Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS212388.roa
File:                     AS212388.roa (raw, json)
Hash identifier:          vaMnF7Ai17DIOrJa/4hPHFqcB27njDsJksgpTJN8Te8=
Subject key identifier:   77:9A:AF:2C:C6:53:A9:E4:70:D8:6E:BD:91:0B:93:B9:3D:1D:F1:A4
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       75A8BA1F00E89F55082DB77AAB06DAE903153415
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS212388.roa
Signing time:             Fri 28 Feb 2025 12:38:33 +0000
ROA not before:           Fri 28 Feb 2025 12:33:33 +0000
ROA not after:            Fri 27 Feb 2026 12:38:33 +0000
asID:                     212388
IP address blocks:        2a14:7580:e00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 14:04:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:a8:ba:1f:00:e8:9f:55:08:2d:b7:7a:ab:06:da:e9:03:15:34:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Feb 28 12:33:33 2025 GMT
            Not After : Feb 27 12:38:33 2026 GMT
        Subject: CN=779AAF2CC653A9E470D86EBD910B93B93D1DF1A4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d5:8c:f3:1c:1c:dc:d2:b8:24:7d:06:09:a0:
                    e9:a8:87:99:1e:a3:1e:bf:1f:a8:23:71:b6:fd:45:
                    84:d3:5e:28:a7:07:27:b4:f2:4b:fa:59:35:10:35:
                    8a:06:b2:bb:83:49:b0:82:fd:48:25:65:ea:36:37:
                    8d:ad:38:68:b4:73:97:06:23:4c:9d:bc:34:03:3a:
                    28:17:fc:cf:cc:ce:c8:59:ed:72:d2:fc:c2:fa:24:
                    fc:9b:41:f1:ac:80:21:8f:22:c2:92:47:47:5c:21:
                    30:03:ab:66:fc:18:f9:51:d8:5e:b7:1a:af:09:f7:
                    0a:71:ee:08:42:60:54:fe:b6:29:ad:87:a2:b2:cf:
                    c1:d5:88:10:14:4d:6e:b1:69:c0:81:49:0f:cd:46:
                    72:22:d6:01:1a:21:54:82:49:42:6e:b0:a2:56:5a:
                    06:b7:68:65:19:4e:30:ea:65:74:cc:14:36:79:72:
                    ce:b9:8c:41:0b:fb:6a:7b:f3:c6:20:26:59:50:83:
                    93:39:a5:a4:cd:2d:25:00:28:24:cd:ea:cd:b2:8c:
                    d3:ae:cc:36:85:e6:48:c2:67:d0:cb:3f:17:b3:c9:
                    af:ad:39:4b:9a:0d:85:1d:ff:04:2a:1b:bd:bf:a8:
                    9e:ab:fd:be:fb:8f:48:55:8e:c0:5e:5a:d2:c1:29:
                    c8:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:9A:AF:2C:C6:53:A9:E4:70:D8:6E:BD:91:0B:93:B9:3D:1D:F1:A4
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS212388.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:e00::/40

    Signature Algorithm: sha256WithRSAEncryption
         42:bd:3c:7f:8b:d5:29:1b:4f:23:f8:ab:ef:9c:32:6e:13:6f:
         74:89:e9:67:3c:35:8e:41:c9:b9:99:b3:12:42:4c:06:d6:96:
         4f:70:6d:f6:18:a6:45:8f:0c:47:34:ca:7c:f2:01:88:de:f1:
         47:9a:a7:60:bd:52:02:d1:7e:20:a5:59:96:14:4f:7a:a1:54:
         3d:39:2e:e5:7d:49:97:08:81:bc:47:76:42:fa:be:24:a4:e1:
         fa:bc:80:ec:73:70:fa:ae:89:1b:8c:4c:f1:7e:2b:5e:2e:00:
         f7:e7:b8:cb:0d:e2:0a:37:1b:cf:33:69:9c:1a:1a:02:8d:02:
         47:e6:df:c3:ce:1c:75:52:d7:bf:df:82:bb:10:92:74:f8:42:
         2c:cb:7f:f5:54:ee:80:03:78:3b:cf:99:d3:ff:83:11:bf:ec:
         e9:bd:80:84:e9:ac:4f:a0:cb:ec:08:88:4a:17:0b:ad:66:ad:
         ea:48:be:f8:1c:45:4e:9e:36:c1:f3:bf:93:91:28:f6:a5:18:
         ab:2e:f9:de:b4:f9:cb:aa:ec:6b:e6:c4:24:66:97:04:6c:ec:
         e4:35:d5:6f:50:d9:5c:a3:f7:96:12:97:ad:db:6e:e7:32:80:
         ba:98:36:cd:0b:f2:aa:5c:d1:28:5d:a2:7e:33:ca:e8:df:05:
         00:84:8b:13
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUdai6HwDon1UILbd6qwba6QMVNBUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTAyMjgxMjMzMzNaFw0yNjAyMjcxMjM4MzNaMDMxMTAvBgNV
BAMTKDc3OUFBRjJDQzY1M0E5RTQ3MEQ4NkVCRDkxMEI5M0I5M0QxREYxQTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC81YzzHBzc0rgkfQYJoOmoh5ke
ox6/H6gjcbb9RYTTXiinBye08kv6WTUQNYoGsruDSbCC/UglZeo2N42tOGi0c5cG
I0ydvDQDOigX/M/MzshZ7XLS/ML6JPybQfGsgCGPIsKSR0dcITADq2b8GPlR2F63
Gq8J9wpx7ghCYFT+timth6Kyz8HViBAUTW6xacCBSQ/NRnIi1gEaIVSCSUJusKJW
Wga3aGUZTjDqZXTMFDZ5cs65jEEL+2p788YgJllQg5M5paTNLSUAKCTN6s2yjNOu
zDaF5kjCZ9DLPxezya+tOUuaDYUd/wQqG72/qJ6r/b77j0hVjsBeWtLBKcjvAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUd5qvLMZTqeRw2G69kQuTuT0d8aQwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjEyMzg4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhR1
gA4wDQYJKoZIhvcNAQELBQADggEBAEK9PH+L1SkbTyP4q++cMm4Tb3SJ6Wc8NY5B
ybmZsxJCTAbWlk9wbfYYpkWPDEc0ynzyAYje8Ueap2C9UgLRfiClWZYUT3qhVD05
LuV9SZcIgbxHdkL6viSk4fq8gOxzcPquiRuMTPF+K14uAPfnuMsN4go3G88zaZwa
GgKNAkfm38POHHVS17/fgrsQknT4QizLf/VU7oADeDvPmdP/gxG/7Om9gITprE+g
y+wIiEoXC61mrepIvvgcRU6eNsHzv5ORKPalGKsu+d60+cuq7GvmxCRmlwRs7OQ1
1W9Q2Vyj95YSl63bbucygLqYNs0L8qpc0Shdon4zyujfBQCEixM=
-----END CERTIFICATE-----