1a:
                    0b:ba:5f:ec:56:38:1d:94:6c:c8:38:87:16:0a:e8:
                    07:c5:dc:69:76:83:86:41:73:c1:71:44:cf:b1:94:
                    6f:5c:25:a3:d6:36:fb:0d:c9:93:86:a9:63:e3:62:
                    3e:83:d2:30:93:5d:07:ad:13:c2:fe:4f:28:d8:f5:
                    28:f5:90:43:42:fa:ed:cc:fd:9a:45:a0:e5:8f:2d:
                    8b:d6:7c:4c:fb:a7:fd:91:49:e7:85:e9:11:e0:b6:
                    f6:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:7E:F8:9B:13:33:58:84:33:73:9F:75:04:7A:FE:AF:4A:29:B7:CF
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214446.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:847::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:db:d1:e8:b5:73:19:94:7a:80:70:97:2f:8e:a9:8a:39:3c:
         35:72:40:57:f8:30:e0:71:a0:af:cd:5e:52:86:22:1b:9d:dc:
         2c:08:c0:5e:16:fc:37:6d:c2:db:30:e8:6b:6f:40:a1:18:72:
         50:af:b4:54:2b:23:bf:a0:fd:c3:a8:2b:c3:c8:59:79:0e:00:
         7a:ef:a9:37:07:34:d1:8c:43:fb:91:e8:c0:0e:a7:9c:5a:63:
         7e:de:33:2b:24:05:38:f4:37:bd:21:07:83:c7:02:3a:f0:58:
         1f:25:0f:57:d1:2c:92:31:3b:ad:e9:2b:f3:68:56:8e:86:f3:
         28:d0:09:f9:fb:36:dc:c5:16:9a:17:b7:3f:c7:0d:29:52:18:
         92:30:8d:61:7d:07:a8:f9:ea:47:bc:c4:b3:7b:2e:24:5b:fb:
         9c:ba:5b:e3:c8:b0:42:a6:c0:5d:42:43:47:2f:3d:59:d3:48:
         89:ca:0b:53:2f:c7:fa:a1:26:2c:37:df:55:fb:32:7b:02:2e:
         e1:db:f7:97:a1:7f:bb:8e:24:89:e3:71:59:4e:39:bd:2a:2f:
         a5:b7:43:d0:61:b1:d9:27:b6:bd:2e:f5:4d:ba:05:f7:78:ac:
         19:5d:9f:59:2c:6b:5c:28:c2:a1:1d:0b:69:99:b8:4a:27:d7:
         2a:64:23:e6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUGlr2vx+28vLZ5mg9XlC+Zc7AaZQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA5MTcwNDIwMzZaFw0yNTA5MTYwNDI1MzZaMDMxMTAvBgNV
BAMTKERDN0VGODlCMTMzMzU4ODQzMzczOUY3NTA0N0FGRUFGNEEyOUI3Q0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9So0iiVGhIJFdvcsS7aoVCF8l
xpdpZ3Z7z/XbM/3l8dwCyfJfsmt3AoUZE8Bew1oDyt2bwdBW8WRoKoJ/3L2AIhSL
RKGbrFjnM6Lw/XJMiyXArDxjOvGKQQxl/dVKNF5CskFJRLIDtFY8po5qjaRY16aT
lb6HFPSWOQIHc4e2t68r71FfQ6PMQv3893YFFMN7aDM1e+OIhnNpskVJRXVXHXwo
Ggu6X+xWOB2UbMg4hxYK6AfF3Gl2g4ZBc8FxRM+xlG9cJaPWNvsNyZOGqWPjYj6D
0jCTXQetE8L+TyjY9Sj1kENC+u3M/ZpFoOWPLYvWfEz7p/2RSeeF6RHgtvZXAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU3H74mxMzWIQzc591BHr+r0opt88wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NDQ2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQhHMA0GCSqGSIb3DQEBCwUAA4IBAQAc29HotXMZlHqAcJcvjqmKOTw1ckBX+DDg
caCvzV5ShiIbndwsCMBeFvw3bcLbMOhrb0ChGHJQr7RUKyO/oP3DqCvDyFl5DgB6
76k3BzTRjEP7kejADqecWmN+3jMrJAU49De9IQeDxwI68FgfJQ9X0SySMTut6Svz
aFaOhvMo0An5+zbcxRaaF7c/xw0pUhiSMI1hfQeo+epHvMSzey4kW/uculvjyLBC
psBdQkNHLz1Z00iJygtTL8f6oSYsN99V+zJ7Ai7h2/eXoX+7jiSJ43FZTjm9Ki+l
t0PQYbHZJ7a9LvVNugX3eKwZXZ9ZLGtcKMKhHQtpmbhKJ9cqZCPm
-----END CERTIFICATE-----