Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS214854.roa
File:                     AS214854.roa (raw, json)
Hash identifier:          mkgYf1IPpwSjHtpBogia2RURLStqit0Wnml0LwgLCwg=
Subject key identifier:   3C:4B:A0:E0:F5:7D:D2:6E:77:93:19:DF:20:0A:77:FB:B9:B3:9D:E8
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       532027C89A9488D087159CC46D98F75EFB67557D
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS214854.roa
Signing time:             Thu 27 Mar 2025 20:43:42 +0000
ROA not before:           Thu 27 Mar 2025 20:38:42 +0000
ROA not after:            Thu 26 Mar 2026 20:43:42 +0000
asID:                     214854
IP address blocks:        31.40.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 01:19:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:20:27:c8:9a:94:88:d0:87:15:9c:c4:6d:98:f7:5e:fb:67:55:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Mar 27 20:38:42 2025 GMT
            Not After : Mar 26 20:43:42 2026 GMT
        Subject: CN=3C4BA0E0F57DD26E779319DF200A77FBB9B39DE8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ff:cc:7d:19:3a:e4:50:a2:46:00:12:9f:41:
                    0c:ac:35:b2:0b:75:11:20:7d:48:a7:a8:06:1b:d4:
                    24:b1:1c:ab:4a:dc:cc:64:49:f1:df:88:ec:9a:03:
                    52:71:2a:68:c4:c3:d7:51:11:b2:22:99:54:79:a6:
                    4c:80:61:9c:56:df:45:e0:50:33:b5:96:3d:bf:57:
                    f2:60:e1:b5:27:ef:75:8f:4f:fa:6f:b3:a2:f5:0e:
                    6a:69:06:f8:31:20:70:b2:05:a4:1e:3f:98:05:8a:
                    99:1c:22:00:28:43:cf:03:24:67:17:cd:79:bb:e0:
                    dc:eb:ac:3c:66:23:fc:92:30:12:d6:f9:b0:ff:71:
                    e1:b9:15:0c:25:ea:c7:94:44:19:27:b2:e9:15:b0:
                    dc:3a:11:42:d6:f2:7e:b7:f8:ba:02:c2:42:ef:f0:
                    07:1e:02:7d:d0:58:73:17:88:97:82:cd:33:83:04:
                    2f:45:d1:73:a0:98:a9:52:a4:d4:33:c2:d2:e5:3b:
                    51:e0:ba:0d:69:77:0e:d1:2b:ba:c1:bd:19:8c:47:
                    20:7b:6a:e7:3d:7a:24:c0:65:10:23:8e:f3:ac:49:
                    69:15:8c:a8:c5:22:d0:a3:cc:a3:08:d8:ed:d6:8e:
                    cf:f4:bb:c5:7f:21:61:b4:d3:06:e6:39:e6:7a:aa:
                    81:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:4B:A0:E0:F5:7D:D2:6E:77:93:19:DF:20:0A:77:FB:B9:B3:9D:E8
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS214854.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:58:e6:ee:e8:0e:45:ec:f4:9f:06:84:ed:2d:b2:7c:98:67:
         e8:a9:2d:01:7c:de:e4:68:d7:e7:ee:4f:d5:45:22:96:8e:4d:
         30:5f:a9:76:f9:e6:77:03:59:b2:2c:69:47:82:c1:c3:a3:fc:
         8b:87:6a:f9:ae:0b:7a:c3:5d:e0:7e:cb:71:f5:54:04:62:4d:
         60:0b:65:4d:12:46:a3:19:fe:35:e9:08:b5:72:71:ae:93:51:
         04:cb:9f:f8:20:3d:57:52:52:68:07:33:9e:f7:bf:0e:b6:2e:
         68:77:25:18:56:0d:78:9a:d9:84:a4:ff:f6:cf:b3:26:5d:db:
         40:3c:28:fc:68:4c:a4:66:3e:c6:17:44:c9:f4:d9:2e:08:63:
         c8:b7:d0:af:2c:c7:38:26:b6:cb:61:47:07:db:03:79:1b:22:
         03:23:38:5d:d3:22:f1:3d:f6:e1:4c:03:58:c7:11:0b:5d:36:
         42:85:e1:de:88:a7:a1:46:35:18:a0:a7:e3:43:fd:db:f3:18:
         58:97:15:61:09:5f:c1:3d:99:fb:ae:b2:c3:fe:d2:4b:36:9c:
         ae:62:2d:fa:2e:45:ca:82:d1:78:5c:96:3d:b0:55:73:62:8a:
         1d:71:a4:ed:96:b9:4f:a5:5c:57:50:2e:d8:1f:21:55:92:a7:
         91:22:01:bc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUUyAnyJqUiNCHFZzEbZj3XvtnVX0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTAzMjcyMDM4NDJaFw0yNjAzMjYyMDQzNDJaMDMxMTAvBgNV
BAMTKDNDNEJBMEUwRjU3REQyNkU3NzkzMTlERjIwMEE3N0ZCQjlCMzlERTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCz/8x9GTrkUKJGABKfQQysNbIL
dREgfUinqAYb1CSxHKtK3MxkSfHfiOyaA1JxKmjEw9dREbIimVR5pkyAYZxW30Xg
UDO1lj2/V/Jg4bUn73WPT/pvs6L1DmppBvgxIHCyBaQeP5gFipkcIgAoQ88DJGcX
zXm74NzrrDxmI/ySMBLW+bD/ceG5FQwl6seURBknsukVsNw6EULW8n63+LoCwkLv
8AceAn3QWHMXiJeCzTODBC9F0XOgmKlSpNQzwtLlO1Hgug1pdw7RK7rBvRmMRyB7
auc9eiTAZRAjjvOsSWkVjKjFItCjzKMI2O3Wjs/0u8V/IWG00wbmOeZ6qoE5AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUPEug4PV90m53kxnfIAp3+7mznegwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjE0ODU0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyjH
MA0GCSqGSIb3DQEBCwUAA4IBAQBtWObu6A5F7PSfBoTtLbJ8mGfoqS0BfN7kaNfn
7k/VRSKWjk0wX6l2+eZ3A1myLGlHgsHDo/yLh2r5rgt6w13gfstx9VQEYk1gC2VN
EkajGf416Qi1cnGuk1EEy5/4ID1XUlJoBzOe978Oti5odyUYVg14mtmEpP/2z7Mm
XdtAPCj8aEykZj7GF0TJ9NkuCGPIt9CvLMc4JrbLYUcH2wN5GyIDIzhd0yLxPfbh
TANYxxELXTZCheHeiKehRjUYoKfjQ/3b8xhYlxVhCV/BPZn7rrLD/tJLNpyuYi36
LkXKgtF4XJY9sFVzYoodcaTtlrlPpVxXUC7YHyFVkqeRIgG8
-----END CERTIFICATE-----