Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214561.roa
File:                     AS214561.roa (raw, json)
Hash identifier:          OnWX8evrRUbiJt1TaASn7NRrk0RDeQ211QYGV010sMQ=
Subject key identifier:   7A:FF:4B:5B:AB:FF:ED:98:36:AB:67:33:97:0F:75:60:DB:27:13:11
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       3A3BD9FD055A0176F58AD98CD0CE94B59623D0D7
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214561.roa
Signing time:             Fri 23 Aug 2024 08:01:24 +0000
ROA not before:           Fri 23 Aug 2024 07:56:24 +0000
ROA not after:            Fri 22 Aug 2025 08:01:24 +0000
asID:                     214561
IP address blocks:        2a0f:85c1:830::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:3b:d9:fd:05:5a:01:76:f5:8a:d9:8c:d0:ce:94:b5:96:23:d0:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:24 2024 GMT
            Not After : Aug 22 08:01:24 2025 GMT
        Subject: CN=7AFF4B5BABFFED9836AB6733970F7560DB271311
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:fa:81:bb:b9:d0:5a:06:52:f3:dd:8f:ce:29:
                    78:30:07:e9:b8:e7:14:06:86:45:9e:7b:5b:d5:1b:
                    86:e2:6b:a3:2e:a6:21:b4:e3:35:7b:d2:aa:5a:86:
                    f5:c3:30:f4:f7:00:26:ae:80:e7:5f:96:e2:60:53:
                    22:69:36:7b:14:35:df:7b:91:e4:1d:76:e2:18:5f:
                    50:a5:1d:8e:fe:64:12:88:5e:e8:ba:41:dc:a2:6a:
                    38:61:72:2c:b5:00:af:6d:7f:65:31:12:21:c5:ca:
                    b0:bf:f6:0f:71:4e:3d:c8:9d:cc:fc:06:65:a1:cf:
                    f1:b6:eb:78:dc:18:62:bd:9f:1e:43:0d:d4:21:3a:
                    7b:db:80:7d:73:3f:47:62:b4:48:40:3f:c0:cd:72:
                    4a:18:18:ba:6b:33:43:fb:05:3f:94:10:29:2c:e8:
                    41:17:08:f3:33:b2:4b:23:1c:69:f5:e6:1f:73:ec:
                    e4:56:b8:1d:8f:11:c2:c9:57:9e:2f:22:88:13:48:
                    d7:5d:8e:a3:4b:37:7a:b2:55:60:28:50:df:fc:9b:
                    5f:38:39:a1:05:43:e5:02:8d:e8:61:c9:1c:bd:d1:
                    a7:32:02:0c:63:91:45:97:b8:5d:4c:95:ea:68:1d:
                    7b:c2:cd:f7:f9:b8:2b:24:6e:48:09:5d:08:11:43:
                    3c:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:FF:4B:5B:AB:FF:ED:98:36:AB:67:33:97:0F:75:60:DB:27:13:11
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214561.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:830::/48

    Signature Algorithm: sha256WithRSAEncryption
         ba:77:dd:40:2d:09:27:a9:dd:bc:17:d5:e0:bc:04:c8:cc:6c:
         57:01:db:70:17:cb:6c:5c:6c:ba:a0:1c:ac:39:24:e2:8e:bc:
         e9:74:94:e1:87:68:8c:fc:fb:a0:01:d4:34:fa:22:70:ef:7a:
         1b:b3:db:de:17:5b:c9:0b:e5:22:52:a5:79:e1:f9:7e:73:f9:
         dd:0d:63:c2:0b:0a:79:e2:d4:d9:b1:48:3d:15:c1:a8:85:ce:
         24:f5:f7:7d:8f:79:f0:87:0b:22:45:73:7a:ac:ca:46:1d:25:
         2b:a2:24:df:c8:7e:0c:29:11:46:f2:73:d8:15:bc:6b:3d:49:
         65:df:e7:7a:17:bc:5b:a8:2d:0f:31:62:35:7b:05:47:c6:d6:
         9b:93:70:7d:b9:fc:97:98:16:9a:48:c8:3c:2f:24:3e:75:6a:
         03:39:28:48:40:c9:79:f0:42:2f:76:bc:49:17:b6:1f:47:ef:
         f8:33:72:a9:dc:14:73:0f:ff:3b:56:90:aa:2b:00:3a:28:0c:
         92:9d:aa:f9:68:b3:b8:a5:eb:11:a1:0e:f6:a1:3d:d0:6b:af:
         e0:dc:2f:65:73:a6:d8:f5:0c:07:6e:ff:62:76:2a:16:25:68:
         6f:c1:57:da:b1:b6:ce:41:1a:b1:33:fd:1a:20:f9:ae:1b:08:
         42:e5:d1:81
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUOjvZ/QVaAXb1itmM0M6UtZYj0NcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MjRaFw0yNTA4MjIwODAxMjRaMDMxMTAvBgNV
BAMTKDdBRkY0QjVCQUJGRkVEOTgzNkFCNjczMzk3MEY3NTYwREIyNzEzMTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc+oG7udBaBlLz3Y/OKXgwB+m4
5xQGhkWee1vVG4bia6MupiG04zV70qpahvXDMPT3ACaugOdfluJgUyJpNnsUNd97
keQdduIYX1ClHY7+ZBKIXui6Qdyiajhhciy1AK9tf2UxEiHFyrC/9g9xTj3Incz8
BmWhz/G263jcGGK9nx5DDdQhOnvbgH1zP0ditEhAP8DNckoYGLprM0P7BT+UECks
6EEXCPMzsksjHGn15h9z7ORWuB2PEcLJV54vIogTSNddjqNLN3qyVWAoUN/8m184
OaEFQ+UCjehhyRy90acyAgxjkUWXuF1MlepoHXvCzff5uCskbkgJXQgRQzxTAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUev9LW6v/7Zg2q2czlw91YNsnExEwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NTYxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQgwMA0GCSqGSIb3DQEBCwUAA4IBAQC6d91ALQknqd28F9XgvATIzGxXAdtwF8ts
XGy6oBysOSTijrzpdJThh2iM/PugAdQ0+iJw73obs9veF1vJC+UiUqV54fl+c/nd
DWPCCwp54tTZsUg9FcGohc4k9fd9j3nwhwsiRXN6rMpGHSUroiTfyH4MKRFG8nPY
FbxrPUll3+d6F7xbqC0PMWI1ewVHxtabk3B9ufyXmBaaSMg8LyQ+dWoDOShIQMl5
8EIvdrxJF7YfR+/4M3Kp3BRzD/87VpCqKwA6KAySnar5aLO4pesRoQ72oT3Qa6/g
3C9lc6bY9QwHbv9idioWJWhvwVfasbbOQRqxM/0aIPmuGwhC5dGB
-----END CERTIFICATE-----