Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214836.roa
File:                     AS214836.roa (raw, json)
Hash identifier:          0AjIGeivEMkHtvC4U4RPCzrFhc2IvjfruNj19XFUgxI=
Subject key identifier:   7F:69:F4:C2:67:1B:95:A3:20:F7:E0:D1:FB:87:94:41:31:0D:87:4A
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       44AA9D732F84F0363703E0A2442CA9E63A8251A5
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214836.roa
Signing time:             Fri 23 Aug 2024 08:01:23 +0000
ROA not before:           Fri 23 Aug 2024 07:56:23 +0000
ROA not after:            Fri 22 Aug 2025 08:01:23 +0000
asID:                     214836
IP address blocks:        2a0f:85c1:803::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:aa:9d:73:2f:84:f0:36:37:03:e0:a2:44:2c:a9:e6:3a:82:51:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:23 2024 GMT
            Not After : Aug 22 08:01:23 2025 GMT
        Subject: CN=7F69F4C2671B95A320F7E0D1FB879441310D874A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:2b:2e:11:29:c3:b0:35:2e:a7:e8:d8:f7:26:
                    cf:f0:56:d9:55:3e:8d:40:57:63:f8:46:03:65:61:
                    ac:38:cf:f0:55:53:0c:0f:08:c9:f9:43:34:11:b1:
                    f8:7d:27:6c:b4:ce:b2:da:65:4c:ae:ad:97:fb:fb:
                    c3:8b:4f:95:ff:9f:bb:51:cd:cc:2b:5e:24:98:d3:
                    06:24:d2:71:81:ba:75:0a:2a:09:85:e5:79:1c:7b:
                    21:25:e4:9e:9c:d7:dc:b0:9e:7d:69:75:9f:9b:45:
                    1d:9d:67:75:db:b2:7c:2d:e2:11:5b:eb:c1:2e:3d:
                    44:5a:1e:25:e0:d2:da:e8:53:ed:b9:94:cc:3b:13:
                    28:0a:49:74:ca:db:e3:8a:8c:80:d3:39:02:dc:37:
                    a5:c0:92:3f:51:67:a8:63:48:9d:f3:f5:59:71:12:
                    fd:fa:1d:59:45:74:28:a8:af:29:23:11:3f:e8:ce:
                    67:55:f3:b1:21:eb:23:f0:ac:ab:44:3c:c8:c8:9e:
                    f2:95:be:74:78:7a:19:97:a8:df:1b:6f:a3:47:4d:
                    ce:09:0a:0e:e0:36:f6:1c:ae:ff:f4:83:c1:4d:f3:
                    c4:59:81:07:93:92:79:88:fd:6d:c2:cc:31:de:91:
                    ab:4e:69:ad:db:bd:f2:85:eb:81:c8:e7:b7:25:5a:
                    ce:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:69:F4:C2:67:1B:95:A3:20:F7:E0:D1:FB:87:94:41:31:0D:87:4A
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214836.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:803::/48

    Signature Algorithm: sha256WithRSAEncryption
         0e:6a:29:ca:90:e3:2c:ca:b4:23:62:3f:0a:d6:a1:1d:75:5d:
         5d:87:76:fb:bf:f8:7a:34:2c:24:dc:98:4c:a1:8c:a3:f5:4b:
         b8:52:2e:14:d7:e8:f9:55:49:2e:c3:84:c6:ac:b2:6e:05:3a:
         88:89:f6:95:f8:41:5d:fb:98:a4:81:7d:4b:3e:89:06:53:8e:
         b0:29:5d:d3:a6:4e:2d:20:7d:32:86:54:f2:86:cc:f1:8c:b9:
         e9:8c:ae:29:dc:fc:a2:1a:f2:7c:c5:36:3d:c7:de:31:a7:27:
         33:17:82:d0:1d:b2:52:db:14:b2:55:72:83:10:a2:84:a3:8c:
         5d:db:0e:33:4c:69:13:d9:69:1e:54:82:44:97:23:02:66:00:
         e3:f2:af:46:63:62:2b:19:0b:47:8f:3c:58:dc:45:56:fc:72:
         88:03:da:74:56:71:37:71:f9:80:bd:73:ca:f3:8d:16:7d:d1:
         4e:bd:bd:07:d6:0c:b2:67:8c:ab:0e:8d:bb:53:b9:7f:9b:97:
         1d:28:30:30:d8:c8:7f:48:ed:43:20:90:70:7f:4d:8a:fd:c3:
         eb:d7:65:e4:f1:e7:28:09:a6:40:33:32:3c:72:fd:7a:ec:cc:
         b6:39:88:08:91:88:16:fc:55:3f:1d:93:a7:55:a3:43:77:f0:
         e2:0a:e3:06
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIURKqdcy+E8DY3A+CiRCyp5jqCUaUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MjNaFw0yNTA4MjIwODAxMjNaMDMxMTAvBgNV
BAMTKDdGNjlGNEMyNjcxQjk1QTMyMEY3RTBEMUZCODc5NDQxMzEwRDg3NEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnKy4RKcOwNS6n6Nj3Js/wVtlV
Po1AV2P4RgNlYaw4z/BVUwwPCMn5QzQRsfh9J2y0zrLaZUyurZf7+8OLT5X/n7tR
zcwrXiSY0wYk0nGBunUKKgmF5XkceyEl5J6c19ywnn1pdZ+bRR2dZ3Xbsnwt4hFb
68EuPURaHiXg0troU+25lMw7EygKSXTK2+OKjIDTOQLcN6XAkj9RZ6hjSJ3z9Vlx
Ev36HVlFdCiorykjET/ozmdV87Eh6yPwrKtEPMjInvKVvnR4ehmXqN8bb6NHTc4J
Cg7gNvYcrv/0g8FN88RZgQeTknmI/W3CzDHekatOaa3bvfKF64HI57clWs7NAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUf2n0wmcblaMg9+DR+4eUQTENh0owHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0ODM2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQgDMA0GCSqGSIb3DQEBCwUAA4IBAQAOainKkOMsyrQjYj8K1qEddV1dh3b7v/h6
NCwk3JhMoYyj9Uu4Ui4U1+j5VUkuw4TGrLJuBTqIifaV+EFd+5ikgX1LPokGU46w
KV3Tpk4tIH0yhlTyhszxjLnpjK4p3PyiGvJ8xTY9x94xpyczF4LQHbJS2xSyVXKD
EKKEo4xd2w4zTGkT2WkeVIJElyMCZgDj8q9GY2IrGQtHjzxY3EVW/HKIA9p0VnE3
cfmAvXPK840WfdFOvb0H1gyyZ4yrDo27U7l/m5cdKDAw2Mh/SO1DIJBwf02K/cPr
12Xk8ecoCaZAMzI8cv167My2OYgIkYgW/FU/HZOnVaNDd/DiCuMG
-----END CERTIFICATE-----