Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS213404.roa
File:                     AS213404.roa (raw, json)
Hash identifier:          G912kWmDqOjjDFfWO05aGWqNLkkFW9qIXZ5HJES6QtI=
Subject key identifier:   4B:A4:FC:4B:2C:9C:BF:D4:17:7C:19:DC:2C:8A:D7:C0:B6:99:C8:05
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       065EEC874EAA8E254085E9A9914631DEF167D3F5
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS213404.roa
Signing time:             Wed 05 Mar 2025 07:13:55 +0000
ROA not before:           Wed 05 Mar 2025 07:08:55 +0000
ROA not after:            Wed 04 Mar 2026 07:13:55 +0000
asID:                     213404
IP address blocks:        84.54.2.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 01:19:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:5e:ec:87:4e:aa:8e:25:40:85:e9:a9:91:46:31:de:f1:67:d3:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Mar  5 07:08:55 2025 GMT
            Not After : Mar  4 07:13:55 2026 GMT
        Subject: CN=4BA4FC4B2C9CBFD4177C19DC2C8AD7C0B699C805
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:bf:a2:bc:e0:d9:4f:f3:8f:18:85:45:30:3b:
                    94:ec:a9:42:99:ae:c5:24:bc:25:7b:31:92:ad:3b:
                    7a:fe:6c:f9:0a:05:48:46:20:1b:90:34:11:6f:93:
                    e8:02:f6:eb:ce:d6:cf:ac:92:7d:1c:4b:59:76:2d:
                    6b:5d:b1:1d:ec:69:31:7e:60:43:b1:82:82:6a:03:
                    eb:2b:1e:b5:b8:31:07:bb:9e:d4:e8:e8:ff:10:aa:
                    23:2f:6f:4f:c5:fd:06:5f:60:e1:f9:c9:c0:cf:3f:
                    f3:97:6d:0a:cd:07:12:87:f7:57:13:69:c6:bd:32:
                    90:cc:e8:0c:4f:69:89:69:77:b4:29:7c:c0:96:53:
                    7e:9f:4b:93:81:c0:73:2e:ec:6b:9a:e5:72:e8:b0:
                    5c:1e:a2:ec:51:2d:28:e4:c6:53:bf:fe:50:bb:42:
                    e1:2f:7b:78:3d:7a:91:71:15:20:59:e5:75:67:e4:
                    f3:01:7d:8f:e3:b8:e0:bf:8a:b2:42:be:d0:2e:80:
                    e2:5e:1a:9b:3b:2c:b3:80:ab:a1:db:56:d6:69:53:
                    e4:44:1a:04:57:89:df:e6:53:59:cf:77:36:86:7b:
                    b4:e9:b9:15:be:c0:61:29:32:75:c6:0e:ba:81:89:
                    72:b0:c1:d2:e7:47:68:9c:a2:8d:48:18:4d:00:e3:
                    81:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:A4:FC:4B:2C:9C:BF:D4:17:7C:19:DC:2C:8A:D7:C0:B6:99:C8:05
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS213404.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.54.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8c:4c:29:6a:85:25:e8:10:4f:50:05:48:f9:50:cb:1a:e9:08:
         a5:e8:c8:a4:68:f6:eb:71:df:33:79:e9:4f:53:cb:31:2c:fe:
         3a:15:11:6c:1e:b1:8d:d4:3b:4f:0c:ee:d1:aa:7e:bd:a2:cc:
         42:a4:f9:5f:2f:b1:2f:64:4e:dc:72:71:b7:a2:ba:4d:06:8d:
         12:7c:b2:e9:cf:4e:0d:3a:77:d4:ad:e1:5b:95:ee:50:56:5c:
         0d:be:9f:6e:19:b9:21:f0:fb:ae:66:60:59:66:44:65:ee:52:
         f7:d5:a0:05:15:de:23:9d:be:a5:b1:1e:80:a8:5e:6f:85:f7:
         21:dc:d8:55:b0:90:8d:c7:1a:aa:da:b7:1f:d5:53:59:9a:f7:
         10:a8:93:ff:29:ce:29:c3:e3:23:2e:72:a1:d8:06:5b:0d:a6:
         2e:fc:63:e8:64:a8:1e:1e:68:8d:2d:78:62:b2:9b:40:36:e3:
         e7:23:94:d1:89:c6:b0:b7:7c:6b:eb:d7:54:67:6b:a4:e6:ac:
         2d:bf:2e:66:ea:59:89:8d:13:21:a8:3f:9d:41:ad:ee:71:13:
         bd:69:7d:b1:3b:f1:c8:4d:88:79:e4:19:3c:9f:5f:73:20:08:
         5e:46:a0:b0:39:b0:c4:14:a4:c6:a4:c5:97:dc:e5:4c:8e:56:
         4d:06:91:19
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUBl7sh06qjiVAhempkUYx3vFn0/UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTAzMDUwNzA4NTVaFw0yNjAzMDQwNzEzNTVaMDMxMTAvBgNV
BAMTKDRCQTRGQzRCMkM5Q0JGRDQxNzdDMTlEQzJDOEFEN0MwQjY5OUM4MDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpv6K84NlP848YhUUwO5TsqUKZ
rsUkvCV7MZKtO3r+bPkKBUhGIBuQNBFvk+gC9uvO1s+skn0cS1l2LWtdsR3saTF+
YEOxgoJqA+srHrW4MQe7ntTo6P8QqiMvb0/F/QZfYOH5ycDPP/OXbQrNBxKH91cT
aca9MpDM6AxPaYlpd7QpfMCWU36fS5OBwHMu7Gua5XLosFweouxRLSjkxlO//lC7
QuEve3g9epFxFSBZ5XVn5PMBfY/juOC/irJCvtAugOJeGps7LLOAq6HbVtZpU+RE
GgRXid/mU1nPdzaGe7TpuRW+wGEpMnXGDrqBiXKwwdLnR2icoo1IGE0A44HxAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUS6T8Syycv9QXfBncLIrXwLaZyAUwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjEzNDA0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVDYC
MA0GCSqGSIb3DQEBCwUAA4IBAQCMTClqhSXoEE9QBUj5UMsa6Qil6MikaPbrcd8z
eelPU8sxLP46FRFsHrGN1DtPDO7Rqn69osxCpPlfL7EvZE7ccnG3orpNBo0SfLLp
z04NOnfUreFble5QVlwNvp9uGbkh8PuuZmBZZkRl7lL31aAFFd4jnb6lsR6AqF5v
hfch3NhVsJCNxxqq2rcf1VNZmvcQqJP/Kc4pw+MjLnKh2AZbDaYu/GPoZKgeHmiN
LXhisptANuPnI5TRicawt3xr69dUZ2uk5qwtvy5m6lmJjRMhqD+dQa3ucRO9aX2x
O/HITYh55Bk8n19zIAheRqCwObDEFKTGpMWX3OVMjlZNBpEZ
-----END CERTIFICATE-----