Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214752.roa
File:                     AS214752.roa (raw, json)
Hash identifier:          g2jMVxx4zOdNG6ZmRVR8ULkAkCBDd8GfpQ3VpmLF5Ag=
Subject key identifier:   34:79:A0:8D:8E:83:A8:7E:E9:1D:76:A1:B5:1D:0B:DA:F0:C5:97:FF
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       6AA8EDE92572AAE919F52DEEE12B98437C467D39
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214752.roa
Signing time:             Fri 23 Aug 2024 08:01:18 +0000
ROA not before:           Fri 23 Aug 2024 07:56:18 +0000
ROA not after:            Fri 22 Aug 2025 08:01:18 +0000
asID:                     214752
IP address blocks:        2a0f:85c1:812::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:a8:ed:e9:25:72:aa:e9:19:f5:2d:ee:e1:2b:98:43:7c:46:7d:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:18 2024 GMT
            Not After : Aug 22 08:01:18 2025 GMT
        Subject: CN=3479A08D8E83A87EE91D76A1B51D0BDAF0C597FF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:e1:6d:69:3c:4b:fd:4a:01:81:39:54:0d:3c:
                    1e:f3:eb:de:c8:0f:bd:63:5f:ed:a7:7e:a7:e4:91:
                    36:09:2c:66:8e:ff:2a:41:f5:b8:ba:7b:60:c5:74:
                    fe:70:17:7f:2f:81:6c:59:66:2f:04:bb:e5:d2:5f:
                    41:ef:1f:0c:6a:48:e9:96:dc:e3:5e:20:76:8b:c9:
                    a5:8a:c4:9b:ab:10:53:36:0a:89:0a:06:59:9a:37:
                    9a:c1:9d:51:ad:17:e4:a5:57:4b:c9:0c:9e:e0:49:
                    53:d9:b6:a3:46:ec:4c:1e:50:1a:ce:af:d2:4a:27:
                    ca:d4:bd:34:95:cb:b6:34:a5:e9:e0:3e:ba:a3:0c:
                    e6:8d:73:bf:03:df:47:d2:fa:63:ae:5e:98:fd:fd:
                    da:ca:62:38:44:a7:c6:98:30:2e:d8:6a:41:a5:6b:
                    96:3b:1a:95:00:ba:28:d1:0a:28:0f:a3:e9:95:3f:
                    13:b4:92:df:78:2d:6a:bd:a3:6c:32:1a:98:fc:10:
                    15:7c:62:0a:b6:e0:89:3b:ca:9b:25:59:6a:2f:24:
                    6b:00:01:d6:f1:51:ae:ca:85:e3:27:ed:53:08:2e:
                    bd:2d:81:5c:bb:f8:b1:5b:3d:4e:b4:3e:24:db:b9:
                    a7:ae:96:3e:02:8d:87:5b:e0:97:00:7f:9f:da:f1:
                    86:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:79:A0:8D:8E:83:A8:7E:E9:1D:76:A1:B5:1D:0B:DA:F0:C5:97:FF
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214752.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:812::/48

    Signature Algorithm: sha256WithRSAEncryption
         0b:15:88:48:db:61:8a:88:d5:1b:5f:a2:29:64:08:7a:eb:2c:
         c6:2b:dc:2f:e9:8a:70:74:2c:af:8b:c7:2a:40:1a:8f:6e:5f:
         19:d0:f9:50:fa:32:fe:0b:65:6f:70:b5:75:5d:ee:82:8f:3b:
         99:9c:2f:3e:89:17:51:fb:5d:18:04:ae:05:a3:7a:c4:fd:d9:
         93:66:7e:09:3f:48:db:3e:0b:8a:91:d7:7d:70:b8:2d:d6:f3:
         d3:69:e3:2b:8e:08:78:65:e9:fc:2f:af:23:17:d4:ae:4d:1a:
         aa:ce:f2:3a:39:0d:ba:c0:22:a2:c1:e1:61:ba:45:3c:84:f9:
         db:78:28:97:25:58:77:cb:24:fc:e2:52:f1:36:bd:75:c1:fd:
         d7:0c:ca:22:35:65:11:4c:5d:13:d0:fe:14:fe:79:06:0c:23:
         f0:0c:39:e7:2b:29:88:af:35:3d:53:a5:14:c3:02:6b:d1:ed:
         70:6b:4c:55:c3:9f:01:8a:22:36:ea:3f:2a:88:71:9e:0a:de:
         70:fb:89:fe:a1:a1:65:e4:18:ea:19:87:e0:f0:7b:73:14:49:
         ea:34:b2:d4:c6:38:61:84:e0:4c:22:a3:bf:4a:00:6e:75:e6:
         94:c9:66:b8:5a:72:20:24:15:84:c3:69:50:3b:47:13:9c:33:
         a1:f8:fa:1e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUaqjt6SVyqukZ9S3u4SuYQ3xGfTkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MThaFw0yNTA4MjIwODAxMThaMDMxMTAvBgNV
BAMTKDM0NzlBMDhEOEU4M0E4N0VFOTFENzZBMUI1MUQwQkRBRjBDNTk3RkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC14W1pPEv9SgGBOVQNPB7z697I
D71jX+2nfqfkkTYJLGaO/ypB9bi6e2DFdP5wF38vgWxZZi8Eu+XSX0HvHwxqSOmW
3ONeIHaLyaWKxJurEFM2CokKBlmaN5rBnVGtF+SlV0vJDJ7gSVPZtqNG7EweUBrO
r9JKJ8rUvTSVy7Y0pengPrqjDOaNc78D30fS+mOuXpj9/drKYjhEp8aYMC7YakGl
a5Y7GpUAuijRCigPo+mVPxO0kt94LWq9o2wyGpj8EBV8Ygq24Ik7ypslWWovJGsA
AdbxUa7KheMn7VMILr0tgVy7+LFbPU60PiTbuaeulj4CjYdb4JcAf5/a8YaJAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUNHmgjY6DqH7pHXahtR0L2vDFl/8wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NzUyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQgSMA0GCSqGSIb3DQEBCwUAA4IBAQALFYhI22GKiNUbX6IpZAh66yzGK9wv6Ypw
dCyvi8cqQBqPbl8Z0PlQ+jL+C2VvcLV1Xe6CjzuZnC8+iRdR+10YBK4Fo3rE/dmT
Zn4JP0jbPguKkdd9cLgt1vPTaeMrjgh4Zen8L68jF9SuTRqqzvI6OQ26wCKiweFh
ukU8hPnbeCiXJVh3yyT84lLxNr11wf3XDMoiNWURTF0T0P4U/nkGDCPwDDnnKymI
rzU9U6UUwwJr0e1wa0xVw58BiiI26j8qiHGeCt5w+4n+oaFl5BjqGYfg8HtzFEnq
NLLUxjhhhOBMIqO/SgBudeaUyWa4WnIgJBWEw2lQO0cTnDOh+Poe
-----END CERTIFICATE-----