Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214344.roa
File:                     AS214344.roa (raw, json)
Hash identifier:          fWMAkq2nUNE42T6Lmsl8AIdU9Ug7fdD39MxNF2GbL38=
Subject key identifier:   F9:72:CE:18:A2:C5:41:04:32:52:10:B8:A8:88:FD:6A:24:42:63:9B
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       208B731B9ADF6C6D385A0EB99483389181B58EBA
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214344.roa
Signing time:             Tue 04 Feb 2025 00:17:09 +0000
ROA not before:           Tue 04 Feb 2025 00:12:09 +0000
ROA not after:            Tue 03 Feb 2026 00:17:09 +0000
asID:                     214344
IP address blocks:        2a14:7580:5000::/36 maxlen: 48
                          2a14:7581:9900::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:8b:73:1b:9a:df:6c:6d:38:5a:0e:b9:94:83:38:91:81:b5:8e:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Feb  4 00:12:09 2025 GMT
            Not After : Feb  3 00:17:09 2026 GMT
        Subject: CN=F972CE18A2C54104325210B8A888FD6A2442639B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:2b:c0:37:49:7f:46:53:f9:b4:9f:62:a0:88:
                    32:59:77:6f:de:a2:04:e0:11:fc:a8:8e:48:f8:3a:
                    70:d4:7f:d2:1a:e8:a4:7e:cd:a7:5f:95:b5:86:ab:
                    97:63:df:a9:5f:5c:3a:7b:21:1c:be:f6:33:d5:33:
                    27:d8:1a:f4:19:e0:ca:4e:98:89:7b:5c:0f:92:b3:
                    32:7c:8e:f4:b6:b5:e5:73:0b:ce:50:73:55:c2:c0:
                    cc:b9:33:36:a3:c7:11:3b:e4:ca:25:0d:06:06:57:
                    09:cb:2b:39:1d:67:7d:6f:bc:d0:54:34:c9:9f:65:
                    cb:36:8b:ed:2d:51:7d:ec:ed:ad:ce:ac:77:d1:df:
                    27:02:82:70:a1:c9:0a:1d:40:f4:4b:b0:e3:fe:89:
                    d8:33:f0:21:7e:d6:9f:30:b6:b2:23:69:26:d6:01:
                    b7:f5:75:db:a4:e1:3a:05:0a:99:68:3f:3d:05:40:
                    4f:42:02:eb:95:88:a0:1c:32:23:5e:1e:cf:bf:ba:
                    8a:ed:64:fe:91:29:eb:be:d3:8c:f8:14:90:72:f0:
                    d3:fc:55:e3:e9:2f:15:c1:22:f6:00:0c:f6:81:88:
                    15:6b:87:17:08:89:e1:96:e6:1b:cc:fa:ff:bb:73:
                    85:91:ac:a4:5e:9d:65:cc:9e:8a:88:c7:af:7a:39:
                    08:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:72:CE:18:A2:C5:41:04:32:52:10:B8:A8:88:FD:6A:24:42:63:9B
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214344.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:5000::/36
                  2a14:7581:9900::/40

    Signature Algorithm: sha256WithRSAEncryption
         42:f1:f8:16:43:65:df:14:e8:e4:c9:fc:7a:d4:fd:fd:c9:87:
         af:aa:f2:b4:57:ed:a4:9b:c9:87:bc:65:29:5b:48:ea:e1:53:
         c7:b6:cd:ad:08:f3:dd:4c:34:6d:be:41:82:1a:1f:cc:07:e6:
         cd:df:bc:56:42:d1:83:01:7e:f0:b2:68:66:b5:23:57:3f:97:
         1b:60:08:45:5b:b7:4e:19:97:8d:e2:94:99:24:49:66:c4:a4:
         68:24:e2:f1:3b:08:f5:b8:b5:88:3c:95:a5:a4:76:cc:ee:88:
         4f:b6:20:58:48:62:d8:c5:eb:12:f2:39:62:58:49:50:7f:ab:
         41:65:1f:0b:5f:b5:f7:4d:a4:bb:ad:6d:38:4f:30:06:70:69:
         a8:54:5f:d7:9d:0b:5e:7b:04:a5:8d:f4:5c:1c:d3:2b:8c:35:
         e0:2e:93:5b:c3:60:9d:28:0f:d2:65:05:c4:72:ce:55:b4:8d:
         d6:38:e9:3b:e9:5e:81:7f:f0:7a:04:af:4b:c8:81:b6:5f:9b:
         62:22:a7:26:c8:5b:4b:a5:74:2e:23:71:d8:b4:f0:a6:e4:22:
         14:ef:5f:4c:65:1c:eb:d4:ff:b1:fe:6d:8e:12:83:db:5c:9e:
         fc:2d:98:b1:ea:58:a3:32:7b:d0:a5:d8:9e:2d:da:25:2e:b5:
         16:6d:5e:45
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIUIItzG5rfbG04Wg65lIM4kYG1jrowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTAyMDQwMDEyMDlaFw0yNjAyMDMwMDE3MDlaMDMxMTAvBgNV
BAMTKEY5NzJDRTE4QTJDNTQxMDQzMjUyMTBCOEE4ODhGRDZBMjQ0MjYzOUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZK8A3SX9GU/m0n2KgiDJZd2/e
ogTgEfyojkj4OnDUf9Ia6KR+zadflbWGq5dj36lfXDp7IRy+9jPVMyfYGvQZ4MpO
mIl7XA+SszJ8jvS2teVzC85Qc1XCwMy5MzajxxE75MolDQYGVwnLKzkdZ31vvNBU
NMmfZcs2i+0tUX3s7a3OrHfR3ycCgnChyQodQPRLsOP+idgz8CF+1p8wtrIjaSbW
Abf1dduk4ToFCploPz0FQE9CAuuViKAcMiNeHs+/uortZP6RKeu+04z4FJBy8NP8
VePpLxXBIvYADPaBiBVrhxcIieGW5hvM+v+7c4WRrKRenWXMnoqIx696OQjbAgMB
AAGjggIUMIICEDAdBgNVHQ4EFgQU+XLOGKLFQQQyUhC4qIj9aiRCY5swHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjE0MzQ0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYEKhR1
gFADBgAqFHWBmTANBgkqhkiG9w0BAQsFAAOCAQEAQvH4FkNl3xTo5Mn8etT9/cmH
r6rytFftpJvJh7xlKVtI6uFTx7bNrQjz3Uw0bb5BghofzAfmzd+8VkLRgwF+8LJo
ZrUjVz+XG2AIRVu3ThmXjeKUmSRJZsSkaCTi8TsI9bi1iDyVpaR2zO6IT7YgWEhi
2MXrEvI5YlhJUH+rQWUfC1+1902ku61tOE8wBnBpqFRf150LXnsEpY30XBzTK4w1
4C6TW8NgnSgP0mUFxHLOVbSN1jjpO+legX/wegSvS8iBtl+bYiKnJshbS6V0LiNx
2LTwpuQiFO9fTGUc69T/sf5tjhKD21ye/C2YsepYozJ70KXYni3aJS61Fm1eRQ==
-----END CERTIFICATE-----