Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS213581.roa
File:                     AS213581.roa (raw, json)
Hash identifier:          0/Zz8nz+VqOmZns+ZvpIPAgvVzhMYecplsbkIMYDpR4=
Subject key identifier:   B0:43:50:40:5D:7E:9E:79:B2:DB:9D:FB:D6:53:3B:B0:BF:07:1A:74
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       E999BAAAC39FCCA8EB4977E2B673F63BAA06EF
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS213581.roa
Signing time:             Tue 04 Feb 2025 00:17:09 +0000
ROA not before:           Tue 04 Feb 2025 00:12:09 +0000
ROA not after:            Tue 03 Feb 2026 00:17:09 +0000
asID:                     213581
IP address blocks:        2a14:7584:9000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 14:04:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            e9:99:ba:aa:c3:9f:cc:a8:eb:49:77:e2:b6:73:f6:3b:aa:06:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Feb  4 00:12:09 2025 GMT
            Not After : Feb  3 00:17:09 2026 GMT
        Subject: CN=B04350405D7E9E79B2DB9DFBD6533BB0BF071A74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:36:84:0d:d3:1c:e8:99:93:db:32:4f:0d:de:
                    7c:7e:e2:4e:cc:8e:96:cc:49:33:3c:02:11:04:7e:
                    db:fa:9a:55:08:44:e8:30:65:5f:53:42:00:1e:14:
                    32:1a:a8:54:1c:89:7e:af:ad:f6:2f:d0:a1:ff:69:
                    a2:16:0c:6e:08:45:f0:4f:33:e1:55:80:31:ee:e5:
                    dd:9b:c6:6a:b2:52:3b:4b:aa:4d:23:d8:1f:79:0a:
                    41:0d:79:12:27:3b:a2:ce:ea:0f:93:d7:23:9d:fb:
                    72:01:c9:d9:07:4e:aa:e4:94:11:3d:7a:c2:9b:5c:
                    61:a1:a1:f7:1e:ed:3c:ab:79:84:f5:24:69:ad:44:
                    aa:25:f8:f7:d3:ed:95:7b:da:7b:ee:44:ee:b5:2f:
                    31:31:30:f2:5b:27:c5:8e:30:6b:f5:a8:ad:f8:0f:
                    81:06:a0:8c:59:f2:b2:15:f8:04:fb:32:b4:9c:21:
                    26:c5:68:35:47:d1:70:7b:e8:74:ba:17:6b:13:97:
                    0b:c8:b7:52:f7:c7:2b:2d:98:3a:21:c0:a3:62:59:
                    97:3f:88:c2:4b:64:0a:94:db:59:99:f1:80:fb:3c:
                    f1:80:49:79:7c:d5:0c:55:a0:59:a4:31:7d:4b:04:
                    a6:ca:10:02:c0:bc:e2:d9:38:f4:8b:18:56:c8:28:
                    22:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:43:50:40:5D:7E:9E:79:B2:DB:9D:FB:D6:53:3B:B0:BF:07:1A:74
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS213581.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7584:9000::/36

    Signature Algorithm: sha256WithRSAEncryption
         3b:72:b1:9a:a1:55:d8:f5:e3:1f:07:00:e3:e9:b4:45:7e:49:
         70:d8:10:5a:88:29:b1:9d:e1:a2:81:d9:c7:a9:34:7a:5d:10:
         c6:51:26:bc:82:d7:47:83:31:19:40:7a:e1:1a:e6:ad:59:6a:
         36:14:01:e6:51:4a:d3:21:70:1c:f3:5b:3f:fd:14:3d:81:02:
         ee:40:10:57:95:23:f2:4a:e6:f1:74:10:28:62:72:53:95:87:
         57:96:6e:e5:cf:18:8c:a1:df:9c:89:80:bc:48:71:ca:4d:ea:
         95:74:83:75:85:6a:67:1a:5b:ef:f1:aa:d0:00:79:0a:7f:6b:
         30:98:8c:7b:e2:29:fe:85:74:e4:18:f4:58:58:81:e6:6b:b6:
         34:8c:4b:68:df:27:7d:86:f6:33:b6:3d:2e:1a:92:b1:bf:17:
         13:64:ec:94:d4:9f:b2:71:53:ff:90:64:e6:c3:c4:ba:09:9a:
         13:a7:b5:6c:c8:ac:31:62:df:e3:99:26:0d:06:2d:34:7c:66:
         62:6f:cd:bc:0c:e2:68:9a:9c:67:69:dc:0f:3d:50:0d:81:23:
         bc:6f:4a:9f:24:c8:11:39:e5:e9:50:af:d0:a9:cd:09:ea:88:
         db:c5:6d:24:e0:a9:ef:24:30:b3:24:65:36:10:c3:d4:c1:c1:
         ba:79:43:a6
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUAOmZuqrDn8yo60l34rZz9juqBu8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTAyMDQwMDEyMDlaFw0yNjAyMDMwMDE3MDlaMDMxMTAvBgNV
BAMTKEIwNDM1MDQwNUQ3RTlFNzlCMkRCOURGQkQ2NTMzQkIwQkYwNzFBNzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMNoQN0xzomZPbMk8N3nx+4k7M
jpbMSTM8AhEEftv6mlUIROgwZV9TQgAeFDIaqFQciX6vrfYv0KH/aaIWDG4IRfBP
M+FVgDHu5d2bxmqyUjtLqk0j2B95CkENeRInO6LO6g+T1yOd+3IBydkHTqrklBE9
esKbXGGhofce7TyreYT1JGmtRKol+PfT7ZV72nvuRO61LzExMPJbJ8WOMGv1qK34
D4EGoIxZ8rIV+AT7MrScISbFaDVH0XB76HS6F2sTlwvIt1L3xystmDohwKNiWZc/
iMJLZAqU21mZ8YD7PPGASXl81QxVoFmkMX1LBKbKEALAvOLZOPSLGFbIKCJpAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUsENQQF1+nnmy25371lM7sL8HGnQwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjEzNTgxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhR1
hJAwDQYJKoZIhvcNAQELBQADggEBADtysZqhVdj14x8HAOPptEV+SXDYEFqIKbGd
4aKB2cepNHpdEMZRJryC10eDMRlAeuEa5q1ZajYUAeZRStMhcBzzWz/9FD2BAu5A
EFeVI/JK5vF0EChiclOVh1eWbuXPGIyh35yJgLxIccpN6pV0g3WFamcaW+/xqtAA
eQp/azCYjHviKf6FdOQY9FhYgeZrtjSMS2jfJ32G9jO2PS4akrG/FxNk7JTUn7Jx
U/+QZObDxLoJmhOntWzIrDFi3+OZJg0GLTR8ZmJvzbwM4mianGdp3A89UA2BI7xv
Sp8kyBE55elQr9CpzQnqiNvFbSTgqe8kMLMkZTYQw9TBwbp5Q6Y=
-----END CERTIFICATE-----