Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214909.roa
File:                     AS214909.roa (raw, json)
Hash identifier:          BeSHlaqPkcN46xUpmslGZgFXUivhGHeNEsppklRTGRo=
Subject key identifier:   3F:C8:05:87:B9:90:3D:50:5E:3D:6A:09:ED:B5:F8:CB:B5:B1:DA:C3
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       568A144DBD234C38BFC1CEF60051640A863413D4
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214909.roa
Signing time:             Fri 23 Aug 2024 08:01:15 +0000
ROA not before:           Fri 23 Aug 2024 07:56:15 +0000
ROA not after:            Fri 22 Aug 2025 08:01:15 +0000
asID:                     214909
IP address blocks:        2a0f:85c1:3f7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:8a:14:4d:bd:23:4c:38:bf:c1:ce:f6:00:51:64:0a:86:34:13:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:15 2024 GMT
            Not After : Aug 22 08:01:15 2025 GMT
        Subject: CN=3FC80587B9903D505E3D6A09EDB5F8CBB5B1DAC3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:06:90:e6:d3:9e:34:be:57:e4:8e:bf:bf:59:
                    37:1c:30:ab:27:81:b1:ee:a9:23:18:c7:73:9f:a9:
                    d5:58:1f:df:c3:72:81:94:3d:16:11:e2:ab:19:9f:
                    de:44:a3:c7:ba:e9:54:9f:f3:fd:f2:0f:44:e1:c5:
                    d0:46:fc:83:b6:62:05:38:59:ab:fd:ac:28:be:3b:
                    29:73:74:8a:86:54:6f:f5:e5:98:9a:2e:f6:a5:52:
                    2a:c4:95:d8:56:1c:b4:bd:2e:0b:df:ed:0b:60:92:
                    55:db:d9:85:25:32:19:71:34:ce:4f:87:78:21:7c:
                    1a:44:c9:18:0e:26:26:c8:8c:52:1e:8d:9d:8d:77:
                    d7:fb:9b:c4:d7:fc:73:e3:00:e3:fd:47:79:bc:5b:
                    7c:d1:aa:ab:f1:87:4c:3e:fd:0a:f5:9b:cd:e7:96:
                    b0:84:cc:e2:41:01:43:42:6a:ff:07:1e:06:6b:b6:
                    93:6a:84:22:15:6b:fc:b5:f0:80:d0:b0:a4:e7:62:
                    ef:ed:20:54:a5:ae:17:88:70:a2:9b:fd:28:7a:79:
                    65:09:69:2e:3e:4c:92:ef:2b:59:2c:76:80:35:67:
                    25:bc:a8:86:6a:dc:83:7f:92:cd:f4:72:22:ce:f4:
                    a4:1e:e8:a0:a3:95:8e:fd:3a:74:02:3e:30:3e:28:
                    13:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:C8:05:87:B9:90:3D:50:5E:3D:6A:09:ED:B5:F8:CB:B5:B1:DA:C3
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214909.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3f7::/48

    Signature Algorithm: sha256WithRSAEncryption
         28:e1:11:7f:17:51:cd:51:f3:a1:07:95:72:0f:a3:e6:de:6d:
         9d:1a:a8:6e:68:3a:d7:cc:d9:9d:9b:84:c2:1c:e9:29:ce:ef:
         fd:0a:bc:53:b7:ba:7c:9d:d3:7e:30:71:ec:61:ba:c8:c1:88:
         83:61:23:3d:ad:0a:fa:ce:45:25:b7:79:0a:62:1c:38:1d:3e:
         a8:86:2e:93:74:ee:f8:b5:6d:85:8a:83:a4:d3:bc:32:0d:83:
         08:92:9c:0f:4b:50:bb:e8:83:c3:be:4f:c5:c2:38:62:d4:69:
         63:96:4d:38:20:e7:2e:77:e8:8b:8f:fd:e6:cd:3d:94:cb:82:
         4a:21:24:07:3d:ca:e6:d4:a7:37:7d:52:2c:ca:24:df:c0:e9:
         a4:4e:7b:9d:8f:e6:e8:63:a8:7b:68:a5:fe:c1:3e:25:ba:c5:
         48:37:d6:28:e1:2c:1d:45:8f:f5:f8:32:a4:d6:92:60:c3:9f:
         aa:4e:87:92:c2:73:6a:cc:9d:9b:c6:fb:cd:32:86:7a:4e:c5:
         6d:c2:fe:62:94:12:80:6d:15:c1:73:87:b6:94:fb:fc:b6:f9:
         42:30:5a:70:9f:65:5d:65:06:2e:d5:0a:d2:84:f3:6f:56:84:
         5d:99:ef:ab:62:76:f0:5b:5e:e7:85:7b:db:c2:98:3e:df:89:
         fb:96:0b:c1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUVooUTb0jTDi/wc72AFFkCoY0E9QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MTVaFw0yNTA4MjIwODAxMTVaMDMxMTAvBgNV
BAMTKDNGQzgwNTg3Qjk5MDNENTA1RTNENkEwOUVEQjVGOENCQjVCMURBQzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPBpDm0540vlfkjr+/WTccMKsn
gbHuqSMYx3OfqdVYH9/DcoGUPRYR4qsZn95Eo8e66VSf8/3yD0ThxdBG/IO2YgU4
Wav9rCi+OylzdIqGVG/15ZiaLvalUirEldhWHLS9Lgvf7QtgklXb2YUlMhlxNM5P
h3ghfBpEyRgOJibIjFIejZ2Nd9f7m8TX/HPjAOP9R3m8W3zRqqvxh0w+/Qr1m83n
lrCEzOJBAUNCav8HHgZrtpNqhCIVa/y18IDQsKTnYu/tIFSlrheIcKKb/Sh6eWUJ
aS4+TJLvK1ksdoA1ZyW8qIZq3IN/ks30ciLO9KQe6KCjlY79OnQCPjA+KBPTAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUP8gFh7mQPVBePWoJ7bX4y7Wx2sMwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0OTA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQP3MA0GCSqGSIb3DQEBCwUAA4IBAQAo4RF/F1HNUfOhB5VyD6Pm3m2dGqhuaDrX
zNmdm4TCHOkpzu/9CrxTt7p8ndN+MHHsYbrIwYiDYSM9rQr6zkUlt3kKYhw4HT6o
hi6TdO74tW2FioOk07wyDYMIkpwPS1C76IPDvk/Fwjhi1Gljlk04IOcud+iLj/3m
zT2Uy4JKISQHPcrm1Kc3fVIsyiTfwOmkTnudj+boY6h7aKX+wT4lusVIN9Yo4Swd
RY/1+DKk1pJgw5+qToeSwnNqzJ2bxvvNMoZ6TsVtwv5ilBKAbRXBc4e2lPv8tvlC
MFpwn2VdZQYu1QrShPNvVoRdme+rYnbwW17nhXvbwpg+34n7lgvB
-----END CERTIFICATE-----