Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS213650.roa
File:                     AS213650.roa (raw, json)
Hash identifier:          SZBM8dokCH7adiDvR2yXTb1AiipuTiUUWjKlgYuAdyw=
Subject key identifier:   28:85:1E:80:CB:AC:68:82:00:86:25:28:57:ED:DF:0F:5C:5F:ED:07
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       5B1974806AD2720C1EE5087D79946C514877E256
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS213650.roa
Signing time:             Sun 25 May 2025 07:52:47 +0000
ROA not before:           Sun 25 May 2025 07:47:47 +0000
ROA not after:            Sun 24 May 2026 07:52:47 +0000
asID:                     213650
IP address blocks:        2a14:7580:600::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:19:74:80:6a:d2:72:0c:1e:e5:08:7d:79:94:6c:51:48:77:e2:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: May 25 07:47:47 2025 GMT
            Not After : May 24 07:52:47 2026 GMT
        Subject: CN=28851E80CBAC68820086252857EDDF0F5C5FED07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:41:42:e8:7e:2b:e8:d9:a6:4c:49:e8:00:88:
                    45:ec:7d:f2:58:3c:0c:79:71:72:ba:07:63:b1:e7:
                    8b:64:e3:8f:47:98:7b:cb:ab:5a:4f:18:03:68:b1:
                    11:c7:48:f4:7a:f1:42:b6:11:91:67:ca:dc:84:4c:
                    06:f4:69:97:2f:85:68:07:b2:46:6a:39:a6:69:1d:
                    2e:47:de:f7:be:32:a3:2c:0d:08:1f:61:f5:ad:0d:
                    ab:4a:a0:a3:49:03:87:9c:35:5c:46:57:db:26:aa:
                    36:17:39:bf:11:c0:d3:15:dc:ae:fb:a9:ea:63:d5:
                    b6:af:df:d0:cb:b9:16:f4:56:67:36:50:88:27:a3:
                    83:90:e3:93:96:6e:5c:62:6a:2e:a6:7f:fa:65:a6:
                    66:34:28:bf:3e:ec:1a:ae:ad:be:88:5a:dd:a5:1e:
                    19:2f:9f:90:18:e3:cf:ea:34:33:d5:fb:54:f5:31:
                    86:88:5b:58:e4:37:0a:dd:68:d9:11:ed:cf:6e:ba:
                    40:05:06:c4:37:13:7a:15:e8:e4:c8:c1:3f:bb:2b:
                    f8:00:70:67:fb:0c:7f:8d:cd:a1:5c:29:bc:e9:2d:
                    fa:03:3f:c8:d0:c5:42:40:04:e4:4e:b5:32:47:5e:
                    25:62:c0:63:33:fd:49:c6:48:68:c9:d9:6a:17:0c:
                    ee:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:85:1E:80:CB:AC:68:82:00:86:25:28:57:ED:DF:0F:5C:5F:ED:07
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS213650.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:600::/40

    Signature Algorithm: sha256WithRSAEncryption
         19:bb:ea:6d:8c:6f:88:65:5c:7f:cb:d1:d2:ca:26:23:ef:7c:
         0a:cd:21:81:a5:68:a4:5d:f6:a8:cc:57:0b:57:11:50:ba:a2:
         73:3c:2c:23:77:81:e9:86:47:53:c2:a1:bd:63:63:41:c2:d3:
         af:3b:2b:d4:34:3e:49:24:4b:26:94:40:01:5f:17:7c:94:e0:
         2c:2f:59:36:9e:da:1b:5c:2b:83:82:30:ea:83:4f:18:8a:37:
         c8:24:8b:c9:06:ba:91:c3:80:a5:2b:d7:01:d5:36:a8:19:94:
         30:fa:b2:19:e0:d9:0c:01:36:cd:ca:61:44:13:df:05:96:0e:
         65:e1:da:b3:9b:b6:73:be:77:49:93:7e:0a:b1:ce:b9:f2:f5:
         16:d3:4f:21:5f:3c:e4:7e:0f:b0:d6:5a:65:74:0e:a0:60:cc:
         e2:d2:d1:76:f9:0d:e4:ce:84:4d:a9:aa:76:98:e8:8b:66:4f:
         93:41:97:a1:23:5d:6b:7a:a8:5f:fc:17:6c:1c:e1:35:eb:d8:
         4d:9e:75:0f:39:a1:2d:37:f1:87:d5:e2:30:b4:c7:5f:b7:38:
         a3:ce:7a:ec:7a:c2:31:79:78:e6:7f:e1:87:4a:4a:2c:29:3e:
         63:c3:4a:51:f2:50:1f:6d:5b:69:d4:bd:7f:b1:1b:e8:f1:e9:
         71:db:fc:c6
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUWxl0gGrScgwe5Qh9eZRsUUh34lYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTA1MjUwNzQ3NDdaFw0yNjA1MjQwNzUyNDdaMDMxMTAvBgNV
BAMTKDI4ODUxRTgwQ0JBQzY4ODIwMDg2MjUyODU3RURERjBGNUM1RkVEMDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVQULofivo2aZMSegAiEXsffJY
PAx5cXK6B2Ox54tk449HmHvLq1pPGANosRHHSPR68UK2EZFnytyETAb0aZcvhWgH
skZqOaZpHS5H3ve+MqMsDQgfYfWtDatKoKNJA4ecNVxGV9smqjYXOb8RwNMV3K77
qepj1bav39DLuRb0Vmc2UIgno4OQ45OWblxiai6mf/plpmY0KL8+7Bqurb6IWt2l
Hhkvn5AY48/qNDPV+1T1MYaIW1jkNwrdaNkR7c9uukAFBsQ3E3oV6OTIwT+7K/gA
cGf7DH+NzaFcKbzpLfoDP8jQxUJABOROtTJHXiViwGMz/UnGSGjJ2WoXDO6JAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUKIUegMusaIIAhiUoV+3fD1xf7QcwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjEzNjUwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhR1
gAYwDQYJKoZIhvcNAQELBQADggEBABm76m2Mb4hlXH/L0dLKJiPvfArNIYGlaKRd
9qjMVwtXEVC6onM8LCN3gemGR1PCob1jY0HC0687K9Q0PkkkSyaUQAFfF3yU4Cwv
WTae2htcK4OCMOqDTxiKN8gki8kGupHDgKUr1wHVNqgZlDD6shng2QwBNs3KYUQT
3wWWDmXh2rObtnO+d0mTfgqxzrny9RbTTyFfPOR+D7DWWmV0DqBgzOLS0Xb5DeTO
hE2pqnaY6ItmT5NBl6EjXWt6qF/8F2wc4TXr2E2edQ85oS038YfV4jC0x1+3OKPO
eux6wjF5eOZ/4YdKSiwpPmPDSlHyUB9tW2nUvX+xG+jx6XHb/MY=
-----END CERTIFICATE-----