Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214451.roa
File:                     AS214451.roa (raw, json)
Hash identifier:          iZziaOFqbRMarqiGXHoFBQNaPY3XVjOMKpKfm3pocSE=
Subject key identifier:   FA:9A:7B:72:AC:FF:CB:1B:58:25:83:E6:3F:26:3C:69:69:77:AE:2C
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       3FF73E5E2F5DAE71F98E6EA41DAB7B974E30B3AD
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214451.roa
Signing time:             Tue 04 Feb 2025 00:17:08 +0000
ROA not before:           Tue 04 Feb 2025 00:12:08 +0000
ROA not after:            Tue 03 Feb 2026 00:17:08 +0000
asID:                     214451
IP address blocks:        2a14:7580:b000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:f7:3e:5e:2f:5d:ae:71:f9:8e:6e:a4:1d:ab:7b:97:4e:30:b3:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Feb  4 00:12:08 2025 GMT
            Not After : Feb  3 00:17:08 2026 GMT
        Subject: CN=FA9A7B72ACFFCB1B582583E63F263C696977AE2C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:2e:8c:2d:8c:c2:d2:97:54:bc:b0:6e:f0:e7:
                    61:6a:86:dc:1c:c0:e6:21:65:ee:07:9a:0b:ac:56:
                    37:5d:d4:0f:8e:5a:be:bc:87:66:c0:96:2c:b2:08:
                    11:4a:b7:2b:76:c0:6d:47:da:fd:28:ad:d1:48:89:
                    59:2a:30:5d:e3:b1:36:61:80:3b:27:20:a3:d3:86:
                    47:a6:d9:4f:46:c0:a8:b3:56:bc:3c:d8:c3:d3:d8:
                    9e:73:72:44:3c:e2:2c:f7:8d:c5:d6:a9:ba:59:ab:
                    38:bc:a5:19:4c:05:d1:61:d0:09:64:12:58:88:ff:
                    7a:bd:fe:92:b0:aa:c9:26:29:9e:92:28:25:d4:c1:
                    d7:90:30:8e:81:1c:15:ad:a1:93:97:69:54:91:8a:
                    b2:b1:a0:a6:6f:17:ba:46:97:a7:4d:ce:d5:a3:df:
                    45:bc:b5:4c:3e:87:b3:8a:9d:dd:aa:93:ad:ef:4f:
                    b4:b3:0d:ca:ab:9c:3e:a2:f0:0f:97:ff:74:1c:a6:
                    5b:c0:2e:f1:80:b7:89:07:8e:b2:f8:bd:93:43:bd:
                    9d:a1:86:9c:a7:36:c9:c5:f6:df:90:a5:32:e3:2c:
                    a6:e2:f5:a3:77:ea:da:93:30:5b:93:5c:6d:84:1c:
                    5e:db:f9:97:6e:7b:d2:cf:17:2b:43:fe:18:2c:ac:
                    96:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:9A:7B:72:AC:FF:CB:1B:58:25:83:E6:3F:26:3C:69:69:77:AE:2C
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214451.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:b000::/36

    Signature Algorithm: sha256WithRSAEncryption
         7b:be:3e:d6:65:7b:10:0d:da:dc:3f:88:0b:a2:13:e1:95:0f:
         28:c1:9b:64:3e:19:d0:cd:6b:b7:54:08:b7:49:99:38:44:0e:
         9d:72:78:dd:67:ac:bc:b8:2b:b3:8e:cf:ce:e8:a3:96:64:54:
         1d:f2:b8:4d:39:26:be:da:17:68:d5:a4:41:bc:c9:19:be:ad:
         24:c7:c8:1a:1d:81:d9:d3:e0:66:45:3e:bc:d1:ee:11:7d:6b:
         74:21:bb:16:24:c8:37:1e:f5:6a:2b:9f:25:2d:f6:f7:2d:5a:
         52:45:46:76:bb:9b:e9:71:cc:ba:09:75:f2:7d:55:a1:4b:b2:
         e5:98:e7:d9:6d:41:c3:33:a2:bb:f9:18:89:2f:ff:9b:94:a7:
         dd:a5:b7:55:72:9f:ee:e2:f7:6f:44:53:85:6b:ca:61:9a:cb:
         16:cf:d0:b5:22:c4:64:4b:9e:f4:5d:03:5d:eb:13:a4:0a:b8:
         98:11:e3:c7:ce:c2:03:cd:57:0a:84:8d:c7:33:ab:4e:3f:26:
         f4:a1:81:a9:ae:79:89:86:d8:45:67:91:cf:ac:d8:5a:c0:59:
         85:97:45:2e:2d:14:18:7d:9d:1b:83:37:cd:a6:82:b0:56:a8:
         ff:71:08:8e:fb:d0:1a:67:3c:51:87:6c:74:97:bd:1c:29:8e:
         05:65:0e:2a
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUP/c+Xi9drnH5jm6kHat7l04ws60wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTAyMDQwMDEyMDhaFw0yNjAyMDMwMDE3MDhaMDMxMTAvBgNV
BAMTKEZBOUE3QjcyQUNGRkNCMUI1ODI1ODNFNjNGMjYzQzY5Njk3N0FFMkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6LowtjMLSl1S8sG7w52Fqhtwc
wOYhZe4HmgusVjdd1A+OWr68h2bAliyyCBFKtyt2wG1H2v0ordFIiVkqMF3jsTZh
gDsnIKPThkem2U9GwKizVrw82MPT2J5zckQ84iz3jcXWqbpZqzi8pRlMBdFh0Alk
EliI/3q9/pKwqskmKZ6SKCXUwdeQMI6BHBWtoZOXaVSRirKxoKZvF7pGl6dNztWj
30W8tUw+h7OKnd2qk63vT7SzDcqrnD6i8A+X/3QcplvALvGAt4kHjrL4vZNDvZ2h
hpynNsnF9t+QpTLjLKbi9aN36tqTMFuTXG2EHF7b+Zdue9LPFytD/hgsrJaVAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQU+pp7cqz/yxtYJYPmPyY8aWl3riwwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjE0NDUxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhR1
gLAwDQYJKoZIhvcNAQELBQADggEBAHu+PtZlexAN2tw/iAuiE+GVDyjBm2Q+GdDN
a7dUCLdJmThEDp1yeN1nrLy4K7OOz87oo5ZkVB3yuE05Jr7aF2jVpEG8yRm+rSTH
yBodgdnT4GZFPrzR7hF9a3QhuxYkyDce9WornyUt9vctWlJFRna7m+lxzLoJdfJ9
VaFLsuWY59ltQcMzorv5GIkv/5uUp92lt1Vyn+7i929EU4VrymGayxbP0LUixGRL
nvRdA13rE6QKuJgR48fOwgPNVwqEjcczq04/JvShgamueYmG2EVnkc+s2FrAWYWX
RS4tFBh9nRuDN82mgrBWqP9xCI770BpnPFGHbHSXvRwpjgVlDio=
-----END CERTIFICATE-----