Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214768.roa
File:                     AS214768.roa (raw, json)
Hash identifier:          sp28GLd47Zyi9cbLbpjg8bW4ckI6LmVHPXsNu+8RJYA=
Subject key identifier:   27:AE:B2:EC:12:03:01:75:A8:42:AE:3A:ED:63:AC:D6:53:88:32:5F
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       41E6A35677B308C938F39A0B09B796920E145ACE
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214768.roa
Signing time:             Fri 23 Aug 2024 08:01:14 +0000
ROA not before:           Fri 23 Aug 2024 07:56:14 +0000
ROA not after:            Fri 22 Aug 2025 08:01:14 +0000
asID:                     214768
IP address blocks:        2a0f:85c1:3f1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:e6:a3:56:77:b3:08:c9:38:f3:9a:0b:09:b7:96:92:0e:14:5a:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:14 2024 GMT
            Not After : Aug 22 08:01:14 2025 GMT
        Subject: CN=27AEB2EC12030175A842AE3AED63ACD65388325F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:c0:3c:5d:51:d2:ad:45:28:69:2c:52:c8:a3:
                    a7:c9:2a:18:0e:ee:f5:7e:06:27:1d:be:ab:c3:af:
                    fe:c9:02:d8:15:50:bc:77:9e:73:ee:4f:62:ba:87:
                    a9:6c:9c:b3:15:31:20:15:85:f6:34:f8:ba:00:4d:
                    05:18:05:a8:74:df:84:13:16:05:31:09:b0:68:84:
                    3e:34:39:ab:ab:f6:db:ee:49:c4:cd:bd:5d:01:bf:
                    10:d0:aa:77:3c:09:0b:b8:35:42:f7:8c:01:32:f3:
                    18:f1:03:2e:a3:63:c7:e1:35:72:70:c9:d3:73:c6:
                    27:c3:27:25:ea:e0:99:54:92:6e:5a:5e:16:3b:b9:
                    74:19:d3:71:90:1e:00:54:7a:da:42:bf:81:48:00:
                    28:a0:19:f7:82:8d:94:68:6b:e7:6c:2b:a6:cb:2d:
                    9c:ec:ff:f8:d7:92:dd:e6:90:b1:0a:b3:17:f2:67:
                    7d:c6:2b:d1:10:ca:b5:66:45:29:fc:e6:92:c1:2c:
                    a0:3f:2e:bb:ed:bc:49:c9:e4:a7:40:db:37:e5:1d:
                    ce:fa:fe:cb:18:51:65:3a:e9:5b:49:87:3a:d7:a9:
                    e5:17:21:fa:1a:8c:08:8a:2b:ed:5e:4a:fa:ee:61:
                    c1:db:10:32:50:7c:d6:3f:c7:37:bf:05:50:a3:2b:
                    d6:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:AE:B2:EC:12:03:01:75:A8:42:AE:3A:ED:63:AC:D6:53:88:32:5F
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214768.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3f1::/48

    Signature Algorithm: sha256WithRSAEncryption
         17:4a:ba:ae:70:84:cb:88:ba:af:65:b3:32:71:a0:b6:6b:33:
         77:3f:a1:12:d3:91:e1:b7:7c:57:65:38:c4:d3:91:82:46:af:
         c2:94:08:2f:79:b9:24:52:88:8d:1e:c7:72:fa:f7:e9:0f:74:
         7a:b8:c2:12:e6:60:10:32:ed:c3:49:a9:b4:ba:45:e9:87:d2:
         70:a6:18:2e:43:63:44:34:ac:18:93:ee:fa:c3:19:71:f7:7c:
         c9:f4:be:d3:25:58:51:cc:6d:c4:cc:8a:30:85:b7:a9:da:1e:
         9c:5e:26:23:6e:c2:08:27:1c:82:66:d8:b1:58:31:e7:74:bc:
         58:9f:71:cc:67:68:36:72:9f:25:ad:26:ce:64:f5:78:69:2c:
         fc:59:e1:20:5b:2b:81:fa:b9:41:88:4a:bc:9d:57:8a:82:33:
         f8:06:0c:4b:32:d0:0d:3b:de:87:55:3f:35:67:2a:60:63:de:
         65:83:72:eb:da:57:fc:92:64:5b:e9:53:45:06:4f:4d:59:7c:
         87:a7:93:b1:80:0f:b7:78:d4:56:59:ec:75:51:20:6a:09:09:
         6d:de:72:d0:fd:dd:0c:30:93:1b:99:b5:e7:3f:28:36:2b:c6:
         53:e6:32:03:fc:aa:6f:5a:a0:05:cb:e9:aa:88:19:67:3b:54:
         a3:3e:a4:41
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUQeajVnezCMk485oLCbeWkg4UWs4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MTRaFw0yNTA4MjIwODAxMTRaMDMxMTAvBgNV
BAMTKDI3QUVCMkVDMTIwMzAxNzVBODQyQUUzQUVENjNBQ0Q2NTM4ODMyNUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8wDxdUdKtRShpLFLIo6fJKhgO
7vV+BicdvqvDr/7JAtgVULx3nnPuT2K6h6lsnLMVMSAVhfY0+LoATQUYBah034QT
FgUxCbBohD40Oaur9tvuScTNvV0BvxDQqnc8CQu4NUL3jAEy8xjxAy6jY8fhNXJw
ydNzxifDJyXq4JlUkm5aXhY7uXQZ03GQHgBUetpCv4FIACigGfeCjZRoa+dsK6bL
LZzs//jXkt3mkLEKsxfyZ33GK9EQyrVmRSn85pLBLKA/LrvtvEnJ5KdA2zflHc76
/ssYUWU66VtJhzrXqeUXIfoajAiKK+1eSvruYcHbEDJQfNY/xze/BVCjK9Y1AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUJ66y7BIDAXWoQq467WOs1lOIMl8wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NzY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQPxMA0GCSqGSIb3DQEBCwUAA4IBAQAXSrqucITLiLqvZbMycaC2azN3P6ES05Hh
t3xXZTjE05GCRq/ClAgvebkkUoiNHsdy+vfpD3R6uMIS5mAQMu3DSam0ukXph9Jw
phguQ2NENKwYk+76wxlx93zJ9L7TJVhRzG3EzIowhbep2h6cXiYjbsIIJxyCZtix
WDHndLxYn3HMZ2g2cp8lrSbOZPV4aSz8WeEgWyuB+rlBiEq8nVeKgjP4BgxLMtAN
O96HVT81ZypgY95lg3Lr2lf8kmRb6VNFBk9NWXyHp5OxgA+3eNRWWex1USBqCQlt
3nLQ/d0MMJMbmbXnPyg2K8ZT5jID/KpvWqAFy+mqiBlnO1SjPqRB
-----END CERTIFICATE-----