Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214481.roa
File:                     AS214481.roa (raw, json)
Hash identifier:          NUUYX+ZMz0s29D+8gu1uE5VB1mQovo89EDha6f41yFM=
Subject key identifier:   DB:21:8F:C9:85:17:67:F3:18:FA:42:4D:70:2F:37:EB:7C:04:9C:E1
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       43FF2392566D6F1CDA6ABB5BBAC21EDA19BEB27D
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214481.roa
Signing time:             Fri 23 Aug 2024 08:01:26 +0000
ROA not before:           Fri 23 Aug 2024 07:56:26 +0000
ROA not after:            Fri 22 Aug 2025 08:01:26 +0000
asID:                     214481
IP address blocks:        2a0f:85c1:840::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:ff:23:92:56:6d:6f:1c:da:6a:bb:5b:ba:c2:1e:da:19:be:b2:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:26 2024 GMT
            Not After : Aug 22 08:01:26 2025 GMT
        Subject: CN=DB218FC9851767F318FA424D702F37EB7C049CE1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:c4:07:a6:c8:04:2c:48:11:57:08:b0:7d:16:
                    d8:66:ca:89:0e:23:84:5f:d2:7e:2c:29:b1:74:28:
                    c0:f8:23:e0:3f:c8:df:bc:21:18:f7:8f:79:fe:ce:
                    5a:24:dc:f9:a1:37:56:76:d2:20:ef:bd:7f:e9:cb:
                    18:fc:3e:cd:82:22:a5:a7:e2:1b:ef:64:2d:c8:e0:
                    40:0a:94:f3:a4:f4:90:5f:ef:f6:5c:c6:a0:26:b2:
                    fd:68:3f:6f:58:ac:a8:e8:8d:88:0b:82:57:6a:ba:
                    93:df:d3:2f:fa:ee:c7:38:ac:c9:87:e8:84:af:e4:
                    60:9a:ba:4d:d0:02:39:6b:39:0e:30:19:ba:08:0c:
                    0f:bd:a5:df:c4:10:a5:16:df:0c:7b:65:96:7b:ad:
                    06:7d:ec:74:46:9d:f6:d5:ab:ca:d2:5d:2a:5c:e1:
                    75:ea:d8:a5:fc:0d:ce:8e:77:10:af:da:3c:73:06:
                    03:0e:d8:d7:e3:04:f5:4f:c2:71:81:23:ed:2c:1b:
                    fd:ba:bc:ae:ba:be:80:79:11:bc:42:a5:3c:19:db:
                    7a:59:29:ae:d8:af:2a:4c:e3:a0:d5:b4:f6:e4:44:
                    54:9d:aa:0a:72:eb:0d:99:8e:10:bb:c6:53:96:de:
                    7b:3d:45:99:da:d3:3d:35:cb:49:94:ed:c9:f9:a7:
                    12:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:21:8F:C9:85:17:67:F3:18:FA:42:4D:70:2F:37:EB:7C:04:9C:E1
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214481.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:840::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:52:f8:4e:55:81:5d:2d:0a:35:7b:36:1a:84:6a:b6:a8:59:
         cc:e7:c6:68:82:33:00:6d:b7:69:4e:29:b8:f9:3b:a8:13:21:
         ca:69:c8:26:92:fe:64:f8:bc:d8:c3:62:b8:04:35:60:90:26:
         cb:a6:ab:42:fe:2c:6b:47:63:a5:1b:35:0a:9f:6c:16:86:8b:
         df:f6:fe:a6:bd:0f:36:70:b2:1f:de:b5:80:57:c2:b2:92:68:
         4a:7c:00:7e:92:ae:32:78:e7:bc:28:1d:81:5e:2a:44:fb:06:
         f6:29:eb:88:4b:4e:34:a7:a0:c0:e1:c2:99:5d:53:42:4e:b4:
         17:4f:6a:1d:50:f5:26:49:0c:fd:31:6d:1d:85:bd:e1:50:6e:
         50:73:f5:17:4f:46:c3:e6:1b:a7:83:9c:38:fb:9e:23:bb:c3:
         60:60:4c:04:d0:59:c9:0e:f4:f7:a4:b3:58:60:2e:72:53:a9:
         ce:5c:6c:14:a8:0e:c7:0d:1c:de:68:00:7f:1b:17:f3:9a:b9:
         09:47:46:80:aa:20:f4:ff:69:3d:de:11:57:72:39:8b:7c:3b:
         c0:37:b8:1e:c8:7e:b2:69:28:29:74:40:38:0a:a8:44:a4:22:
         cc:f3:85:b5:14:eb:69:f8:9d:22:4f:23:39:bb:3e:f9:b1:8c:
         09:f9:63:cc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUQ/8jklZtbxzaartbusIe2hm+sn0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MjZaFw0yNTA4MjIwODAxMjZaMDMxMTAvBgNV
BAMTKERCMjE4RkM5ODUxNzY3RjMxOEZBNDI0RDcwMkYzN0VCN0MwNDlDRTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNxAemyAQsSBFXCLB9FthmyokO
I4Rf0n4sKbF0KMD4I+A/yN+8IRj3j3n+zlok3PmhN1Z20iDvvX/pyxj8Ps2CIqWn
4hvvZC3I4EAKlPOk9JBf7/ZcxqAmsv1oP29YrKjojYgLgldqupPf0y/67sc4rMmH
6ISv5GCauk3QAjlrOQ4wGboIDA+9pd/EEKUW3wx7ZZZ7rQZ97HRGnfbVq8rSXSpc
4XXq2KX8Dc6OdxCv2jxzBgMO2NfjBPVPwnGBI+0sG/26vK66voB5EbxCpTwZ23pZ
Ka7YrypM46DVtPbkRFSdqgpy6w2ZjhC7xlOW3ns9RZna0z01y0mU7cn5pxKbAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU2yGPyYUXZ/MY+kJNcC8363wEnOEwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NDgxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQhAMA0GCSqGSIb3DQEBCwUAA4IBAQAMUvhOVYFdLQo1ezYahGq2qFnM58ZogjMA
bbdpTim4+TuoEyHKacgmkv5k+LzYw2K4BDVgkCbLpqtC/ixrR2OlGzUKn2wWhovf
9v6mvQ82cLIf3rWAV8KykmhKfAB+kq4yeOe8KB2BXipE+wb2KeuIS040p6DA4cKZ
XVNCTrQXT2odUPUmSQz9MW0dhb3hUG5Qc/UXT0bD5hung5w4+54ju8NgYEwE0FnJ
DvT3pLNYYC5yU6nOXGwUqA7HDRzeaAB/GxfzmrkJR0aAqiD0/2k93hFXcjmLfDvA
N7geyH6yaSgpdEA4CqhEpCLM84W1FOtp+J0iTyM5uz75sYwJ+WPM
-----END CERTIFICATE-----