Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214478.roa
File:                     AS214478.roa (raw, json)
Hash identifier:          V+LpUSAa/4vJc5dWFqBeJWp59AxxsQFzwXEPhRrnM64=
Subject key identifier:   BE:0C:DC:CF:71:0B:AC:34:75:11:18:F0:FA:AE:F6:DD:29:3E:39:1C
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       6B1F9FFF95AF3864ACD75ABBA4D2F57F6FFD0ECB
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214478.roa
Signing time:             Thu 14 Nov 2024 16:50:59 +0000
ROA not before:           Thu 14 Nov 2024 16:45:59 +0000
ROA not after:            Thu 13 Nov 2025 16:50:59 +0000
asID:                     214478
IP address blocks:        2a0f:85c1:841::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:1f:9f:ff:95:af:38:64:ac:d7:5a:bb:a4:d2:f5:7f:6f:fd:0e:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Nov 14 16:45:59 2024 GMT
            Not After : Nov 13 16:50:59 2025 GMT
        Subject: CN=BE0CDCCF710BAC34751118F0FAAEF6DD293E391C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:82:34:3b:13:1e:f2:d8:b7:f2:8c:a0:90:9b:
                    ba:88:00:b5:ca:b3:66:b9:d1:33:e9:2a:e5:d2:ab:
                    86:de:44:14:cf:ab:ca:c0:dc:65:1b:4b:0c:63:76:
                    ae:c3:28:13:44:8c:05:11:12:a1:6e:28:21:5a:87:
                    e4:1b:1e:fa:bf:88:94:3d:86:f4:c9:09:49:96:0b:
                    5b:98:10:77:3d:b8:b0:5c:d1:fa:3c:23:1f:62:81:
                    07:16:c1:60:23:2e:a1:5a:1b:28:1d:78:6f:6a:a9:
                    0f:ba:de:80:71:da:d3:cd:53:e7:ac:41:6a:ff:bf:
                    a0:cb:89:16:6f:9c:12:f4:7c:3f:06:73:76:f0:03:
                    06:a8:78:15:e5:bf:ee:e9:b3:05:9f:b1:ef:13:73:
                    97:2c:f8:8c:01:3a:c0:be:fc:c9:67:b0:1c:9e:84:
                    11:c2:b4:2d:04:23:e4:e7:26:ae:8b:73:21:f5:92:
                    31:15:61:28:43:80:d2:60:b7:d1:75:1a:a7:d3:40:
                    f9:46:fb:4a:d4:0c:ce:9f:0b:a6:16:bf:c0:2e:8d:
                    15:b2:97:3a:45:c9:f4:d2:d8:a4:44:51:25:7f:90:
                    9c:dd:bf:ad:5e:f3:0b:99:fb:b1:42:d6:7b:be:45:
                    57:e4:90:e4:c7:e9:c5:ac:c7:d1:8f:6e:c2:b0:65:
                    ad:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:0C:DC:CF:71:0B:AC:34:75:11:18:F0:FA:AE:F6:DD:29:3E:39:1C
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214478.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:841::/48

    Signature Algorithm: sha256WithRSAEncryption
         bc:d4:9e:4f:7d:da:02:91:11:09:6e:73:83:82:00:d8:85:ee:
         dd:5e:00:68:d1:6f:21:cf:35:27:ba:a4:12:30:9e:b7:af:69:
         2e:b8:4b:35:1a:6d:16:73:9c:52:dd:cc:85:37:9d:fe:3f:ba:
         9c:b9:20:ef:32:a5:98:69:80:dd:5e:f0:81:20:63:8d:39:d7:
         45:7a:79:76:6d:93:c1:74:59:f3:2c:9d:bb:57:f1:06:e4:a2:
         3f:16:4c:59:bd:98:67:ea:41:9b:d9:b8:60:d9:b9:51:0c:bf:
         3b:f2:35:c4:b8:e9:32:30:73:54:32:cc:10:bb:40:13:23:04:
         d9:6f:44:42:0a:f6:81:9a:8f:9c:6d:93:08:dd:2a:f0:f2:84:
         83:44:33:6c:fd:27:71:d6:bb:0f:69:48:93:48:f0:24:86:ce:
         2c:a0:25:44:30:6b:ab:01:28:e7:78:66:ae:eb:d6:02:16:44:
         ba:1b:51:ef:92:3c:92:06:2b:d3:06:8c:bc:78:b0:bb:7e:46:
         30:d0:28:f2:58:51:c5:d3:da:12:a4:b0:43:66:6a:99:a0:2f:
         f2:bb:6c:19:78:d1:f4:bf:45:5a:23:30:c7:2f:7f:ab:64:d2:
         38:a2:f3:1b:36:46:ab:fb:1c:68:7b:2b:1a:dc:b5:02:39:d5:
         15:11:18:b6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUax+f/5WvOGSs11q7pNL1f2/9DsswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDExMTQxNjQ1NTlaFw0yNTExMTMxNjUwNTlaMDMxMTAvBgNV
BAMTKEJFMENEQ0NGNzEwQkFDMzQ3NTExMThGMEZBQUVGNkREMjkzRTM5MUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCegjQ7Ex7y2LfyjKCQm7qIALXK
s2a50TPpKuXSq4beRBTPq8rA3GUbSwxjdq7DKBNEjAUREqFuKCFah+QbHvq/iJQ9
hvTJCUmWC1uYEHc9uLBc0fo8Ix9igQcWwWAjLqFaGygdeG9qqQ+63oBx2tPNU+es
QWr/v6DLiRZvnBL0fD8Gc3bwAwaoeBXlv+7pswWfse8Tc5cs+IwBOsC+/MlnsBye
hBHCtC0EI+TnJq6LcyH1kjEVYShDgNJgt9F1GqfTQPlG+0rUDM6fC6YWv8AujRWy
lzpFyfTS2KREUSV/kJzdv61e8wuZ+7FC1nu+RVfkkOTH6cWsx9GPbsKwZa3NAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUvgzcz3ELrDR1ERjw+q723Sk+ORwwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NDc4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQhBMA0GCSqGSIb3DQEBCwUAA4IBAQC81J5PfdoCkREJbnODggDYhe7dXgBo0W8h
zzUnuqQSMJ63r2kuuEs1Gm0Wc5xS3cyFN53+P7qcuSDvMqWYaYDdXvCBIGONOddF
enl2bZPBdFnzLJ27V/EG5KI/FkxZvZhn6kGb2bhg2blRDL878jXEuOkyMHNUMswQ
u0ATIwTZb0RCCvaBmo+cbZMI3Srw8oSDRDNs/Sdx1rsPaUiTSPAkhs4soCVEMGur
ASjneGau69YCFkS6G1HvkjySBivTBoy8eLC7fkYw0CjyWFHF09oSpLBDZmqZoC/y
u2wZeNH0v0VaIzDHL3+rZNI4ovMbNkar+xxoeysa3LUCOdUVERi2
-----END CERTIFICATE-----