Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214802.roa
File:                     AS214802.roa (raw, json)
Hash identifier:          hrGMshhi0HRVE39llDfC9wEaiOYw39lg9mwENp88y4o=
Subject key identifier:   AC:35:24:87:E4:58:E9:8E:E4:D8:50:37:06:7E:A3:1B:E4:FB:FD:C0
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       30055CACAC429E466EAA02CA7F8798570E6AA16B
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214802.roa
Signing time:             Fri 23 Aug 2024 08:01:26 +0000
ROA not before:           Fri 23 Aug 2024 07:56:26 +0000
ROA not after:            Fri 22 Aug 2025 08:01:26 +0000
asID:                     214802
IP address blocks:        2a0f:85c1:80a::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:05:5c:ac:ac:42:9e:46:6e:aa:02:ca:7f:87:98:57:0e:6a:a1:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:26 2024 GMT
            Not After : Aug 22 08:01:26 2025 GMT
        Subject: CN=AC352487E458E98EE4D85037067EA31BE4FBFDC0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:43:74:a0:9b:50:dc:e1:72:5b:ef:ec:73:0d:
                    63:fb:78:21:6e:d4:05:1b:68:1a:1d:bb:a7:07:01:
                    14:dd:7a:a5:83:eb:0f:ae:54:fd:28:44:9b:c7:c2:
                    46:f6:70:33:7e:29:9a:92:44:a3:55:21:7f:c2:82:
                    77:a1:d6:af:e8:e7:88:64:84:12:a5:01:01:3e:6d:
                    e7:30:34:79:f9:c7:7c:91:e5:26:59:5b:bd:76:d0:
                    b9:dc:54:9c:79:7c:00:32:6d:a5:cc:28:26:ee:4e:
                    55:99:70:04:be:57:0f:09:f3:1a:10:b2:9b:01:a9:
                    58:42:3d:33:ef:2c:6b:9d:2e:29:90:3c:b8:13:f5:
                    90:52:b5:b2:86:3f:94:ef:df:52:dd:b0:80:23:82:
                    9e:30:f2:af:88:ac:8e:8a:59:c7:64:d8:66:26:d4:
                    1b:fa:37:f0:a2:bb:e2:67:74:b9:ea:48:0c:bd:ef:
                    9f:63:25:81:54:ae:67:3e:49:8b:00:78:aa:a8:88:
                    c2:d5:6d:d8:b7:37:a3:e8:34:49:39:2c:50:80:ff:
                    96:1f:07:13:24:1c:2f:88:58:a1:d5:69:26:c5:ea:
                    12:da:62:be:a3:12:24:c3:c5:ae:58:74:99:2b:21:
                    e2:27:c0:6c:8c:54:09:3e:e1:9e:46:be:97:53:93:
                    7c:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:35:24:87:E4:58:E9:8E:E4:D8:50:37:06:7E:A3:1B:E4:FB:FD:C0
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214802.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:80a::/48

    Signature Algorithm: sha256WithRSAEncryption
         66:a5:cf:7d:08:61:9f:dd:b3:24:c7:61:da:2e:d9:15:94:8e:
         80:fa:03:12:9b:24:45:2c:fc:ff:ce:28:51:ae:4c:43:79:8c:
         6c:9d:b4:f1:21:7b:09:99:c0:ec:e8:45:ca:63:48:13:50:d3:
         9a:c9:2f:17:90:da:e1:58:15:80:be:ff:28:88:f8:3f:99:f3:
         cf:f4:86:d0:3d:d6:2d:50:b8:9c:a5:60:38:7c:75:0b:43:11:
         1f:2d:6f:d1:bd:d8:c3:49:d9:8e:d4:6b:e6:97:49:88:1e:29:
         3a:41:c3:b4:bc:9f:5c:ad:c6:59:86:92:2e:e1:81:54:97:ef:
         4e:06:80:ed:30:45:fd:1e:43:dd:2e:ad:b2:93:e6:93:d4:df:
         b2:da:25:14:84:30:89:9a:3f:b6:ef:88:c8:dc:d7:97:8b:81:
         d0:42:6e:39:6a:e8:1a:b4:b7:22:35:d5:62:32:33:30:62:87:
         2b:46:40:de:f8:92:9b:24:c2:08:7b:05:e8:b8:e0:3f:46:6a:
         a4:23:0a:50:09:d4:7d:a7:bd:08:da:cc:49:ac:7b:64:e6:0d:
         4a:3a:86:44:cd:a4:88:c8:ed:1d:cc:f0:9c:4b:3b:00:2f:b5:
         02:73:b9:a0:39:b6:46:8b:52:16:96:dc:89:14:2b:59:02:1c:
         38:34:b8:d0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUMAVcrKxCnkZuqgLKf4eYVw5qoWswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MjZaFw0yNTA4MjIwODAxMjZaMDMxMTAvBgNV
BAMTKEFDMzUyNDg3RTQ1OEU5OEVFNEQ4NTAzNzA2N0VBMzFCRTRGQkZEQzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5Q3Sgm1Dc4XJb7+xzDWP7eCFu
1AUbaBodu6cHARTdeqWD6w+uVP0oRJvHwkb2cDN+KZqSRKNVIX/Cgneh1q/o54hk
hBKlAQE+becwNHn5x3yR5SZZW7120LncVJx5fAAybaXMKCbuTlWZcAS+Vw8J8xoQ
spsBqVhCPTPvLGudLimQPLgT9ZBStbKGP5Tv31LdsIAjgp4w8q+IrI6KWcdk2GYm
1Bv6N/Ciu+JndLnqSAy9759jJYFUrmc+SYsAeKqoiMLVbdi3N6PoNEk5LFCA/5Yf
BxMkHC+IWKHVaSbF6hLaYr6jEiTDxa5YdJkrIeInwGyMVAk+4Z5GvpdTk3wzAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUrDUkh+RY6Y7k2FA3Bn6jG+T7/cAwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0ODAyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQgKMA0GCSqGSIb3DQEBCwUAA4IBAQBmpc99CGGf3bMkx2HaLtkVlI6A+gMSmyRF
LPz/zihRrkxDeYxsnbTxIXsJmcDs6EXKY0gTUNOayS8XkNrhWBWAvv8oiPg/mfPP
9IbQPdYtULicpWA4fHULQxEfLW/RvdjDSdmO1Gvml0mIHik6QcO0vJ9crcZZhpIu
4YFUl+9OBoDtMEX9HkPdLq2yk+aT1N+y2iUUhDCJmj+274jI3NeXi4HQQm45auga
tLciNdViMjMwYocrRkDe+JKbJMIIewXouOA/RmqkIwpQCdR9p70I2sxJrHtk5g1K
OoZEzaSIyO0dzPCcSzsAL7UCc7mgObZGi1IWltyJFCtZAhw4NLjQ
-----END CERTIFICATE-----