Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214763.roa
File:                     AS214763.roa (raw, json)
Hash identifier:          +0Pm/68+xsX3vwfd9XtB4JgAzLmV0MrYjxyOoAq9g/8=
Subject key identifier:   C6:18:4B:64:3C:BE:AB:98:D6:96:A4:49:87:93:D7:3D:18:B8:DE:16
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       63519CDCCE129C2CC186CE058882615C56BF3072
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214763.roa
Signing time:             Fri 23 Aug 2024 08:01:16 +0000
ROA not before:           Fri 23 Aug 2024 07:56:16 +0000
ROA not after:            Fri 22 Aug 2025 08:01:16 +0000
asID:                     214763
IP address blocks:        2a0f:85c1:811::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:51:9c:dc:ce:12:9c:2c:c1:86:ce:05:88:82:61:5c:56:bf:30:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:16 2024 GMT
            Not After : Aug 22 08:01:16 2025 GMT
        Subject: CN=C6184B643CBEAB98D696A4498793D73D18B8DE16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:cc:0a:ab:7d:4d:80:be:e4:88:3f:d3:bd:d5:
                    b4:90:d7:9c:08:7e:78:00:15:12:fc:c3:1f:80:05:
                    60:46:91:66:b0:70:b0:be:be:df:ac:02:2e:cd:27:
                    23:e8:48:7a:8f:bb:9a:bf:5d:6a:9d:63:d4:8b:57:
                    83:cf:31:3a:bd:77:aa:94:99:2e:57:c5:1f:c2:ae:
                    f8:92:db:9b:1b:74:66:c5:b6:d7:55:0f:68:e7:18:
                    00:65:e1:5b:5d:49:6f:d3:85:4d:63:e3:f8:37:b5:
                    ab:44:42:fb:f9:eb:ab:fc:c1:6c:b7:47:0c:41:e8:
                    c2:84:7a:9f:d7:c4:ec:6b:51:66:44:2f:25:b7:cf:
                    76:e9:42:19:8e:59:20:8b:e9:3d:aa:d9:e6:ba:cc:
                    ca:50:8e:2a:60:eb:81:5f:b4:6a:9e:bc:5c:c3:c8:
                    ba:a3:ab:57:12:a1:35:e3:5a:a4:d2:3d:1e:29:40:
                    30:e7:89:2d:b3:a2:a9:30:30:e7:16:cf:b2:58:e3:
                    ed:b4:49:bd:7f:3e:e2:3e:2a:3c:86:47:bd:07:45:
                    a0:87:ec:ad:f3:60:e4:ef:58:a9:37:37:c5:75:5d:
                    ac:48:c3:d7:ae:84:4e:7e:ad:f6:99:3c:a2:0d:12:
                    ee:f6:06:fb:f3:17:6d:33:6f:4f:ff:19:f8:f7:4f:
                    8e:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:18:4B:64:3C:BE:AB:98:D6:96:A4:49:87:93:D7:3D:18:B8:DE:16
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214763.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:811::/48

    Signature Algorithm: sha256WithRSAEncryption
         df:2a:71:eb:5b:9c:ae:85:85:70:d6:5e:8f:28:e3:4d:e4:07:
         68:e2:62:2e:7e:a0:a4:44:35:6c:a0:62:ca:eb:0f:03:08:ef:
         51:36:dc:eb:07:36:bd:90:15:4c:f0:ac:82:36:96:21:6a:22:
         c8:94:e4:8c:eb:57:db:64:0b:30:d2:d4:f4:3b:ad:02:95:67:
         2c:c0:dd:88:5d:3d:37:4f:c8:68:3d:55:e4:72:54:9c:0a:80:
         4c:42:ee:b5:2c:fb:a7:ac:98:47:c4:f1:80:37:f4:a1:b8:a4:
         8a:0e:e1:95:82:e5:66:9b:b6:18:9b:23:e0:a0:a0:06:fc:19:
         4e:69:8f:ca:52:4e:f2:e2:c9:16:3f:9a:92:f2:40:ca:6e:35:
         e9:24:f6:7a:78:10:ba:cc:c1:5c:f9:07:4d:c5:48:0c:ee:6f:
         eb:ff:c5:b6:81:45:52:52:d4:14:d3:4e:09:9b:2e:4a:90:71:
         3a:12:19:5d:fc:22:85:b7:40:bb:59:a3:d4:a3:b7:e8:79:98:
         e7:41:70:e7:f6:9d:75:0a:d5:9a:a6:3a:fe:b2:dd:a0:d3:6e:
         f1:28:77:45:d0:17:eb:bd:72:27:e3:f8:74:cd:6d:ad:a9:e7:
         a1:93:3f:57:cd:56:90:dc:87:a7:65:0f:69:f7:9c:14:f8:88:
         7a:6b:52:c9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUY1Gc3M4SnCzBhs4FiIJhXFa/MHIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MTZaFw0yNTA4MjIwODAxMTZaMDMxMTAvBgNV
BAMTKEM2MTg0QjY0M0NCRUFCOThENjk2QTQ0OTg3OTNENzNEMThCOERFMTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzzAqrfU2AvuSIP9O91bSQ15wI
fngAFRL8wx+ABWBGkWawcLC+vt+sAi7NJyPoSHqPu5q/XWqdY9SLV4PPMTq9d6qU
mS5XxR/CrviS25sbdGbFttdVD2jnGABl4VtdSW/ThU1j4/g3tatEQvv566v8wWy3
RwxB6MKEep/XxOxrUWZELyW3z3bpQhmOWSCL6T2q2ea6zMpQjipg64FftGqevFzD
yLqjq1cSoTXjWqTSPR4pQDDniS2zoqkwMOcWz7JY4+20Sb1/PuI+KjyGR70HRaCH
7K3zYOTvWKk3N8V1XaxIw9euhE5+rfaZPKINEu72BvvzF20zb0//Gfj3T46XAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUxhhLZDy+q5jWlqRJh5PXPRi43hYwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NzYzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQgRMA0GCSqGSIb3DQEBCwUAA4IBAQDfKnHrW5yuhYVw1l6PKONN5Ado4mIufqCk
RDVsoGLK6w8DCO9RNtzrBza9kBVM8KyCNpYhaiLIlOSM61fbZAsw0tT0O60ClWcs
wN2IXT03T8hoPVXkclScCoBMQu61LPunrJhHxPGAN/ShuKSKDuGVguVmm7YYmyPg
oKAG/BlOaY/KUk7y4skWP5qS8kDKbjXpJPZ6eBC6zMFc+QdNxUgM7m/r/8W2gUVS
UtQU004Jmy5KkHE6Ehld/CKFt0C7WaPUo7foeZjnQXDn9p11CtWapjr+st2g027x
KHdF0BfrvXIn4/h0zW2tqeehkz9XzVaQ3IenZQ9p95wU+Ih6a1LJ
-----END CERTIFICATE-----