Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214522.roa
File:                     AS214522.roa (raw, json)
Hash identifier:          k7v93qeXg/3KRfx9x/5fM6QpYbbk1zEZXUssfzDk/Ik=
Subject key identifier:   B6:1C:2E:48:54:44:08:67:47:D7:AB:CE:2A:31:4F:98:CC:90:E4:D7
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       330CDC87086C4ABF224D257FCAB7E1B997900CA0
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214522.roa
Signing time:             Fri 23 Aug 2024 08:01:24 +0000
ROA not before:           Fri 23 Aug 2024 07:56:24 +0000
ROA not after:            Fri 22 Aug 2025 08:01:24 +0000
asID:                     214522
IP address blocks:        2a0f:85c1:3f4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 02:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:0c:dc:87:08:6c:4a:bf:22:4d:25:7f:ca:b7:e1:b9:97:90:0c:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:24 2024 GMT
            Not After : Aug 22 08:01:24 2025 GMT
        Subject: CN=B61C2E485444086747D7ABCE2A314F98CC90E4D7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:cc:c4:b9:26:93:e0:a3:f8:07:20:20:89:68:
                    3b:c0:2f:c4:3c:e4:9d:ec:d4:f8:da:da:46:bf:f6:
                    af:f7:f5:fc:c5:cf:a3:63:c3:f3:8e:49:01:d6:66:
                    86:5c:ca:a6:97:45:01:69:cc:88:7e:8b:1a:a6:c6:
                    25:55:b8:bb:2f:28:0d:1f:03:97:80:89:d5:95:40:
                    73:c9:a7:24:6b:f2:b2:59:e3:e6:0b:bf:94:14:d9:
                    53:fa:28:43:75:cc:db:02:51:dd:31:bf:ae:66:b1:
                    6e:fc:15:d6:3a:a9:ac:66:cb:26:16:21:f2:fb:e7:
                    f3:af:34:38:86:60:c6:33:5b:7f:36:bb:23:f5:e5:
                    5f:04:57:26:a0:f2:57:97:95:a5:cc:65:88:42:1e:
                    15:df:1b:c4:cb:fd:30:c5:2c:64:26:7a:70:64:94:
                    e6:69:38:c1:7b:6a:4a:7d:11:65:9d:90:58:87:5c:
                    9c:b7:14:ea:d3:1f:8a:ff:b0:99:e1:10:64:e1:30:
                    d3:8e:b1:e5:e5:17:34:02:0f:d7:ba:34:f8:5d:8b:
                    54:73:5b:3f:bf:71:f6:ce:59:9c:b7:d1:d4:71:be:
                    b5:06:48:38:af:fe:b1:15:bd:b4:4d:15:ae:06:06:
                    eb:29:69:63:9a:35:51:fe:e8:58:1b:ca:54:7e:47:
                    0f:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:1C:2E:48:54:44:08:67:47:D7:AB:CE:2A:31:4F:98:CC:90:E4:D7
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214522.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3f4::/48

    Signature Algorithm: sha256WithRSAEncryption
         0e:c0:3b:fd:8f:43:da:13:45:d4:26:a1:b3:c1:a9:cf:c2:ee:
         5a:45:7f:d3:f3:40:e8:48:bf:0e:6e:17:f7:ef:6c:60:46:ae:
         41:33:cd:55:e8:a9:21:13:ff:8c:a5:d7:33:b0:6f:57:7f:70:
         df:e8:a8:32:16:09:c1:e0:81:b3:67:ad:3f:d4:d6:18:c4:d8:
         5b:99:28:61:e8:ab:ab:e8:4c:22:2d:61:a6:f1:cf:3f:9f:9e:
         ef:8f:d1:c0:77:c3:76:45:4d:19:d5:98:20:17:c6:07:b0:7f:
         e7:3e:16:e2:30:eb:b2:70:47:79:0d:60:08:74:3b:b1:ce:4d:
         c5:f1:ee:93:c7:a9:b2:e8:35:70:25:56:37:40:e5:16:5f:ad:
         09:7d:21:8c:05:de:28:66:5b:ef:15:91:f1:25:98:cb:50:63:
         34:d3:02:5c:24:1c:17:24:23:92:ce:9a:bc:05:4c:b6:67:2c:
         d3:42:a6:75:d0:c0:69:a6:44:c3:87:8c:66:e2:66:c5:79:81:
         c8:1c:41:d4:17:e4:b2:55:11:36:51:7b:64:1c:0e:7d:35:f5:
         8d:5f:3a:9e:36:fd:28:1e:f8:a3:a7:9e:2e:aa:db:60:d5:e7:
         04:d4:93:0f:61:b1:13:e9:31:1b:b5:88:99:f4:ed:a7:c0:15:
         4e:05:e0:b8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUMwzchwhsSr8iTSV/yrfhuZeQDKAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MjRaFw0yNTA4MjIwODAxMjRaMDMxMTAvBgNV
BAMTKEI2MUMyRTQ4NTQ0NDA4Njc0N0Q3QUJDRTJBMzE0Rjk4Q0M5MEU0RDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAzMS5JpPgo/gHICCJaDvAL8Q8
5J3s1Pja2ka/9q/39fzFz6Njw/OOSQHWZoZcyqaXRQFpzIh+ixqmxiVVuLsvKA0f
A5eAidWVQHPJpyRr8rJZ4+YLv5QU2VP6KEN1zNsCUd0xv65msW78FdY6qaxmyyYW
IfL75/OvNDiGYMYzW382uyP15V8EVyag8leXlaXMZYhCHhXfG8TL/TDFLGQmenBk
lOZpOMF7akp9EWWdkFiHXJy3FOrTH4r/sJnhEGThMNOOseXlFzQCD9e6NPhdi1Rz
Wz+/cfbOWZy30dRxvrUGSDiv/rEVvbRNFa4GBuspaWOaNVH+6FgbylR+Rw8TAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUthwuSFRECGdH16vOKjFPmMyQ5NcwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NTIyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQP0MA0GCSqGSIb3DQEBCwUAA4IBAQAOwDv9j0PaE0XUJqGzwanPwu5aRX/T80Do
SL8Obhf372xgRq5BM81V6KkhE/+MpdczsG9Xf3Df6KgyFgnB4IGzZ60/1NYYxNhb
mShh6Kur6EwiLWGm8c8/n57vj9HAd8N2RU0Z1ZggF8YHsH/nPhbiMOuycEd5DWAI
dDuxzk3F8e6Tx6my6DVwJVY3QOUWX60JfSGMBd4oZlvvFZHxJZjLUGM00wJcJBwX
JCOSzpq8BUy2ZyzTQqZ10MBppkTDh4xm4mbFeYHIHEHUF+SyVRE2UXtkHA59NfWN
XzqeNv0oHvijp54uqttg1ecE1JMPYbET6TEbtYiZ9O2nwBVOBeC4
-----END CERTIFICATE-----