Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214565.roa
File:                     AS214565.roa (raw, json)
Hash identifier:          az4XdPv858+I71DSnqmPLDuLknTHanSSk/Pl/dXxCX0=
Subject key identifier:   59:73:92:8D:02:22:C7:41:AA:C3:92:21:94:B8:A9:B2:E7:F4:43:0C
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       7612E79D7DA62E64889D6ACD5DBB31E58FE32A3B
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214565.roa
Signing time:             Fri 23 Aug 2024 08:01:24 +0000
ROA not before:           Fri 23 Aug 2024 07:56:24 +0000
ROA not after:            Fri 22 Aug 2025 08:01:24 +0000
asID:                     214565
IP address blocks:        2a0f:85c1:832::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:12:e7:9d:7d:a6:2e:64:88:9d:6a:cd:5d:bb:31:e5:8f:e3:2a:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:24 2024 GMT
            Not After : Aug 22 08:01:24 2025 GMT
        Subject: CN=5973928D0222C741AAC3922194B8A9B2E7F4430C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:e9:fa:f1:d9:7c:a9:43:cb:ca:24:94:d6:8f:
                    92:61:d9:d6:87:27:19:c5:a8:50:cf:d9:63:3e:35:
                    88:f2:63:e9:97:95:dd:06:50:99:27:a0:50:7a:c3:
                    18:3d:9c:5e:3a:ae:87:ae:e3:9b:ed:63:b5:5e:47:
                    d7:23:cc:2e:fe:07:9f:22:4a:fb:73:e5:80:c2:aa:
                    3d:2c:3f:30:8a:13:2d:b5:67:7b:06:18:ea:27:9e:
                    da:88:85:01:de:23:51:b4:43:f5:5c:b6:da:39:93:
                    7a:d9:10:f9:e5:45:76:42:d8:0e:35:1b:e9:2e:c5:
                    2c:aa:ad:e8:cc:48:46:75:6d:bb:88:ae:63:19:47:
                    11:81:b3:68:1d:81:77:d3:f5:ff:c9:2e:81:f5:81:
                    b7:fc:0f:15:93:cd:e5:af:9e:bc:79:6d:dd:ac:1e:
                    8f:8c:f1:a3:42:0b:e8:59:ea:b9:84:5b:1e:a2:b5:
                    a7:da:43:f0:b7:9e:f5:19:65:06:26:69:d4:e4:55:
                    5e:7c:83:1a:cb:85:d5:0f:f7:8b:a2:11:04:55:68:
                    83:4c:bb:f4:0d:57:dd:ad:33:80:7d:79:64:46:18:
                    ae:47:3b:7b:bb:7c:7e:c2:d3:2d:a9:ab:45:48:6e:
                    73:d0:76:3e:f1:bc:18:c5:99:0d:bd:41:89:e7:15:
                    21:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:73:92:8D:02:22:C7:41:AA:C3:92:21:94:B8:A9:B2:E7:F4:43:0C
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214565.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:832::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:64:ae:c4:a7:37:f8:33:bf:f2:2a:15:53:93:76:4a:4e:cb:
         37:44:bf:6a:c2:b9:b0:72:8c:ec:4b:5b:4d:22:dd:86:1e:39:
         12:75:ce:36:42:ca:41:82:16:c6:49:16:3d:ae:fc:87:ad:4c:
         c5:24:32:b1:db:0e:c9:74:12:ae:50:79:6c:16:f5:0e:f9:9d:
         69:7d:01:22:4b:b3:f0:d7:46:3a:61:3b:ae:56:3c:48:c9:81:
         75:d6:84:f4:2d:b8:5b:01:de:41:98:7b:9f:5e:41:91:21:c1:
         87:3e:f4:81:21:70:fd:b0:6b:c1:c4:1d:a1:81:8f:1d:4f:27:
         6c:76:d3:58:fb:0b:16:1d:db:89:88:85:a8:78:ac:ed:3f:f7:
         6e:51:06:28:d1:0b:18:68:b0:f8:ae:54:01:fc:bb:cb:04:b1:
         fa:c0:a6:2d:e5:39:75:ef:a9:91:d9:6b:81:a8:d6:21:2a:6b:
         a2:46:d5:a4:55:85:fb:1b:29:ee:32:dd:2b:78:79:ce:18:99:
         48:dc:2a:5a:29:cf:a7:e3:b2:ce:17:d4:10:e9:7e:6d:01:8f:
         9d:7c:02:65:aa:20:a2:31:fa:5f:fb:b4:7b:27:5e:9a:05:56:
         21:a7:e7:1a:1d:cb:83:40:c1:39:2c:6c:57:91:e8:22:d8:11:
         e3:e0:92:be
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUdhLnnX2mLmSInWrNXbsx5Y/jKjswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MjRaFw0yNTA4MjIwODAxMjRaMDMxMTAvBgNV
BAMTKDU5NzM5MjhEMDIyMkM3NDFBQUMzOTIyMTk0QjhBOUIyRTdGNDQzMEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDU6frx2XypQ8vKJJTWj5Jh2daH
JxnFqFDP2WM+NYjyY+mXld0GUJknoFB6wxg9nF46roeu45vtY7VeR9cjzC7+B58i
Svtz5YDCqj0sPzCKEy21Z3sGGOonntqIhQHeI1G0Q/Vctto5k3rZEPnlRXZC2A41
G+kuxSyqrejMSEZ1bbuIrmMZRxGBs2gdgXfT9f/JLoH1gbf8DxWTzeWvnrx5bd2s
Ho+M8aNCC+hZ6rmEWx6itafaQ/C3nvUZZQYmadTkVV58gxrLhdUP94uiEQRVaINM
u/QNV92tM4B9eWRGGK5HO3u7fH7C0y2pq0VIbnPQdj7xvBjFmQ29QYnnFSGdAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUWXOSjQIix0Gqw5IhlLipsuf0QwwwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NTY1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQgyMA0GCSqGSIb3DQEBCwUAA4IBAQAYZK7Epzf4M7/yKhVTk3ZKTss3RL9qwrmw
cozsS1tNIt2GHjkSdc42QspBghbGSRY9rvyHrUzFJDKx2w7JdBKuUHlsFvUO+Z1p
fQEiS7Pw10Y6YTuuVjxIyYF11oT0LbhbAd5BmHufXkGRIcGHPvSBIXD9sGvBxB2h
gY8dTydsdtNY+wsWHduJiIWoeKztP/duUQYo0QsYaLD4rlQB/LvLBLH6wKYt5Tl1
76mR2WuBqNYhKmuiRtWkVYX7GynuMt0reHnOGJlI3CpaKc+n47LOF9QQ6X5tAY+d
fAJlqiCiMfpf+7R7J16aBVYhp+caHcuDQME5LGxXkegi2BHj4JK+
-----END CERTIFICATE-----