Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214480.roa
File:                     AS214480.roa (raw, json)
Hash identifier:          oVdsDmii2N3B303XvMIvgOP28b7nl+Qji4XHVU7vAfU=
Subject key identifier:   AB:D6:B8:45:87:1A:BD:82:D8:13:3C:C4:C5:40:E6:4A:B9:CC:4D:DB
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       66DB9D94A3C6F741232563746112DE8082736C2D
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214480.roa
Signing time:             Fri 23 Aug 2024 08:01:21 +0000
ROA not before:           Fri 23 Aug 2024 07:56:21 +0000
ROA not after:            Fri 22 Aug 2025 08:01:21 +0000
asID:                     214480
IP address blocks:        2a0f:85c1:842::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:db:9d:94:a3:c6:f7:41:23:25:63:74:61:12:de:80:82:73:6c:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:21 2024 GMT
            Not After : Aug 22 08:01:21 2025 GMT
        Subject: CN=ABD6B845871ABD82D8133CC4C540E64AB9CC4DDB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:17:d7:23:e3:a4:61:93:24:6a:93:d0:1a:ec:
                    69:a0:28:11:e6:96:65:78:87:7e:7a:59:79:82:f3:
                    0d:68:55:27:91:1e:9b:4c:e8:49:a8:8f:20:e5:dc:
                    fa:72:f7:aa:41:01:9d:a2:1b:c3:95:62:c6:fe:80:
                    de:fb:8e:ef:e5:58:c2:30:04:01:2e:58:13:fb:55:
                    3d:c9:5b:e1:89:21:0e:cb:60:b5:08:a1:7b:49:a3:
                    76:b7:a5:76:e2:a0:97:f0:e7:ef:cb:1c:f4:f6:17:
                    c1:b5:62:99:45:5b:6b:ef:94:2c:af:8f:af:f1:4b:
                    67:9c:22:6d:45:06:e2:4d:51:3d:74:29:58:e7:ce:
                    6e:78:d6:8f:75:71:da:f0:a3:06:8a:b7:a3:32:d4:
                    a0:16:fa:6c:60:0a:d9:0a:ac:97:27:5c:e9:3e:54:
                    f2:14:b2:ad:cc:1d:0a:1d:ca:b2:eb:f9:c2:fe:bf:
                    0d:65:b2:53:52:83:ff:9c:31:af:ac:9a:9e:aa:62:
                    6a:35:cf:6b:86:63:1b:b3:16:05:a1:a2:7a:13:5b:
                    a6:1a:9c:2c:49:49:55:d9:6c:b3:6d:cd:8f:52:a0:
                    ca:27:27:fd:29:ff:dc:5a:a4:5c:a0:0e:08:13:88:
                    2b:ab:95:a4:61:69:fa:33:03:d1:90:0a:87:39:6e:
                    d3:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:D6:B8:45:87:1A:BD:82:D8:13:3C:C4:C5:40:E6:4A:B9:CC:4D:DB
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214480.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:842::/48

    Signature Algorithm: sha256WithRSAEncryption
         99:f7:60:94:fc:ae:b9:cd:25:55:b3:1f:44:00:a1:c0:04:23:
         58:a2:14:1b:61:4d:3e:fa:63:23:07:ca:b0:7a:9e:0f:67:90:
         ef:60:bd:65:61:61:19:af:27:ac:7c:f4:26:cb:7c:c8:ab:14:
         41:4e:0b:7b:6a:e2:a3:ca:c3:6e:b2:07:7a:1e:cb:c4:49:92:
         14:0f:4d:d0:ad:f1:2f:dc:07:dc:f1:2d:b9:ee:db:d3:fb:cf:
         c1:8d:ef:c3:52:8d:6d:1f:50:a7:82:df:75:02:8d:2c:e7:b3:
         f2:97:95:87:59:44:cd:fa:a7:4a:b6:30:40:1f:30:b0:ba:14:
         c0:bf:32:24:d2:3b:9b:7f:dd:84:63:7d:b5:ea:7b:91:5f:90:
         fd:b5:d1:57:10:2b:bb:07:47:70:84:48:91:7b:5d:97:99:ee:
         45:67:fc:e6:a0:c0:89:10:8d:93:d5:c8:70:cb:74:5d:b9:eb:
         45:65:ba:b2:cb:11:37:e1:75:92:52:eb:16:f9:ba:c1:fd:ba:
         1f:1e:a9:57:9b:e0:cf:22:8b:bc:43:38:c3:27:00:94:ee:12:
         68:2f:b2:50:7c:e8:a1:77:79:3e:0c:da:4a:62:f1:91:05:1a:
         8d:d1:12:43:f4:54:38:b5:4a:3d:e4:97:db:52:d7:b2:79:89:
         9c:70:6c:b5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUZtudlKPG90EjJWN0YRLegIJzbC0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MjFaFw0yNTA4MjIwODAxMjFaMDMxMTAvBgNV
BAMTKEFCRDZCODQ1ODcxQUJEODJEODEzM0NDNEM1NDBFNjRBQjlDQzREREIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXF9cj46RhkyRqk9Aa7GmgKBHm
lmV4h356WXmC8w1oVSeRHptM6EmojyDl3Ppy96pBAZ2iG8OVYsb+gN77ju/lWMIw
BAEuWBP7VT3JW+GJIQ7LYLUIoXtJo3a3pXbioJfw5+/LHPT2F8G1YplFW2vvlCyv
j6/xS2ecIm1FBuJNUT10KVjnzm541o91cdrwowaKt6My1KAW+mxgCtkKrJcnXOk+
VPIUsq3MHQodyrLr+cL+vw1lslNSg/+cMa+smp6qYmo1z2uGYxuzFgWhonoTW6Ya
nCxJSVXZbLNtzY9SoMonJ/0p/9xapFygDggTiCurlaRhafozA9GQCoc5btPNAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUq9a4RYcavYLYEzzExUDmSrnMTdswHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NDgwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQhCMA0GCSqGSIb3DQEBCwUAA4IBAQCZ92CU/K65zSVVsx9EAKHABCNYohQbYU0+
+mMjB8qwep4PZ5DvYL1lYWEZryesfPQmy3zIqxRBTgt7auKjysNusgd6HsvESZIU
D03QrfEv3Afc8S257tvT+8/Bje/DUo1tH1Cngt91Ao0s57Pyl5WHWUTN+qdKtjBA
HzCwuhTAvzIk0jubf92EY3216nuRX5D9tdFXECu7B0dwhEiRe12Xme5FZ/zmoMCJ
EI2T1chwy3RduetFZbqyyxE34XWSUusW+brB/bofHqlXm+DPIou8QzjDJwCU7hJo
L7JQfOihd3k+DNpKYvGRBRqN0RJD9FQ4tUo95JfbUteyeYmccGy1
-----END CERTIFICATE-----