Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214496.roa
File:                     AS214496.roa (raw, json)
Hash identifier:          xcLAjzEfqL7xu3lyEGEX2si/rYBT7pY/YJy+irAO6RI=
Subject key identifier:   8D:A3:16:08:CD:C2:3E:1D:6F:04:87:58:35:10:2A:B8:E8:40:9A:97
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       3538A023631C31846C98B660DE5F914ED17BA984
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214496.roa
Signing time:             Tue 04 Feb 2025 00:17:09 +0000
ROA not before:           Tue 04 Feb 2025 00:12:09 +0000
ROA not after:            Tue 03 Feb 2026 00:17:09 +0000
asID:                     214496
IP address blocks:        2a14:7581:9a00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 14:04:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:38:a0:23:63:1c:31:84:6c:98:b6:60:de:5f:91:4e:d1:7b:a9:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Feb  4 00:12:09 2025 GMT
            Not After : Feb  3 00:17:09 2026 GMT
        Subject: CN=8DA31608CDC23E1D6F04875835102AB8E8409A97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:05:1c:93:4a:e0:54:11:ec:f7:17:f7:50:00:
                    f5:c2:56:7a:d9:32:f3:d0:6f:1b:c0:6d:d6:76:cf:
                    00:5e:7f:f1:40:9a:04:87:07:8e:1e:33:66:a7:80:
                    ba:4e:c4:a3:cf:47:3a:40:a6:fe:93:94:03:00:f4:
                    71:85:34:ec:b9:86:0a:f7:8c:68:be:a1:0c:1e:63:
                    b8:63:d6:29:07:ea:34:14:3f:df:4f:37:cc:86:13:
                    dd:fd:85:33:2e:c1:9a:09:af:f6:73:7f:7b:7e:cc:
                    99:6e:28:01:8d:ad:8d:7b:a0:d1:ef:fc:50:9c:f3:
                    ba:c4:54:1d:4e:8a:81:04:d9:12:0d:49:4f:dd:fe:
                    6a:d8:e7:7e:22:1a:57:47:53:03:3a:6e:ee:5a:2b:
                    ea:9c:6d:4e:44:1f:55:d7:14:d4:b7:07:ab:8b:19:
                    db:ba:c3:d0:b3:14:3b:e5:46:8f:ad:a3:0f:a4:b0:
                    f3:98:e7:4c:1d:77:76:8b:45:be:c8:ed:23:79:28:
                    47:d4:ed:f6:6b:5d:f0:ce:90:f2:1f:26:9a:2c:45:
                    be:bf:4e:24:18:56:77:0b:f6:45:9b:31:1e:33:df:
                    69:ba:d0:59:98:68:8f:5b:e2:ef:a3:48:95:45:80:
                    b5:cc:3b:fb:56:f0:72:89:40:83:e1:b3:4b:6b:67:
                    20:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:A3:16:08:CD:C2:3E:1D:6F:04:87:58:35:10:2A:B8:E8:40:9A:97
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214496.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:9a00::/40

    Signature Algorithm: sha256WithRSAEncryption
         44:44:8a:3f:f8:30:7e:33:2f:73:80:f0:fd:f3:1e:63:8b:17:
         db:38:e3:9a:56:ac:40:7e:94:5b:f6:a8:42:e0:d5:0a:c9:8b:
         2d:b4:08:d9:5b:7b:6d:b1:1a:e8:b5:9d:5b:9b:5d:94:6f:ef:
         27:b1:ef:61:6d:1f:e0:8b:ba:b6:94:8d:0e:01:78:22:e1:65:
         c2:98:76:88:70:b6:c9:64:d1:32:6b:b8:64:f4:19:73:ec:2f:
         4e:49:1a:f6:77:6e:ef:ed:72:1f:c8:4f:4c:46:d2:8c:b2:2b:
         09:4a:8a:2c:8d:d2:75:89:be:ad:96:93:4c:79:75:eb:2f:9d:
         25:d3:0f:79:ce:ac:c5:40:a6:a8:52:64:3d:75:14:60:97:d9:
         e6:e1:b2:a4:d4:4c:0f:6c:3b:a8:70:57:a9:d5:d4:2b:86:71:
         c9:66:dd:cf:71:73:19:3c:c0:2d:2c:87:d9:2b:36:7e:66:49:
         37:b6:a5:1c:6c:49:8f:48:83:1f:3d:7b:1b:fa:89:63:1f:a6:
         7f:56:92:b7:ee:1c:9b:0e:7b:27:78:9b:30:57:b0:dc:6f:25:
         72:56:22:0d:77:25:06:21:f7:71:85:c2:09:6d:6a:d3:c9:23:
         3c:85:a3:7c:b8:1c:27:a6:65:d7:21:23:73:93:d6:17:47:22:
         3d:36:31:9c
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUNTigI2McMYRsmLZg3l+RTtF7qYQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTAyMDQwMDEyMDlaFw0yNjAyMDMwMDE3MDlaMDMxMTAvBgNV
BAMTKDhEQTMxNjA4Q0RDMjNFMUQ2RjA0ODc1ODM1MTAyQUI4RTg0MDlBOTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaBRyTSuBUEez3F/dQAPXCVnrZ
MvPQbxvAbdZ2zwBef/FAmgSHB44eM2angLpOxKPPRzpApv6TlAMA9HGFNOy5hgr3
jGi+oQweY7hj1ikH6jQUP99PN8yGE939hTMuwZoJr/Zzf3t+zJluKAGNrY17oNHv
/FCc87rEVB1OioEE2RINSU/d/mrY534iGldHUwM6bu5aK+qcbU5EH1XXFNS3B6uL
Gdu6w9CzFDvlRo+tow+ksPOY50wdd3aLRb7I7SN5KEfU7fZrXfDOkPIfJposRb6/
TiQYVncL9kWbMR4z32m60FmYaI9b4u+jSJVFgLXMO/tW8HKJQIPhs0trZyBNAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUjaMWCM3CPh1vBIdYNRAquOhAmpcwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjE0NDk2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhR1
gZowDQYJKoZIhvcNAQELBQADggEBAEREij/4MH4zL3OA8P3zHmOLF9s445pWrEB+
lFv2qELg1QrJiy20CNlbe22xGui1nVubXZRv7yex72FtH+CLuraUjQ4BeCLhZcKY
dohwtslk0TJruGT0GXPsL05JGvZ3bu/tch/IT0xG0oyyKwlKiiyN0nWJvq2Wk0x5
desvnSXTD3nOrMVApqhSZD11FGCX2ebhsqTUTA9sO6hwV6nV1CuGcclm3c9xcxk8
wC0sh9krNn5mSTe2pRxsSY9Igx89exv6iWMfpn9WkrfuHJsOeyd4mzBXsNxvJXJW
Ig13JQYh93GFwgltatPJIzyFo3y4HCemZdchI3OT1hdHIj02MZw=
-----END CERTIFICATE-----