Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214838.roa
File:                     AS214838.roa (raw, json)
Hash identifier:          y32ydGNq0WU7G7PeqcSYREqN4cH68xsLQgaxilBEE+M=
Subject key identifier:   B4:20:5E:0E:0B:B2:2B:F8:89:E9:B4:48:C8:68:C1:59:B6:28:1D:55
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       0DDF52CE6D899F46E249F4743F9E78EA023BD9D0
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214838.roa
Signing time:             Mon 10 Mar 2025 22:21:54 +0000
ROA not before:           Mon 10 Mar 2025 22:16:54 +0000
ROA not after:            Mon 09 Mar 2026 22:21:54 +0000
asID:                     214838
IP address blocks:        2a0f:85c1:bb8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:df:52:ce:6d:89:9f:46:e2:49:f4:74:3f:9e:78:ea:02:3b:d9:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Mar 10 22:16:54 2025 GMT
            Not After : Mar  9 22:21:54 2026 GMT
        Subject: CN=B4205E0E0BB22BF889E9B448C868C159B6281D55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:4c:9e:3f:66:d6:3c:f2:c8:bd:2b:70:5f:1d:
                    62:c7:41:a6:44:9e:2c:2a:b2:2e:82:d0:b3:f8:d4:
                    dc:13:e7:0b:b9:14:fe:e2:ff:5e:49:05:2b:be:6d:
                    a6:5d:31:83:84:7b:8d:27:39:a4:c7:06:a9:79:52:
                    83:b4:48:93:f9:b9:a0:a0:45:bd:c7:6b:78:28:dc:
                    ef:e7:ef:13:6f:cf:14:81:c3:91:2b:7f:2f:59:ab:
                    a8:d4:76:91:2e:ff:6f:87:f8:83:ac:4b:9c:0c:d4:
                    86:72:fa:76:c8:7d:cb:93:15:7e:25:21:0a:23:60:
                    6f:e6:7a:27:fa:23:f4:f7:c0:1c:4f:da:c3:b3:54:
                    6f:4a:77:4d:7f:13:47:44:59:3c:41:8f:a1:9d:ae:
                    8a:88:59:ac:6a:e9:6b:79:9b:4e:14:22:9d:30:f7:
                    72:21:c7:fc:2e:39:2e:14:0e:fe:38:3e:0e:3e:03:
                    eb:01:b5:fc:2d:6f:b7:1f:73:50:5f:ce:9c:30:46:
                    3b:4e:ab:59:98:8a:24:aa:9c:41:26:ea:bc:b0:79:
                    75:f2:93:c3:29:47:96:3b:99:23:3e:0c:3c:dd:34:
                    d0:7e:d2:ee:37:78:cd:e6:69:20:6e:eb:66:53:48:
                    8e:0a:be:87:4c:27:07:d1:f0:56:b6:dd:67:6f:89:
                    e5:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:20:5E:0E:0B:B2:2B:F8:89:E9:B4:48:C8:68:C1:59:B6:28:1D:55
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:bb8::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:92:72:2e:c8:d9:12:89:97:e4:cb:78:51:84:e0:20:7c:ce:
         43:54:4f:d4:fd:eb:31:1c:17:12:da:a1:bb:7f:e3:fc:33:30:
         20:05:ad:77:68:3a:24:30:c6:be:42:5c:46:fe:91:2f:22:68:
         74:f3:cb:e7:cc:2c:6d:52:f3:56:9a:10:fd:e3:54:13:09:9c:
         70:5e:09:18:e5:ee:8f:cc:d4:89:b1:9f:ee:2d:c9:0e:ae:a4:
         49:7e:ed:8d:b6:8d:05:43:c9:d3:35:c3:21:2d:3a:b0:eb:a9:
         63:78:a3:38:69:d5:20:3e:bc:1a:7b:dc:b0:ee:d8:60:2f:55:
         b5:0b:e4:af:d7:70:cf:bb:10:4c:b3:a0:1c:a8:50:d9:c5:06:
         df:f4:a8:07:e7:c2:98:2f:f3:a7:a9:c4:0e:28:86:81:a6:48:
         74:1e:b2:79:84:81:d5:3d:d4:72:3d:03:48:6e:3b:89:72:71:
         b7:d5:f5:1a:22:a8:09:a3:b8:70:af:8e:74:1a:45:31:ab:9c:
         19:3e:0e:70:02:99:1e:38:01:98:7d:02:1a:e9:b8:24:25:da:
         74:63:d5:a2:c8:b0:d6:d5:7a:10:c5:9a:24:9a:9c:cb:ea:0f:
         a1:07:d9:01:99:f8:8e:17:55:0b:28:7a:2a:0d:c0:9f:e7:a6:
         f7:1c:0f:fe
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUDd9Szm2Jn0biSfR0P5546gI72dAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTAzMTAyMjE2NTRaFw0yNjAzMDkyMjIxNTRaMDMxMTAvBgNV
BAMTKEI0MjA1RTBFMEJCMjJCRjg4OUU5QjQ0OEM4NjhDMTU5QjYyODFENTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1TJ4/ZtY88si9K3BfHWLHQaZE
niwqsi6C0LP41NwT5wu5FP7i/15JBSu+baZdMYOEe40nOaTHBql5UoO0SJP5uaCg
Rb3Ha3go3O/n7xNvzxSBw5Erfy9Zq6jUdpEu/2+H+IOsS5wM1IZy+nbIfcuTFX4l
IQojYG/meif6I/T3wBxP2sOzVG9Kd01/E0dEWTxBj6GdroqIWaxq6Wt5m04UIp0w
93Ihx/wuOS4UDv44Pg4+A+sBtfwtb7cfc1BfzpwwRjtOq1mYiiSqnEEm6ryweXXy
k8MpR5Y7mSM+DDzdNNB+0u43eM3maSBu62ZTSI4KvodMJwfR8Fa23WdvieVpAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUtCBeDguyK/iJ6bRIyGjBWbYoHVUwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0ODM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQu4MA0GCSqGSIb3DQEBCwUAA4IBAQB6knIuyNkSiZfky3hRhOAgfM5DVE/U/esx
HBcS2qG7f+P8MzAgBa13aDokMMa+QlxG/pEvImh088vnzCxtUvNWmhD941QTCZxw
XgkY5e6PzNSJsZ/uLckOrqRJfu2Nto0FQ8nTNcMhLTqw66ljeKM4adUgPrwae9yw
7thgL1W1C+Sv13DPuxBMs6AcqFDZxQbf9KgH58KYL/OnqcQOKIaBpkh0HrJ5hIHV
PdRyPQNIbjuJcnG31fUaIqgJo7hwr450GkUxq5wZPg5wApkeOAGYfQIa6bgkJdp0
Y9WiyLDW1XoQxZokmpzL6g+hB9kBmfiOF1ULKHoqDcCf56b3HA/+
-----END CERTIFICATE-----