Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214478.roa
File:                     AS214478.roa (raw, json)
Hash identifier:          jbMghPBL0P+cRGSHJmDDS9RP/wu6/1cwl9TxCGLCr5o=
Subject key identifier:   93:01:F0:3D:5A:5A:7B:F8:D3:AF:CA:34:29:EF:84:4D:4C:87:59:27
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       75BC64F47BFDB15D4E3C19E7A1215DEDB102BE48
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214478.roa
Signing time:             Mon 10 Mar 2025 22:21:45 +0000
ROA not before:           Mon 10 Mar 2025 22:16:45 +0000
ROA not after:            Mon 09 Mar 2026 22:21:45 +0000
asID:                     214478
IP address blocks:        2a0f:85c1:841::/48 maxlen: 48
                          2a0f:85c1:860::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:bc:64:f4:7b:fd:b1:5d:4e:3c:19:e7:a1:21:5d:ed:b1:02:be:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Mar 10 22:16:45 2025 GMT
            Not After : Mar  9 22:21:45 2026 GMT
        Subject: CN=9301F03D5A5A7BF8D3AFCA3429EF844D4C875927
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:af:dd:ef:86:15:01:c3:3d:65:48:0a:ad:a7:
                    fb:ee:7f:a4:d1:74:ea:5f:c8:cf:4c:ab:d8:b7:a9:
                    ee:f0:47:22:37:23:a0:a4:6f:a9:1d:50:e7:7d:21:
                    26:46:01:b5:bd:b7:4a:b2:d9:b5:1b:d1:d1:81:e0:
                    19:c8:b1:a9:4e:dd:93:a5:3d:42:23:0c:52:95:9e:
                    a1:29:e6:bf:38:6b:7c:d6:6d:38:5e:8c:b0:73:a8:
                    b0:25:9c:0e:2e:04:b5:8e:d5:88:4d:dc:9c:d4:7a:
                    2b:36:61:98:b6:c4:97:47:4c:2d:9b:fa:7a:41:73:
                    e5:83:11:b8:70:de:8b:45:e8:1e:7c:66:ef:c9:5e:
                    5a:3b:57:9f:ac:f8:fb:a0:a4:c0:48:a2:d4:68:84:
                    a3:ce:e3:7c:c6:3d:7d:5d:7b:b7:e7:a3:d3:c1:55:
                    7d:5f:b4:4a:25:d7:48:64:b3:e4:30:b1:b8:a5:d7:
                    95:fe:6d:eb:1d:ae:47:3e:9a:38:98:a6:35:65:33:
                    e1:e1:01:01:11:3d:b0:72:a4:8f:a1:29:d4:fb:22:
                    22:92:5e:20:d1:3f:41:eb:10:6e:7d:14:a0:4d:ef:
                    2d:52:df:31:ac:1a:ba:b8:32:b9:75:6f:e3:e1:d8:
                    ef:9a:3c:55:07:1f:00:60:b7:ae:fc:e0:be:ed:67:
                    9d:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:01:F0:3D:5A:5A:7B:F8:D3:AF:CA:34:29:EF:84:4D:4C:87:59:27
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214478.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:841::/48
                  2a0f:85c1:860::/48

    Signature Algorithm: sha256WithRSAEncryption
         e9:10:59:f9:e5:1e:8e:fd:27:cb:f1:87:c4:ed:40:d8:5f:5b:
         3e:58:5f:d7:0a:b5:69:9a:bd:66:48:4f:80:24:67:bf:b7:01:
         58:36:63:b5:73:53:33:a4:55:06:59:ef:67:c4:40:3d:fb:4e:
         fa:d3:ed:83:d3:58:21:53:df:ab:e6:0b:b5:32:eb:51:98:bd:
         f3:f7:24:9d:e3:08:ca:96:91:c0:58:c5:fe:2a:0c:73:83:98:
         d9:04:34:2f:6b:77:16:e0:6c:1d:f9:9f:c2:81:2b:0b:53:67:
         1a:ac:84:9d:47:a1:4a:6e:11:81:a1:07:93:f5:8f:ea:a9:37:
         32:2e:70:c8:6c:83:bc:2a:fc:ad:b3:a2:d3:21:a1:30:54:e6:
         58:42:22:5c:31:c5:01:f5:22:9d:d8:08:dc:59:b9:96:97:d7:
         b9:1e:8b:28:73:19:38:bc:c0:a1:07:16:74:94:33:3c:68:08:
         9d:73:a3:5e:77:e2:ab:c8:67:0c:78:71:49:bb:ca:6e:90:52:
         05:6c:98:ef:37:de:88:27:19:96:94:76:4c:16:04:cc:79:3b:
         71:f1:79:c8:43:aa:a1:9a:26:b4:2e:f7:de:f3:42:e6:5f:7a:
         da:7d:3c:ce:e7:5d:6c:e7:e9:58:a4:12:73:9d:3a:3e:3b:f0:
         df:41:c5:2e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUdbxk9Hv9sV1OPBnnoSFd7bECvkgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTAzMTAyMjE2NDVaFw0yNjAzMDkyMjIxNDVaMDMxMTAvBgNV
BAMTKDkzMDFGMDNENUE1QTdCRjhEM0FGQ0EzNDI5RUY4NDRENEM4NzU5MjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3r93vhhUBwz1lSAqtp/vuf6TR
dOpfyM9Mq9i3qe7wRyI3I6Ckb6kdUOd9ISZGAbW9t0qy2bUb0dGB4BnIsalO3ZOl
PUIjDFKVnqEp5r84a3zWbThejLBzqLAlnA4uBLWO1YhN3JzUeis2YZi2xJdHTC2b
+npBc+WDEbhw3otF6B58Zu/JXlo7V5+s+PugpMBIotRohKPO43zGPX1de7fno9PB
VX1ftEol10hks+Qwsbil15X+besdrkc+mjiYpjVlM+HhAQERPbBypI+hKdT7IiKS
XiDRP0HrEG59FKBN7y1S3zGsGrq4Mrl1b+Ph2O+aPFUHHwBgt6784L7tZ51TAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUkwHwPVpae/jTr8o0Ke+ETUyHWScwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NDc4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg+F
wQhBAwcAKg+FwQhgMA0GCSqGSIb3DQEBCwUAA4IBAQDpEFn55R6O/SfL8YfE7UDY
X1s+WF/XCrVpmr1mSE+AJGe/twFYNmO1c1MzpFUGWe9nxEA9+0760+2D01ghU9+r
5gu1MutRmL3z9ySd4wjKlpHAWMX+Kgxzg5jZBDQva3cW4Gwd+Z/CgSsLU2carISd
R6FKbhGBoQeT9Y/qqTcyLnDIbIO8Kvyts6LTIaEwVOZYQiJcMcUB9SKd2AjcWbmW
l9e5Hosocxk4vMChBxZ0lDM8aAidc6Ned+KryGcMeHFJu8pukFIFbJjvN96IJxmW
lHZMFgTMeTtx8XnIQ6qhmia0Lvfe80LmX3rafTzO511s5+lYpBJznTo+O/DfQcUu
-----END CERTIFICATE-----