Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214454.roa
File:                     AS214454.roa (raw, json)
Hash identifier:          UbxtGTKfyPY6VnJyHCN/PcZxYwrYPL8o846cRhr43aw=
Subject key identifier:   BC:B9:A3:93:30:F7:A3:35:E5:8E:D8:45:2E:80:DE:49:8A:7C:BC:0A
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       4183BB55862C6F566811EA06EB824F10815F06B7
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214454.roa
Signing time:             Tue 04 Feb 2025 00:17:07 +0000
ROA not before:           Tue 04 Feb 2025 00:12:07 +0000
ROA not after:            Tue 03 Feb 2026 00:17:07 +0000
asID:                     214454
IP address blocks:        2a14:7580:2000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 14:04:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:83:bb:55:86:2c:6f:56:68:11:ea:06:eb:82:4f:10:81:5f:06:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Feb  4 00:12:07 2025 GMT
            Not After : Feb  3 00:17:07 2026 GMT
        Subject: CN=BCB9A39330F7A335E58ED8452E80DE498A7CBC0A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:80:b0:c5:cd:ef:e8:c8:3d:3e:bb:01:8d:6c:
                    6b:d8:ba:40:12:5f:19:62:de:cb:53:e6:05:8b:58:
                    30:45:5f:0c:12:14:19:76:49:f0:50:d2:3d:46:14:
                    ac:78:c9:c4:52:e1:20:eb:8a:1b:bb:6a:05:69:d9:
                    42:cd:6f:13:cd:f7:e5:b5:14:b3:bf:ed:05:dc:5e:
                    e3:10:52:04:fb:f2:0e:16:e2:65:7a:8a:df:b9:86:
                    63:d9:cf:53:38:a5:5f:01:90:0d:cf:b1:b5:8c:8e:
                    f7:23:e2:5c:be:e2:29:19:80:d8:0d:3b:66:24:44:
                    ca:9d:96:e1:53:c1:64:cf:0b:47:9b:db:c5:2f:fa:
                    12:b4:f8:03:87:a2:33:29:68:23:a2:24:d7:cf:87:
                    a1:4d:3a:d5:ce:8a:0f:64:ac:14:37:54:e3:64:ea:
                    65:11:2e:00:20:39:7d:1c:9f:ba:b4:f1:08:c9:0d:
                    ba:2c:6a:f6:3e:ab:37:f8:46:57:9b:d6:c3:dd:86:
                    0b:44:da:fe:1a:3a:37:46:55:5d:48:ca:5b:dd:64:
                    10:83:e8:a5:6b:5e:7b:2c:00:04:e0:19:4d:f7:45:
                    0b:a2:96:05:79:5b:2f:b9:c4:72:79:f8:f9:e5:6e:
                    8e:b4:2c:b3:9b:fc:83:c5:fb:13:1d:42:d1:a7:1b:
                    0b:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:B9:A3:93:30:F7:A3:35:E5:8E:D8:45:2E:80:DE:49:8A:7C:BC:0A
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214454.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         3a:11:92:6f:a7:d5:40:e9:5b:f8:12:04:aa:b1:8f:37:ce:c7:
         74:44:6e:72:41:1d:92:51:c9:ea:91:b0:bc:a8:b2:d2:b8:9e:
         1c:b5:77:46:ef:99:af:72:38:da:cf:f0:fa:51:33:43:6a:45:
         6e:49:2f:89:ed:4f:96:0e:d2:92:c4:17:ec:65:61:b8:f1:47:
         f4:7e:a6:a9:58:a0:6c:b3:91:ff:a9:79:57:d8:85:1e:86:1c:
         54:d2:e3:27:7b:62:59:73:11:e0:79:69:ac:7c:75:c9:c6:f1:
         13:f2:49:67:05:06:87:7f:57:75:f0:7b:dd:81:4e:92:f0:6c:
         b1:46:3d:dd:f8:91:59:aa:fa:c4:ba:11:1b:8b:7d:4a:54:b0:
         ee:9a:f0:76:02:dc:89:aa:bf:55:fe:ea:4d:3b:10:b4:c7:c2:
         3d:98:1d:e5:dd:c3:0d:e6:50:97:f4:ab:2c:f8:ac:6d:33:3d:
         81:9f:7f:ae:f4:60:71:79:2e:a5:c8:d9:a4:22:ce:4c:ee:65:
         1d:4e:cd:00:a4:8d:fa:d4:eb:2b:4a:3b:99:78:c9:31:db:01:
         9c:37:a7:93:9a:09:56:ac:7c:63:ad:7c:8b:d9:e7:26:82:15:
         e5:05:5c:17:9a:1e:78:2e:e4:aa:7d:04:95:c4:81:e8:2f:2f:
         eb:04:30:7a
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUQYO7VYYsb1ZoEeoG64JPEIFfBrcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTAyMDQwMDEyMDdaFw0yNjAyMDMwMDE3MDdaMDMxMTAvBgNV
BAMTKEJDQjlBMzkzMzBGN0EzMzVFNThFRDg0NTJFODBERTQ5OEE3Q0JDMEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFgLDFze/oyD0+uwGNbGvYukAS
Xxli3stT5gWLWDBFXwwSFBl2SfBQ0j1GFKx4ycRS4SDrihu7agVp2ULNbxPN9+W1
FLO/7QXcXuMQUgT78g4W4mV6it+5hmPZz1M4pV8BkA3PsbWMjvcj4ly+4ikZgNgN
O2YkRMqdluFTwWTPC0eb28Uv+hK0+AOHojMpaCOiJNfPh6FNOtXOig9krBQ3VONk
6mURLgAgOX0cn7q08QjJDbosavY+qzf4Rleb1sPdhgtE2v4aOjdGVV1IylvdZBCD
6KVrXnssAATgGU33RQuilgV5Wy+5xHJ5+Pnlbo60LLOb/IPF+xMdQtGnGwvjAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUvLmjkzD3ozXljthFLoDeSYp8vAowHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjE0NDU0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhR1
gCAwDQYJKoZIhvcNAQELBQADggEBADoRkm+n1UDpW/gSBKqxjzfOx3REbnJBHZJR
yeqRsLyostK4nhy1d0bvma9yONrP8PpRM0NqRW5JL4ntT5YO0pLEF+xlYbjxR/R+
pqlYoGyzkf+peVfYhR6GHFTS4yd7YllzEeB5aax8dcnG8RPySWcFBod/V3Xwe92B
TpLwbLFGPd34kVmq+sS6ERuLfUpUsO6a8HYC3Imqv1X+6k07ELTHwj2YHeXdww3m
UJf0qyz4rG0zPYGff670YHF5LqXI2aQizkzuZR1OzQCkjfrU6ytKO5l4yTHbAZw3
p5OaCVasfGOtfIvZ5yaCFeUFXBeaHngu5Kp9BJXEgegvL+sEMHo=
-----END CERTIFICATE-----