Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214984.roa
File:                     AS214984.roa (raw, json)
Hash identifier:          eW9BUE0M1cbKqzXrM5CKnvAtbq1qvHZWux0p843OfOE=
Subject key identifier:   86:B8:48:7F:C5:27:AA:3F:76:B4:0B:7C:6D:E0:E2:8D:F9:F9:09:26
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       3C957BB32406C876C8658AC38D7AB707EF736803
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214984.roa
Signing time:             Fri 23 Aug 2024 08:01:25 +0000
ROA not before:           Fri 23 Aug 2024 07:56:25 +0000
ROA not after:            Fri 22 Aug 2025 08:01:25 +0000
asID:                     214984
IP address blocks:        2a0f:85c1:3d2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:95:7b:b3:24:06:c8:76:c8:65:8a:c3:8d:7a:b7:07:ef:73:68:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:25 2024 GMT
            Not After : Aug 22 08:01:25 2025 GMT
        Subject: CN=86B8487FC527AA3F76B40B7C6DE0E28DF9F90926
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:0f:0f:c8:d8:d1:e0:dc:45:2a:89:70:54:14:
                    b3:91:5f:28:68:3d:0f:5a:8e:7e:37:bb:80:67:9e:
                    bf:74:4d:bd:4a:05:49:bc:c6:30:ee:b2:b9:fd:c9:
                    7c:ca:62:5e:b7:6b:3f:f4:7b:a9:39:e3:09:de:6a:
                    00:c2:aa:4b:fd:ea:e3:20:ea:0a:6f:fe:ac:18:97:
                    40:54:b5:69:83:87:f3:b6:4a:9f:f1:16:67:68:ba:
                    7b:bb:e8:78:03:a0:33:47:4b:bd:2a:c3:41:38:0d:
                    99:83:57:58:f0:97:14:b6:46:fd:13:56:d3:fe:2b:
                    5c:a6:9b:fc:6d:3d:bf:5a:ff:ce:6d:f9:c6:09:08:
                    ee:7a:e0:d5:c3:dd:ad:cc:5c:86:84:ee:80:5e:ae:
                    1d:d3:14:2b:1a:de:1e:0a:1a:a5:34:30:37:2e:b4:
                    b8:1f:7c:c1:b3:2c:9a:bd:76:49:e9:14:89:a3:0a:
                    11:79:74:62:77:d6:eb:e1:6e:c1:80:61:e6:b5:14:
                    13:30:31:27:fd:29:9c:be:2f:7e:2f:7d:fe:84:77:
                    86:b8:31:9d:8a:bc:37:2b:82:13:d5:7d:69:f2:0d:
                    b7:d1:fd:db:21:38:54:79:fa:e1:a9:04:e0:25:b7:
                    0b:0f:d7:f4:18:3d:04:18:be:30:e8:0b:2e:f1:ee:
                    9f:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:B8:48:7F:C5:27:AA:3F:76:B4:0B:7C:6D:E0:E2:8D:F9:F9:09:26
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214984.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3d2::/48

    Signature Algorithm: sha256WithRSAEncryption
         6e:df:be:bd:74:00:1b:08:91:48:7b:6e:d7:a7:1a:ff:27:24:
         91:38:c7:87:22:a8:66:1d:f7:f6:42:49:fe:e9:04:66:de:1b:
         5d:e5:6d:3d:4d:85:f7:9c:18:0d:b8:62:a0:94:e1:b6:bd:10:
         02:18:3b:20:c5:00:f4:27:f9:a4:85:f6:0b:85:f2:06:8a:54:
         b1:3f:81:9c:58:93:5c:64:8c:9a:3b:05:a1:8e:95:ad:31:ee:
         6d:f8:91:85:8a:92:3a:0f:c5:b6:5a:fd:b0:e6:54:6a:50:08:
         e7:88:11:77:64:c7:5a:82:b9:1d:11:b8:70:0f:0d:36:5d:20:
         72:c3:af:9c:9a:cb:e0:2e:f2:ee:9d:49:df:77:e3:86:b6:91:
         c1:fc:7b:10:ef:49:ca:a3:72:d2:04:c0:d3:e8:b1:6d:8c:3e:
         a3:e0:2e:4e:9a:5a:3a:9a:3b:c1:75:59:c1:79:71:06:89:80:
         07:47:d5:57:9d:e0:36:ff:4c:b6:8f:9f:8e:db:74:be:ba:6e:
         6f:a9:62:d2:fe:fc:3e:3d:fa:73:4d:76:72:69:8a:7f:ee:46:
         25:d8:71:a5:98:c8:6a:48:cd:cb:c8:e6:8c:5d:88:eb:64:fe:
         30:f0:7c:04:f5:ef:fa:6d:90:43:27:3c:3e:25:f1:96:59:6b:
         14:6e:fe:00
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUPJV7syQGyHbIZYrDjXq3B+9zaAMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MjVaFw0yNTA4MjIwODAxMjVaMDMxMTAvBgNV
BAMTKDg2Qjg0ODdGQzUyN0FBM0Y3NkI0MEI3QzZERTBFMjhERjlGOTA5MjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMDw/I2NHg3EUqiXBUFLORXyho
PQ9ajn43u4Bnnr90Tb1KBUm8xjDusrn9yXzKYl63az/0e6k54wneagDCqkv96uMg
6gpv/qwYl0BUtWmDh/O2Sp/xFmdounu76HgDoDNHS70qw0E4DZmDV1jwlxS2Rv0T
VtP+K1ymm/xtPb9a/85t+cYJCO564NXD3a3MXIaE7oBerh3TFCsa3h4KGqU0MDcu
tLgffMGzLJq9dknpFImjChF5dGJ31uvhbsGAYea1FBMwMSf9KZy+L34vff6Ed4a4
MZ2KvDcrghPVfWnyDbfR/dshOFR5+uGpBOAltwsP1/QYPQQYvjDoCy7x7p8zAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUhrhIf8Unqj92tAt8beDijfn5CSYwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0OTg0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQPSMA0GCSqGSIb3DQEBCwUAA4IBAQBu3769dAAbCJFIe27Xpxr/JySROMeHIqhm
Hff2Qkn+6QRm3htd5W09TYX3nBgNuGKglOG2vRACGDsgxQD0J/mkhfYLhfIGilSx
P4GcWJNcZIyaOwWhjpWtMe5t+JGFipI6D8W2Wv2w5lRqUAjniBF3ZMdagrkdEbhw
Dw02XSByw6+cmsvgLvLunUnfd+OGtpHB/HsQ70nKo3LSBMDT6LFtjD6j4C5Omlo6
mjvBdVnBeXEGiYAHR9VXneA2/0y2j5+O23S+um5vqWLS/vw+PfpzTXZyaYp/7kYl
2HGlmMhqSM3LyOaMXYjrZP4w8HwE9e/6bZBDJzw+JfGWWWsUbv4A
-----END CERTIFICATE-----