Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214862.roa
File:                     AS214862.roa (raw, json)
Hash identifier:          a7W0RAzXubo0aHTorwB4zMV33nYU0kTzKorMmfBbnd0=
Subject key identifier:   23:93:8B:10:CB:DF:44:0A:04:8D:AF:2F:F3:64:8E:68:B8:D5:23:BF
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       39D081EAA48231F0BD6315C2DF241A7C0792DDE9
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214862.roa
Signing time:             Fri 23 Aug 2024 08:01:15 +0000
ROA not before:           Fri 23 Aug 2024 07:56:15 +0000
ROA not after:            Fri 22 Aug 2025 08:01:15 +0000
asID:                     214862
IP address blocks:        2a0f:85c1:3fb::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:d0:81:ea:a4:82:31:f0:bd:63:15:c2:df:24:1a:7c:07:92:dd:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:15 2024 GMT
            Not After : Aug 22 08:01:15 2025 GMT
        Subject: CN=23938B10CBDF440A048DAF2FF3648E68B8D523BF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:77:82:97:e4:f1:8d:9d:ca:9c:a6:58:26:d2:
                    2e:d3:89:21:ff:6e:9b:80:2c:a0:ad:57:ee:c0:ff:
                    f5:27:ab:f1:5c:6b:a1:4d:42:f8:51:64:d7:5b:0f:
                    83:70:9a:e2:21:72:d8:15:ab:b7:9b:2f:93:5b:01:
                    76:98:14:4c:5e:3f:e6:28:1f:63:57:fd:be:62:ab:
                    36:49:67:27:08:eb:8a:96:e8:ca:af:96:05:72:a3:
                    43:c1:a7:8e:42:34:42:ad:40:50:79:0e:13:63:02:
                    54:7c:04:f6:71:90:3d:b9:b2:86:a8:58:9f:e1:51:
                    4b:58:bf:1a:0e:63:78:e9:b7:fc:fe:af:1d:86:6b:
                    3b:bc:5f:19:cb:73:81:02:e6:37:e2:2f:7e:b7:b1:
                    fc:ff:29:e3:60:04:d1:7f:86:eb:86:f8:a9:1b:26:
                    e3:ef:9f:d2:69:74:02:4d:35:31:6b:95:88:e7:cb:
                    f6:43:ef:f9:97:d8:e4:3b:8b:c6:92:67:6f:ff:89:
                    d5:14:0f:f7:9b:46:a3:4f:a5:ed:69:4d:8d:59:29:
                    2f:33:d0:f2:76:5b:f8:76:c8:c1:76:89:c5:d4:2b:
                    5c:86:5e:8f:51:35:de:0c:5b:4c:2a:d9:ba:73:b2:
                    e1:03:f4:58:33:3b:22:4e:20:db:7c:f6:23:03:ea:
                    53:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:93:8B:10:CB:DF:44:0A:04:8D:AF:2F:F3:64:8E:68:B8:D5:23:BF
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214862.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3fb::/48

    Signature Algorithm: sha256WithRSAEncryption
         1f:c1:1b:bf:9b:f0:86:a4:14:9b:89:05:88:aa:2c:a6:9a:90:
         8b:2a:c2:6d:78:23:4d:46:51:67:7c:33:b6:6c:5a:e6:ce:ae:
         42:90:d9:10:50:4d:c5:27:e7:a7:6d:cf:e2:09:aa:24:1e:d4:
         26:5b:c2:0f:30:41:8f:b9:47:39:b6:42:57:d5:75:18:90:b1:
         f0:f5:90:6b:66:4f:4b:ad:36:86:57:65:b8:1b:5b:6b:04:4f:
         50:7e:c0:90:63:8c:ed:e9:97:40:ba:cc:96:47:89:8d:de:12:
         c5:3a:b9:d0:1a:17:51:da:35:06:fd:de:cc:db:b9:3c:d4:86:
         fd:06:87:dc:d1:30:39:33:fc:de:78:e5:e6:de:bb:82:a5:50:
         3f:a1:91:3b:0d:b1:86:10:2d:16:36:13:ab:33:ac:7e:5a:07:
         ae:ae:a2:ac:8a:44:d0:72:8f:fd:8e:ce:57:f3:fa:c9:ed:fd:
         3d:36:cb:c5:7b:59:c4:80:f8:d0:a3:d5:d2:af:54:96:ec:72:
         4e:91:22:06:2c:cf:9f:8a:9e:ac:58:fb:91:d8:14:17:dd:48:
         a3:5b:d6:c4:5c:75:07:93:25:45:02:81:96:42:14:26:88:3b:
         0a:6f:ee:92:9e:9e:11:95:b5:cc:e1:b4:e2:eb:c3:7c:11:74:
         1a:da:fe:08
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUOdCB6qSCMfC9YxXC3yQafAeS3ekwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MTVaFw0yNTA4MjIwODAxMTVaMDMxMTAvBgNV
BAMTKDIzOTM4QjEwQ0JERjQ0MEEwNDhEQUYyRkYzNjQ4RTY4QjhENTIzQkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXd4KX5PGNncqcplgm0i7TiSH/
bpuALKCtV+7A//Unq/Fca6FNQvhRZNdbD4NwmuIhctgVq7ebL5NbAXaYFExeP+Yo
H2NX/b5iqzZJZycI64qW6MqvlgVyo0PBp45CNEKtQFB5DhNjAlR8BPZxkD25soao
WJ/hUUtYvxoOY3jpt/z+rx2Gazu8XxnLc4EC5jfiL363sfz/KeNgBNF/huuG+Kkb
JuPvn9JpdAJNNTFrlYjny/ZD7/mX2OQ7i8aSZ2//idUUD/ebRqNPpe1pTY1ZKS8z
0PJ2W/h2yMF2icXUK1yGXo9RNd4MW0wq2bpzsuED9FgzOyJOINt89iMD6lNFAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUI5OLEMvfRAoEja8v82SOaLjVI78wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0ODYyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQP7MA0GCSqGSIb3DQEBCwUAA4IBAQAfwRu/m/CGpBSbiQWIqiymmpCLKsJteCNN
RlFnfDO2bFrmzq5CkNkQUE3FJ+enbc/iCaokHtQmW8IPMEGPuUc5tkJX1XUYkLHw
9ZBrZk9LrTaGV2W4G1trBE9QfsCQY4zt6ZdAusyWR4mN3hLFOrnQGhdR2jUG/d7M
27k81Ib9Bofc0TA5M/zeeOXm3ruCpVA/oZE7DbGGEC0WNhOrM6x+WgeurqKsikTQ
co/9js5X8/rJ7f09NsvFe1nEgPjQo9XSr1SW7HJOkSIGLM+fip6sWPuR2BQX3Uij
W9bEXHUHkyVFAoGWQhQmiDsKb+6Snp4RlbXM4bTi68N8EXQa2v4I
-----END CERTIFICATE-----