Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214533.roa
File:                     AS214533.roa (raw, json)
Hash identifier:          ugavj7yx6t2dMGHVtKcAOvfzq2/XduTySwx+RcssJu0=
Subject key identifier:   79:23:A1:0E:EC:60:87:89:67:80:C4:AE:D3:9C:8B:6F:F1:92:5C:DA
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       1975C46CE545B8B003BBB674C83AADE4AF9DD38F
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214533.roa
Signing time:             Tue 17 Sep 2024 04:24:54 +0000
ROA not before:           Tue 17 Sep 2024 04:19:54 +0000
ROA not after:            Tue 16 Sep 2025 04:24:54 +0000
asID:                     214533
IP address blocks:        2a0f:85c1:836::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:75:c4:6c:e5:45:b8:b0:03:bb:b6:74:c8:3a:ad:e4:af:9d:d3:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Sep 17 04:19:54 2024 GMT
            Not After : Sep 16 04:24:54 2025 GMT
        Subject: CN=7923A10EEC6087896780C4AED39C8B6FF1925CDA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ea:17:d9:6d:54:b0:6b:a7:6a:e6:95:b7:02:
                    22:df:56:66:ad:19:47:5e:09:e6:65:35:aa:05:57:
                    87:9f:9b:02:a9:5c:01:86:5e:a7:db:c0:32:65:e7:
                    d8:73:59:90:e6:d8:c5:aa:e9:91:7a:41:c0:ae:83:
                    36:1a:b8:2d:14:c7:c1:5d:3d:84:8b:46:b4:a0:7c:
                    1c:d5:f2:6d:62:bb:e0:a6:c5:61:bd:e2:60:73:ca:
                    dc:e1:2d:1f:a4:92:5c:f3:e9:7b:03:7f:3e:a1:20:
                    3a:05:d5:df:ed:80:8b:1a:88:02:cb:32:be:07:7f:
                    b8:77:35:9c:3c:28:8c:89:9a:57:07:8e:74:c9:b6:
                    35:13:c4:a8:1a:ac:26:f0:17:08:3e:61:62:4f:4b:
                    98:b9:72:fe:82:d5:7f:43:9b:82:8a:dc:1c:bf:b4:
                    63:10:7a:37:e1:7d:ed:8b:bd:22:3b:f2:e7:ac:53:
                    04:52:4e:6f:f5:e6:4c:09:43:26:18:ff:df:b9:c3:
                    15:c7:0c:9e:2d:53:09:0a:84:b7:9d:66:c6:11:0b:
                    09:ff:e2:77:07:53:3b:30:c4:50:d6:1c:54:cb:65:
                    5b:a5:fd:fe:58:79:08:8d:7a:1d:9f:ae:ae:b5:1a:
                    55:eb:b4:97:b3:6a:82:f8:1f:48:3c:49:3e:b1:f8:
                    fa:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:23:A1:0E:EC:60:87:89:67:80:C4:AE:D3:9C:8B:6F:F1:92:5C:DA
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214533.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:836::/48

    Signature Algorithm: sha256WithRSAEncryption
         a9:11:3c:79:b2:e7:6e:15:b2:29:a3:79:20:1b:d0:da:09:18:
         1b:0b:2a:60:9e:53:cb:02:91:f0:73:0d:46:a3:31:55:92:44:
         84:b7:01:db:74:43:db:91:23:c6:22:6a:d6:e7:a7:e5:30:a2:
         01:c4:c6:ff:c7:57:ae:c4:13:81:d6:7d:8a:1f:28:df:f6:8c:
         e2:f2:02:0e:df:f5:29:c4:00:7a:a0:64:eb:49:31:6d:c3:78:
         a5:71:cb:0e:cc:25:9c:a1:20:1c:7a:65:20:72:dd:52:ca:4d:
         17:e4:23:ae:e1:0b:72:64:a3:cb:70:3f:01:8a:53:03:13:0d:
         0c:15:12:9e:73:bb:8b:44:62:e2:5a:93:d7:72:3e:53:5f:63:
         50:f7:78:d5:d1:90:07:06:8e:28:19:80:8d:92:07:6d:95:45:
         f3:35:58:57:34:79:9b:87:96:04:1b:e3:1c:55:0a:55:17:bf:
         18:82:71:11:df:69:ce:c2:b0:30:b3:d8:5b:58:76:39:48:88:
         d3:d3:42:74:76:e8:d8:46:3d:2a:af:ed:b8:6d:ae:3a:6f:c6:
         e9:de:4c:60:ca:78:1a:bb:b6:f7:00:15:18:e3:76:2e:d4:be:
         0d:9d:bb:44:b3:4c:6a:c1:ea:1e:f6:a7:4f:e4:1f:83:b8:ad:
         67:94:0c:f1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUGXXEbOVFuLADu7Z0yDqt5K+d048wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA5MTcwNDE5NTRaFw0yNTA5MTYwNDI0NTRaMDMxMTAvBgNV
BAMTKDc5MjNBMTBFRUM2MDg3ODk2NzgwQzRBRUQzOUM4QjZGRjE5MjVDREEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCk6hfZbVSwa6dq5pW3AiLfVmat
GUdeCeZlNaoFV4efmwKpXAGGXqfbwDJl59hzWZDm2MWq6ZF6QcCugzYauC0Ux8Fd
PYSLRrSgfBzV8m1iu+CmxWG94mBzytzhLR+kklzz6XsDfz6hIDoF1d/tgIsaiALL
Mr4Hf7h3NZw8KIyJmlcHjnTJtjUTxKgarCbwFwg+YWJPS5i5cv6C1X9Dm4KK3By/
tGMQejfhfe2LvSI78uesUwRSTm/15kwJQyYY/9+5wxXHDJ4tUwkKhLedZsYRCwn/
4ncHUzswxFDWHFTLZVul/f5YeQiNeh2frq61GlXrtJezaoL4H0g8ST6x+PrTAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUeSOhDuxgh4lngMSu05yLb/GSXNowHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NTMzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQg2MA0GCSqGSIb3DQEBCwUAA4IBAQCpETx5suduFbIpo3kgG9DaCRgbCypgnlPL
ApHwcw1GozFVkkSEtwHbdEPbkSPGImrW56flMKIBxMb/x1euxBOB1n2KHyjf9ozi
8gIO3/UpxAB6oGTrSTFtw3ilccsOzCWcoSAcemUgct1Syk0X5COu4QtyZKPLcD8B
ilMDEw0MFRKec7uLRGLiWpPXcj5TX2NQ93jV0ZAHBo4oGYCNkgdtlUXzNVhXNHmb
h5YEG+McVQpVF78YgnER32nOwrAws9hbWHY5SIjT00J0dujYRj0qr+24ba46b8bp
3kxgyngau7b3ABUY43Yu1L4NnbtEs0xqweoe9qdP5B+DuK1nlAzx
-----END CERTIFICATE-----