Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214936.roa
File:                     AS214936.roa (raw, json)
Hash identifier:          IOYeJHFQFGpZyj2CMJ5VQWnl5hPJZEKOleMCrbohJ+8=
Subject key identifier:   EE:36:66:BD:1D:6F:74:40:D5:31:66:B1:A9:CA:C8:FA:96:3C:82:85
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       5B8D3851D599867796A84230D27BD31FFF6133D1
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214936.roa
Signing time:             Fri 23 Aug 2024 08:01:24 +0000
ROA not before:           Fri 23 Aug 2024 07:56:24 +0000
ROA not after:            Fri 22 Aug 2025 08:01:24 +0000
asID:                     214936
IP address blocks:        2a0f:85c1:3dc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:8d:38:51:d5:99:86:77:96:a8:42:30:d2:7b:d3:1f:ff:61:33:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:24 2024 GMT
            Not After : Aug 22 08:01:24 2025 GMT
        Subject: CN=EE3666BD1D6F7440D53166B1A9CAC8FA963C8285
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:38:81:87:d8:93:aa:fa:8b:b3:ae:16:62:c6:
                    c5:2d:b2:ac:84:e2:b3:c5:54:5b:a4:fc:97:84:5c:
                    54:08:52:99:e2:7b:51:29:c1:83:2a:2a:9f:5b:42:
                    1e:7d:e6:f2:46:98:b0:cc:b6:53:33:45:32:f3:7f:
                    59:5e:c1:85:b6:8d:6a:9d:b2:b9:ca:7b:76:39:e9:
                    9e:94:a1:d6:30:0b:73:c8:96:27:12:3b:e8:02:f4:
                    01:0b:aa:34:8d:21:2b:95:16:fd:ef:b2:0d:01:96:
                    41:e2:40:53:fc:64:30:7d:0a:42:5e:61:33:d1:55:
                    7b:86:bb:6f:ef:e1:9e:c8:2d:4e:40:bc:a8:54:96:
                    55:cd:2a:5e:57:f5:e2:fc:29:a5:e7:dd:b5:a5:d0:
                    8c:a7:73:9e:5f:28:01:0b:46:a6:6c:a8:b8:f7:6b:
                    f2:93:b8:a5:22:f2:19:4f:ae:96:8a:b4:69:f2:b0:
                    10:82:e6:56:2f:91:1e:c8:9f:35:55:ab:6d:79:7c:
                    10:8d:8a:50:42:52:79:4f:e8:ec:a0:85:42:ca:6f:
                    c6:a9:7a:fd:34:81:9f:7c:32:e5:4f:be:b0:2d:56:
                    9a:a7:82:d5:c8:64:c1:fc:d7:24:15:2c:0d:7a:62:
                    ec:48:c8:b1:73:9e:2f:0c:0f:44:b5:43:ae:84:f9:
                    9b:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:36:66:BD:1D:6F:74:40:D5:31:66:B1:A9:CA:C8:FA:96:3C:82:85
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214936.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3dc::/48

    Signature Algorithm: sha256WithRSAEncryption
         36:3f:56:64:f3:ee:f0:2d:77:77:65:a1:eb:86:31:14:f2:ba:
         5e:5f:37:45:40:af:a3:9d:2b:6d:b1:34:eb:4c:b1:f9:6b:ce:
         85:e0:3f:f9:5b:29:94:ba:39:4f:e6:9d:4c:e2:dc:dd:c1:8a:
         02:74:d2:52:9f:6e:02:3c:4f:35:c5:c3:c0:fd:b5:3e:07:88:
         92:4f:ab:86:ee:c3:25:ea:8f:dd:e0:ac:da:67:42:c1:c0:1e:
         28:54:ea:03:3b:73:0b:25:3c:fd:ed:29:90:f2:ad:d9:c0:ee:
         29:c0:0c:16:fc:5a:74:3f:f8:5f:93:c5:ed:1a:09:f3:94:eb:
         f8:be:b4:78:e3:8a:51:7b:f6:49:34:24:60:85:2f:3e:de:32:
         68:1e:09:cb:3d:b8:dd:c5:a2:d6:17:40:b0:6b:00:ba:7c:70:
         97:b6:9f:34:c5:23:f2:70:7f:c0:d4:72:01:10:da:6a:08:e9:
         a6:36:bd:9d:59:d9:1d:55:52:2f:89:55:2e:dd:80:f9:e3:45:
         3c:be:ea:74:29:67:10:20:11:28:3f:e1:53:44:20:f6:0d:63:
         35:7c:84:45:4b:e5:b5:04:db:b8:fc:6f:80:fc:e1:5c:69:30:
         f1:42:56:13:0c:f5:3a:60:1e:54:fc:ea:65:78:48:d0:2c:56:
         45:cb:35:40
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUW404UdWZhneWqEIw0nvTH/9hM9EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MjRaFw0yNTA4MjIwODAxMjRaMDMxMTAvBgNV
BAMTKEVFMzY2NkJEMUQ2Rjc0NDBENTMxNjZCMUE5Q0FDOEZBOTYzQzgyODUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyOIGH2JOq+ouzrhZixsUtsqyE
4rPFVFuk/JeEXFQIUpnie1EpwYMqKp9bQh595vJGmLDMtlMzRTLzf1lewYW2jWqd
srnKe3Y56Z6UodYwC3PIlicSO+gC9AELqjSNISuVFv3vsg0BlkHiQFP8ZDB9CkJe
YTPRVXuGu2/v4Z7ILU5AvKhUllXNKl5X9eL8KaXn3bWl0Iync55fKAELRqZsqLj3
a/KTuKUi8hlPrpaKtGnysBCC5lYvkR7InzVVq215fBCNilBCUnlP6OyghULKb8ap
ev00gZ98MuVPvrAtVpqngtXIZMH81yQVLA16YuxIyLFzni8MD0S1Q66E+ZupAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU7jZmvR1vdEDVMWaxqcrI+pY8goUwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0OTM2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQPcMA0GCSqGSIb3DQEBCwUAA4IBAQA2P1Zk8+7wLXd3ZaHrhjEU8rpeXzdFQK+j
nSttsTTrTLH5a86F4D/5WymUujlP5p1M4tzdwYoCdNJSn24CPE81xcPA/bU+B4iS
T6uG7sMl6o/d4KzaZ0LBwB4oVOoDO3MLJTz97SmQ8q3ZwO4pwAwW/Fp0P/hfk8Xt
GgnzlOv4vrR444pRe/ZJNCRghS8+3jJoHgnLPbjdxaLWF0CwawC6fHCXtp80xSPy
cH/A1HIBENpqCOmmNr2dWdkdVVIviVUu3YD540U8vup0KWcQIBEoP+FTRCD2DWM1
fIRFS+W1BNu4/G+A/OFcaTDxQlYTDPU6YB5U/OpleEjQLFZFyzVA
-----END CERTIFICATE-----