Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214498.roa
File:                     AS214498.roa (raw, json)
Hash identifier:          W/E0vjlX7Wq1EMI0IUvif4L3BsDB8GIsO3kgozIFnVg=
Subject key identifier:   CC:65:22:3C:63:EF:D3:3D:72:0D:2E:35:5A:39:95:EC:0E:7F:59:4E
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       752F964E80F2CBCD1B489ED1F4E470730A980ABE
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214498.roa
Signing time:             Fri 24 Jan 2025 10:04:57 +0000
ROA not before:           Fri 24 Jan 2025 09:59:57 +0000
ROA not after:            Fri 23 Jan 2026 10:04:57 +0000
asID:                     214498
IP address blocks:        195.200.20.0/24 maxlen: 24
                          2a0f:85c1:b70::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Apr 2025 22:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:2f:96:4e:80:f2:cb:cd:1b:48:9e:d1:f4:e4:70:73:0a:98:0a:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jan 24 09:59:57 2025 GMT
            Not After : Jan 23 10:04:57 2026 GMT
        Subject: CN=CC65223C63EFD33D720D2E355A3995EC0E7F594E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:43:5d:92:f9:4e:e7:cc:9a:37:3e:e1:e4:06:
                    db:08:0f:22:5f:eb:00:ad:26:24:0d:a4:3e:96:19:
                    a8:84:c5:0c:3e:bb:78:36:a2:be:7d:70:8a:b9:a8:
                    43:d9:d2:56:c8:fb:5d:a7:77:cb:d5:44:22:75:3f:
                    d9:16:7a:8f:5d:4c:d4:9f:fb:00:d1:cf:40:4e:9e:
                    e7:07:c5:37:20:3e:57:36:60:5f:a6:ed:8c:7c:ee:
                    ca:21:e9:29:2b:33:98:85:af:f2:c8:20:1f:03:52:
                    e5:ff:c7:ba:d8:4d:c4:df:a2:dd:7c:65:3b:42:3f:
                    89:44:97:ad:68:00:3a:05:3b:f9:3c:53:63:40:81:
                    03:58:82:af:ae:6a:54:05:94:be:c9:a0:62:3f:3f:
                    c2:01:6f:86:ca:2a:a2:cd:80:44:56:b6:81:2c:23:
                    5a:8b:c5:67:1b:79:79:58:dd:ce:13:bf:c1:78:86:
                    3e:33:74:b2:e1:c9:9b:52:e0:86:5b:9c:7f:0c:96:
                    ff:c6:48:bb:95:e1:33:a8:e7:bd:ce:38:7e:8f:ec:
                    82:6a:ad:7e:1b:31:81:6e:b7:aa:02:bf:e5:24:68:
                    8a:33:7a:0d:2e:9a:2e:f1:c8:e1:42:4f:18:01:ef:
                    e6:d8:16:bc:90:48:dc:9e:72:78:84:f8:96:0a:4e:
                    96:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:65:22:3C:63:EF:D3:3D:72:0D:2E:35:5A:39:95:EC:0E:7F:59:4E
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214498.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.200.20.0/24
                IPv6:
                  2a0f:85c1:b70::/48

    Signature Algorithm: sha256WithRSAEncryption
         a5:38:10:f0:d3:70:73:a4:ea:2a:b9:14:ac:c5:0f:ed:4f:0b:
         b5:94:43:31:0d:31:f0:ea:e9:81:5e:fe:6d:ea:9e:c8:e9:8a:
         31:e6:c6:0e:80:18:aa:b9:ca:07:9d:2b:a9:3d:9e:9f:70:4d:
         e9:1e:1a:b9:87:35:8a:2a:46:82:4d:cc:3b:64:d3:89:7d:08:
         26:17:2e:77:2a:19:d1:ec:02:3f:28:1d:e1:07:1a:9a:45:65:
         33:df:6b:77:8e:0f:96:fc:be:ab:80:a8:1f:9f:51:f6:b0:8b:
         a5:51:31:8a:3e:e6:19:d0:70:94:3d:f1:b0:91:e7:d7:83:44:
         31:9d:0b:0b:3d:e7:5d:de:32:5b:e6:52:86:44:b4:96:86:6b:
         96:19:3b:27:4d:0d:ba:77:95:ad:d9:ab:8c:7c:08:a4:c0:52:
         29:0e:85:78:58:18:d3:70:49:20:b0:be:e1:ce:3f:d9:c2:e2:
         01:8f:1b:07:e8:af:ce:35:83:40:56:6b:a3:43:ec:e9:59:57:
         0e:68:8e:de:a4:bb:09:9e:49:ba:d0:ff:9f:08:97:44:8f:b4:
         0b:c7:ad:86:f5:eb:ee:e9:c3:c3:90:84:9e:e0:59:7c:4c:c3:
         b9:ee:d8:7a:6c:7a:1e:0a:68:6a:b7:96:21:b5:8c:f2:9e:93:
         e0:3d:80:5f
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIUdS+WToDyy80bSJ7R9ORwcwqYCr4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTAxMjQwOTU5NTdaFw0yNjAxMjMxMDA0NTdaMDMxMTAvBgNV
BAMTKENDNjUyMjNDNjNFRkQzM0Q3MjBEMkUzNTVBMzk5NUVDMEU3RjU5NEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVQ12S+U7nzJo3PuHkBtsIDyJf
6wCtJiQNpD6WGaiExQw+u3g2or59cIq5qEPZ0lbI+12nd8vVRCJ1P9kWeo9dTNSf
+wDRz0BOnucHxTcgPlc2YF+m7Yx87soh6SkrM5iFr/LIIB8DUuX/x7rYTcTfot18
ZTtCP4lEl61oADoFO/k8U2NAgQNYgq+ualQFlL7JoGI/P8IBb4bKKqLNgERWtoEs
I1qLxWcbeXlY3c4Tv8F4hj4zdLLhyZtS4IZbnH8Mlv/GSLuV4TOo573OOH6P7IJq
rX4bMYFut6oCv+UkaIozeg0umi7xyOFCTxgB7+bYFryQSNyecniE+JYKTpazAgMB
AAGjggIbMIICFzAdBgNVHQ4EFgQUzGUiPGPv0z1yDS41WjmV7A5/WU4wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NDk4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAw8gU
MA8EAgACMAkDBwAqD4XBC3AwDQYJKoZIhvcNAQELBQADggEBAKU4EPDTcHOk6iq5
FKzFD+1PC7WUQzENMfDq6YFe/m3qnsjpijHmxg6AGKq5ygedK6k9np9wTekeGrmH
NYoqRoJNzDtk04l9CCYXLncqGdHsAj8oHeEHGppFZTPfa3eOD5b8vquAqB+fUfaw
i6VRMYo+5hnQcJQ98bCR59eDRDGdCws9513eMlvmUoZEtJaGa5YZOydNDbp3la3Z
q4x8CKTAUikOhXhYGNNwSSCwvuHOP9nC4gGPGwfor841g0BWa6ND7OlZVw5ojt6k
uwmeSbrQ/58Il0SPtAvHrYb16+7pw8OQhJ7gWXxMw7nu2Hpseh4KaGq3liG1jPKe
k+A9gF8=
-----END CERTIFICATE-----