Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214641.roa
File:                     AS214641.roa (raw, json)
Hash identifier:          /JBqlpmOopZb5HnQBPY5/yj6Ss6nXa4eYZbnF/ae0oE=
Subject key identifier:   70:AD:9E:19:69:F9:8E:BF:00:E4:A2:53:05:8F:EB:8D:16:6B:3F:12
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       07E5FE85EAC1C9B3EB5EFECDD10B5404AE106191
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214641.roa
Signing time:             Fri 23 Aug 2024 08:01:27 +0000
ROA not before:           Fri 23 Aug 2024 07:56:27 +0000
ROA not after:            Fri 22 Aug 2025 08:01:27 +0000
asID:                     214641
IP address blocks:        2a0f:85c1:827::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:e5:fe:85:ea:c1:c9:b3:eb:5e:fe:cd:d1:0b:54:04:ae:10:61:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:27 2024 GMT
            Not After : Aug 22 08:01:27 2025 GMT
        Subject: CN=70AD9E1969F98EBF00E4A253058FEB8D166B3F12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:c0:ea:74:7e:c3:bc:80:13:0c:05:27:33:b4:
                    3c:db:53:39:e7:d4:1e:1c:23:55:82:eb:ba:97:c3:
                    a6:80:97:0e:a6:15:f8:b0:92:d0:97:c2:f3:4d:1c:
                    10:b6:c6:df:7b:ad:b1:27:26:d8:eb:8d:3a:b8:80:
                    cd:68:d2:68:d7:6a:e1:51:6b:a8:db:0b:c3:c9:8f:
                    07:d9:8c:40:21:ae:d8:2c:52:69:06:d2:99:d5:97:
                    6e:e2:ca:2c:8d:6d:6c:fc:19:8e:96:98:42:3a:44:
                    7e:e6:de:ad:c6:bc:34:11:f8:cf:a7:22:b7:5e:99:
                    e1:5f:19:9d:ba:2b:ac:bf:bb:31:4d:fc:c8:8f:48:
                    fa:74:54:04:f3:2a:ce:fa:39:b5:15:2f:90:30:a0:
                    78:7d:17:78:a2:08:47:24:58:f8:53:fa:42:b4:e1:
                    eb:16:51:7e:18:8a:43:b9:c3:3b:88:c6:f0:93:11:
                    8a:a3:c6:c7:a8:b6:a8:c3:bb:93:4a:11:e8:0e:31:
                    44:74:dc:da:e8:64:33:7e:45:a7:b8:55:8d:0d:d3:
                    35:0b:8c:15:20:fa:c7:23:fa:5b:ec:68:ed:81:cd:
                    0b:6d:03:d2:a0:d9:74:dc:b1:13:a3:fa:59:c2:57:
                    47:b6:fa:fa:30:60:67:d2:59:c5:56:25:99:69:9d:
                    4a:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:AD:9E:19:69:F9:8E:BF:00:E4:A2:53:05:8F:EB:8D:16:6B:3F:12
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214641.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:827::/48

    Signature Algorithm: sha256WithRSAEncryption
         2f:a6:d8:5a:c1:3e:9a:e0:af:1e:3c:72:4b:58:a0:fb:b5:66:
         b5:4b:a5:53:06:38:c1:47:17:9f:32:f3:4a:bf:fd:39:af:cc:
         71:38:47:c6:b3:ec:7a:64:16:09:28:d0:21:d7:f2:5a:71:69:
         a8:f7:26:c5:a3:d9:9a:99:8f:1c:f1:f7:55:c4:3f:77:28:1a:
         98:a2:5f:9f:7f:3a:36:55:d0:e4:4e:ac:37:30:57:21:e1:f2:
         4f:61:1f:48:38:83:2b:d4:8c:31:25:4b:fd:c8:f5:1e:94:0d:
         5e:98:50:57:27:7b:05:d6:1d:cf:47:be:ec:e3:f0:3e:ec:9a:
         77:17:97:b4:fe:60:02:09:cc:f2:66:52:84:cf:51:ed:bd:1e:
         6b:28:cd:dd:53:b4:a3:70:e5:46:e7:52:a0:d9:d1:40:6d:03:
         e0:bb:2b:e3:1b:7d:86:88:f6:13:a2:71:bc:03:bc:2d:dc:17:
         71:10:78:31:85:f5:0a:25:50:a9:81:86:94:ed:56:29:d8:5d:
         1c:60:6b:6c:1e:30:59:38:66:9c:ba:3f:4f:5e:f2:18:e4:46:
         d5:dc:f2:a3:ac:ef:6b:df:77:34:93:1f:05:f5:9e:2a:52:00:
         51:08:c7:eb:c8:90:ae:78:24:9b:66:41:3f:70:f5:d2:8f:6e:
         5a:a1:2e:b2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUB+X+herBybPrXv7N0QtUBK4QYZEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MjdaFw0yNTA4MjIwODAxMjdaMDMxMTAvBgNV
BAMTKDcwQUQ5RTE5NjlGOThFQkYwMEU0QTI1MzA1OEZFQjhEMTY2QjNGMTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgwOp0fsO8gBMMBScztDzbUznn
1B4cI1WC67qXw6aAlw6mFfiwktCXwvNNHBC2xt97rbEnJtjrjTq4gM1o0mjXauFR
a6jbC8PJjwfZjEAhrtgsUmkG0pnVl27iyiyNbWz8GY6WmEI6RH7m3q3GvDQR+M+n
IrdemeFfGZ26K6y/uzFN/MiPSPp0VATzKs76ObUVL5AwoHh9F3iiCEckWPhT+kK0
4esWUX4YikO5wzuIxvCTEYqjxseotqjDu5NKEegOMUR03NroZDN+Rae4VY0N0zUL
jBUg+scj+lvsaO2BzQttA9Kg2XTcsROj+lnCV0e2+vowYGfSWcVWJZlpnUplAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUcK2eGWn5jr8A5KJTBY/rjRZrPxIwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NjQxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQgnMA0GCSqGSIb3DQEBCwUAA4IBAQAvpthawT6a4K8ePHJLWKD7tWa1S6VTBjjB
RxefMvNKv/05r8xxOEfGs+x6ZBYJKNAh1/JacWmo9ybFo9mamY8c8fdVxD93KBqY
ol+ffzo2VdDkTqw3MFch4fJPYR9IOIMr1IwxJUv9yPUelA1emFBXJ3sF1h3PR77s
4/A+7Jp3F5e0/mACCczyZlKEz1HtvR5rKM3dU7SjcOVG51Kg2dFAbQPguyvjG32G
iPYTonG8A7wt3BdxEHgxhfUKJVCpgYaU7VYp2F0cYGtsHjBZOGacuj9PXvIY5EbV
3PKjrO9r33c0kx8F9Z4qUgBRCMfryJCueCSbZkE/cPXSj25aoS6y
-----END CERTIFICATE-----
Generated at Sat Nov 23 17:14:15 2024 by rpki-client on console-ams.rpki-client.org