Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214882.roa
File:                     AS214882.roa (raw, json)
Hash identifier:          zdk8HFrEZACXitrpUDkdpaLh7MJByP9PTT0Qvykn4yU=
Subject key identifier:   C7:D6:E3:56:5E:FD:03:D4:18:E3:6E:D6:03:FF:28:6C:CC:28:A7:49
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       173CBB0E77D6005EA7968CB46819EB2A5BB8588C
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214882.roa
Signing time:             Fri 23 Aug 2024 08:01:20 +0000
ROA not before:           Fri 23 Aug 2024 07:56:20 +0000
ROA not after:            Fri 22 Aug 2025 08:01:20 +0000
asID:                     214882
IP address blocks:        2a0f:85c1:3da::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:3c:bb:0e:77:d6:00:5e:a7:96:8c:b4:68:19:eb:2a:5b:b8:58:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:20 2024 GMT
            Not After : Aug 22 08:01:20 2025 GMT
        Subject: CN=C7D6E3565EFD03D418E36ED603FF286CCC28A749
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:0a:7e:16:39:11:c3:73:4d:73:d6:55:b1:f5:
                    02:01:7c:bf:bf:4c:4e:e0:64:c3:1b:74:dd:c4:40:
                    27:ef:35:cd:5b:d3:b3:e4:23:b5:6e:39:34:57:6c:
                    40:16:84:63:c8:6a:6a:47:cd:80:a3:92:38:ab:58:
                    39:9b:66:74:20:3d:f0:db:d6:a9:c5:f0:da:be:74:
                    9a:5c:f1:bf:81:8a:3e:b0:60:c1:9e:ba:c2:13:04:
                    fe:39:eb:93:6c:e2:b9:0a:9b:81:b1:75:0d:6e:58:
                    74:01:49:bd:92:b1:c3:e0:1d:26:9f:ae:f0:fb:9b:
                    93:bf:30:be:65:4a:4c:c0:fe:94:04:10:59:a8:dd:
                    d2:c4:9f:1c:f8:39:e1:87:57:c8:c4:ab:cb:df:ba:
                    0d:54:b1:7e:a3:d8:b7:1c:80:b1:31:6d:22:e4:87:
                    f9:7c:13:56:7b:49:30:ac:32:35:f6:46:81:08:1c:
                    59:4a:ca:81:84:08:88:6f:99:76:a2:ee:fb:43:66:
                    f2:54:a3:02:00:ee:9c:08:3c:d1:87:99:45:70:1b:
                    a4:57:56:b3:9a:1f:14:a5:4f:28:9e:36:a6:2d:56:
                    7c:46:d2:57:9c:5f:1e:86:57:61:c6:c8:c4:12:71:
                    65:46:99:32:4e:2a:cb:04:fd:d1:9c:64:c2:23:8d:
                    45:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:D6:E3:56:5E:FD:03:D4:18:E3:6E:D6:03:FF:28:6C:CC:28:A7:49
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214882.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3da::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:c0:43:50:7d:c7:c0:f0:75:00:73:38:33:34:7f:82:27:53:
         e0:a8:f9:3f:76:8a:be:f5:ef:23:e4:a3:53:64:ec:dc:5a:c2:
         a9:79:81:e8:06:86:f1:6f:db:59:46:e5:92:fd:e8:79:c5:b9:
         2b:75:22:44:33:c9:29:3f:85:0e:2b:1d:fb:c2:17:23:f5:cb:
         44:ba:38:bf:1c:87:d6:f0:9b:a3:15:bd:16:ad:02:41:50:1f:
         8c:d7:42:d1:d7:d5:61:5b:38:0f:4e:4c:29:54:eb:e9:fd:61:
         41:04:4f:b7:6a:99:d9:1c:18:ec:c9:4f:46:e5:52:f5:c8:19:
         91:a5:21:72:85:e6:b0:79:e4:c7:76:62:c6:0b:5e:9c:6b:29:
         29:08:25:98:56:9b:bd:27:56:cc:ef:04:ac:8b:68:6e:9d:18:
         5e:e0:da:6e:08:cc:99:1e:3b:dc:d1:39:9e:f9:a1:a8:fc:3d:
         c6:e8:2f:6d:a9:ab:63:06:67:6e:cb:05:d3:57:75:a4:28:77:
         61:02:55:2e:3f:2e:90:1a:f8:c1:41:f9:74:3e:74:01:74:3f:
         d5:2f:12:d2:d6:8e:fd:dc:20:02:53:ce:81:9e:ee:d6:7b:05:
         88:c7:b1:51:71:9b:75:51:a3:c2:de:b1:83:f5:f9:10:58:79:
         12:f0:4e:b0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUFzy7DnfWAF6nloy0aBnrKlu4WIwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MjBaFw0yNTA4MjIwODAxMjBaMDMxMTAvBgNV
BAMTKEM3RDZFMzU2NUVGRDAzRDQxOEUzNkVENjAzRkYyODZDQ0MyOEE3NDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5Cn4WORHDc01z1lWx9QIBfL+/
TE7gZMMbdN3EQCfvNc1b07PkI7VuOTRXbEAWhGPIampHzYCjkjirWDmbZnQgPfDb
1qnF8Nq+dJpc8b+Bij6wYMGeusITBP4565Ns4rkKm4GxdQ1uWHQBSb2SscPgHSaf
rvD7m5O/ML5lSkzA/pQEEFmo3dLEnxz4OeGHV8jEq8vfug1UsX6j2LccgLExbSLk
h/l8E1Z7STCsMjX2RoEIHFlKyoGECIhvmXai7vtDZvJUowIA7pwIPNGHmUVwG6RX
VrOaHxSlTyieNqYtVnxG0lecXx6GV2HGyMQScWVGmTJOKssE/dGcZMIjjUVnAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUx9bjVl79A9QY427WA/8obMwop0kwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0ODgyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQPaMA0GCSqGSIb3DQEBCwUAA4IBAQCewENQfcfA8HUAczgzNH+CJ1PgqPk/doq+
9e8j5KNTZOzcWsKpeYHoBobxb9tZRuWS/eh5xbkrdSJEM8kpP4UOKx37whcj9ctE
uji/HIfW8JujFb0WrQJBUB+M10LR19VhWzgPTkwpVOvp/WFBBE+3apnZHBjsyU9G
5VL1yBmRpSFyheaweeTHdmLGC16caykpCCWYVpu9J1bM7wSsi2hunRhe4NpuCMyZ
Hjvc0Tme+aGo/D3G6C9tqatjBmduywXTV3WkKHdhAlUuPy6QGvjBQfl0PnQBdD/V
LxLS1o793CACU86Bnu7WewWIx7FRcZt1UaPC3rGD9fkQWHkS8E6w
-----END CERTIFICATE-----