Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214575.roa
File:                     AS214575.roa (raw, json)
Hash identifier:          VHj4w8locXY3v5OcpNbBxGlsDcGo4ud5lm/pI/dOp5k=
Subject key identifier:   FA:F5:D5:21:78:00:98:BC:BE:6B:20:A5:2B:F9:1B:03:B3:75:2D:4B
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       3366BDADD8E8E7A8D3CFF5C2547780F06C6670D2
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214575.roa
Signing time:             Fri 23 Aug 2024 08:01:24 +0000
ROA not before:           Fri 23 Aug 2024 07:56:24 +0000
ROA not after:            Fri 22 Aug 2025 08:01:24 +0000
asID:                     214575
IP address blocks:        2a0f:85c1:804::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 02:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:66:bd:ad:d8:e8:e7:a8:d3:cf:f5:c2:54:77:80:f0:6c:66:70:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:24 2024 GMT
            Not After : Aug 22 08:01:24 2025 GMT
        Subject: CN=FAF5D521780098BCBE6B20A52BF91B03B3752D4B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:5c:e3:09:98:4c:47:a9:d0:e5:3f:1f:cd:fa:
                    10:02:33:13:bc:9d:20:bb:2b:31:72:91:5b:da:18:
                    ff:81:e2:7d:51:f0:ce:9f:c7:8d:4a:59:67:07:d8:
                    32:84:64:de:e5:89:fb:04:4e:6c:5f:ab:04:f3:eb:
                    bf:95:4e:a3:00:06:a7:3d:5a:d3:2e:6f:d0:77:b7:
                    78:db:61:78:29:ee:3b:5f:96:86:51:c6:84:8b:f2:
                    ce:ae:d4:96:38:2d:a1:43:01:07:b7:5f:bf:20:e4:
                    c4:aa:a7:dd:b4:41:55:68:f0:47:a1:16:64:fe:f9:
                    28:a9:a8:3e:50:3a:e7:71:5b:d1:17:be:95:3c:a3:
                    62:21:bf:fe:b9:fe:0f:3a:2e:31:2b:39:54:95:9d:
                    fd:a6:61:55:22:2d:ed:76:e4:9c:20:73:82:3b:49:
                    16:5f:7a:e9:05:e4:40:ae:19:5a:93:56:86:6f:c3:
                    71:34:1a:ff:58:e1:d6:bb:7e:f5:53:2e:4d:b5:9f:
                    ac:eb:cf:8a:9b:de:fc:e7:d9:95:56:19:0e:98:31:
                    81:ca:fe:6f:dc:12:16:d1:a6:50:6b:54:a2:d5:f3:
                    97:0a:ee:d2:c2:89:9d:29:50:7e:2b:db:5d:7a:7c:
                    5e:35:61:b3:c0:4a:9d:13:44:fb:4c:e8:e2:be:a6:
                    28:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:F5:D5:21:78:00:98:BC:BE:6B:20:A5:2B:F9:1B:03:B3:75:2D:4B
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214575.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:804::/48

    Signature Algorithm: sha256WithRSAEncryption
         b4:6d:6a:d1:78:60:8f:29:80:cd:d3:4f:ee:24:df:2f:b8:89:
         53:33:45:78:7b:13:99:a2:07:5c:07:bf:01:97:f8:92:49:f2:
         9c:6d:e2:8f:33:82:fe:37:a7:e4:88:6e:3a:e8:79:85:40:d0:
         c6:46:7a:19:3d:e9:ff:49:5c:49:28:6d:fe:86:6c:6b:ba:b0:
         32:4d:12:b2:a4:92:d6:12:6f:91:3c:49:21:12:d4:f2:9a:f5:
         a0:b4:5d:cc:43:36:b8:b6:47:c6:01:07:bb:ce:f1:0f:55:0f:
         03:1d:d9:59:d1:6e:52:6f:a2:84:ef:cc:10:59:72:1d:42:01:
         c9:b6:e1:18:be:59:92:f5:1c:02:34:fd:1c:b7:0d:35:97:3b:
         e8:c9:4a:e4:ca:ca:3c:f9:18:b5:34:64:01:bf:b3:aa:04:7f:
         e4:77:4f:ea:fb:3d:74:f4:9e:da:84:83:f8:fa:20:92:09:fb:
         77:7e:a8:cc:e5:05:76:68:60:7f:63:da:b7:1e:a3:40:3d:0f:
         45:bf:e3:c0:56:0d:d6:5c:8e:55:19:81:ad:6a:d1:1a:ad:74:
         fd:d9:50:b6:d1:81:29:83:d2:b2:98:fd:3d:76:05:08:41:ff:
         0a:48:00:19:24:fc:88:eb:bc:be:e2:f4:81:d8:3f:5d:64:51:
         18:bb:ea:22
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUM2a9rdjo56jTz/XCVHeA8GxmcNIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MjRaFw0yNTA4MjIwODAxMjRaMDMxMTAvBgNV
BAMTKEZBRjVENTIxNzgwMDk4QkNCRTZCMjBBNTJCRjkxQjAzQjM3NTJENEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXXOMJmExHqdDlPx/N+hACMxO8
nSC7KzFykVvaGP+B4n1R8M6fx41KWWcH2DKEZN7lifsETmxfqwTz67+VTqMABqc9
WtMub9B3t3jbYXgp7jtfloZRxoSL8s6u1JY4LaFDAQe3X78g5MSqp920QVVo8Eeh
FmT++SipqD5QOudxW9EXvpU8o2Ihv/65/g86LjErOVSVnf2mYVUiLe125Jwgc4I7
SRZfeukF5ECuGVqTVoZvw3E0Gv9Y4da7fvVTLk21n6zrz4qb3vzn2ZVWGQ6YMYHK
/m/cEhbRplBrVKLV85cK7tLCiZ0pUH4r2116fF41YbPASp0TRPtM6OK+pigLAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU+vXVIXgAmLy+ayClK/kbA7N1LUswHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NTc1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQgEMA0GCSqGSIb3DQEBCwUAA4IBAQC0bWrReGCPKYDN00/uJN8vuIlTM0V4exOZ
ogdcB78Bl/iSSfKcbeKPM4L+N6fkiG466HmFQNDGRnoZPen/SVxJKG3+hmxrurAy
TRKypJLWEm+RPEkhEtTymvWgtF3MQza4tkfGAQe7zvEPVQ8DHdlZ0W5Sb6KE78wQ
WXIdQgHJtuEYvlmS9RwCNP0ctw01lzvoyUrkyso8+Ri1NGQBv7OqBH/kd0/q+z10
9J7ahIP4+iCSCft3fqjM5QV2aGB/Y9q3HqNAPQ9Fv+PAVg3WXI5VGYGtatEarXT9
2VC20YEpg9KymP09dgUIQf8KSAAZJPyI67y+4vSB2D9dZFEYu+oi
-----END CERTIFICATE-----