Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS214677.roa
File:                     AS214677.roa (raw, json)
Hash identifier:          amU0WRbuFAYHVT7CFnQfVojSskpGHNIVDKM2SiyQJi4=
Subject key identifier:   4A:2C:F5:19:7C:1B:2A:9C:EC:9A:48:05:02:14:A1:AD:C6:2D:C8:35
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       0BBEAABC806B6C6EC48393EFABC777C526948973
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS214677.roa
Signing time:             Wed 04 Dec 2024 15:17:41 +0000
ROA not before:           Wed 04 Dec 2024 15:12:41 +0000
ROA not after:            Wed 03 Dec 2025 15:17:41 +0000
asID:                     214677
IP address blocks:        141.11.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:be:aa:bc:80:6b:6c:6e:c4:83:93:ef:ab:c7:77:c5:26:94:89:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Dec  4 15:12:41 2024 GMT
            Not After : Dec  3 15:17:41 2025 GMT
        Subject: CN=4A2CF5197C1B2A9CEC9A48050214A1ADC62DC835
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:fb:be:63:a1:74:3e:2e:6e:a7:a2:d2:af:f9:
                    19:21:69:77:b4:54:b8:ba:21:32:58:4d:97:16:a6:
                    67:0c:6f:a9:30:dc:d7:48:eb:6d:cf:db:f2:7d:b4:
                    45:86:f3:08:6b:99:19:a7:1c:d3:97:1a:c4:4e:9c:
                    3d:41:9c:56:7b:eb:70:01:e9:9b:28:bb:8d:c5:69:
                    b6:9d:47:f7:06:a8:a1:ae:44:01:16:f6:f6:2f:a0:
                    be:db:04:06:98:c6:3e:e5:e2:f6:c5:54:f6:fc:69:
                    0f:4d:61:e4:54:7b:0e:ea:97:7a:dc:f7:e0:67:a4:
                    91:78:5f:e6:fc:4c:0f:9a:06:a5:8c:d6:25:58:ab:
                    75:65:9b:16:bf:82:30:93:9c:48:d9:96:ec:64:16:
                    6f:af:aa:8a:76:5b:74:14:94:08:bb:7c:b1:ab:f7:
                    5d:d5:64:34:4d:26:e7:0d:f2:9b:27:95:a5:df:6b:
                    07:24:e1:85:9b:c3:70:9f:cf:ea:4a:71:fd:c4:21:
                    ce:61:16:7a:c7:6e:45:fa:5d:53:17:54:d7:ef:cb:
                    2a:76:63:4b:a4:ce:eb:71:c1:21:22:e0:08:e8:86:
                    80:e6:8b:38:c7:39:e6:36:7d:e3:07:d5:99:18:78:
                    26:4c:6f:bc:70:2c:d2:2a:a3:34:32:0f:59:65:4e:
                    3d:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:2C:F5:19:7C:1B:2A:9C:EC:9A:48:05:02:14:A1:AD:C6:2D:C8:35
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS214677.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:fc:f5:59:97:0f:1c:1e:6f:f7:36:99:2a:31:32:21:a4:95:
         c0:53:91:61:af:3a:f2:71:b2:02:99:7e:d9:2f:88:82:0e:a6:
         2c:4f:60:33:59:a2:6d:4b:c5:3d:e9:1a:a6:5c:c3:9d:67:fd:
         33:75:3c:fb:04:42:1b:90:d7:71:fc:66:d8:5c:6b:d6:61:b8:
         19:c6:be:ad:34:2a:02:34:67:23:ac:34:7e:9f:af:09:c5:8d:
         c3:5e:73:f8:41:59:cd:46:42:76:01:66:14:6a:d5:b3:ea:d9:
         fb:a8:fe:53:65:a2:dc:ec:d6:42:91:92:c4:fe:ef:41:49:11:
         d5:2d:95:c0:fe:f4:04:9a:e1:85:cc:73:78:98:fd:b0:5f:bf:
         99:c2:e9:b2:bd:f8:a2:96:16:6c:f5:a7:e3:d6:c6:2d:51:c9:
         2e:0b:db:a7:92:0b:58:ea:ad:3b:ab:6b:9a:d4:c0:bb:c0:03:
         6c:a7:40:78:41:7a:0a:4e:e9:3b:4d:a0:55:d8:01:0f:c7:b7:
         14:95:bb:2e:20:30:c5:1f:92:17:c9:e2:8c:4c:00:ba:ea:31:
         e7:9d:18:f3:bd:b8:1c:02:41:d3:ec:19:c6:34:83:cc:23:aa:
         7e:89:0f:fe:28:36:81:8e:f3:55:b8:9f:5f:e6:ef:03:21:a5:
         1e:03:df:b6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUC76qvIBrbG7Eg5Pvq8d3xSaUiXMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDEyMDQxNTEyNDFaFw0yNTEyMDMxNTE3NDFaMDMxMTAvBgNV
BAMTKDRBMkNGNTE5N0MxQjJBOUNFQzlBNDgwNTAyMTRBMUFEQzYyREM4MzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDj+75joXQ+Lm6notKv+RkhaXe0
VLi6ITJYTZcWpmcMb6kw3NdI623P2/J9tEWG8whrmRmnHNOXGsROnD1BnFZ763AB
6Zsou43FabadR/cGqKGuRAEW9vYvoL7bBAaYxj7l4vbFVPb8aQ9NYeRUew7ql3rc
9+BnpJF4X+b8TA+aBqWM1iVYq3Vlmxa/gjCTnEjZluxkFm+vqop2W3QUlAi7fLGr
913VZDRNJucN8psnlaXfawck4YWbw3Cfz+pKcf3EIc5hFnrHbkX6XVMXVNfvyyp2
Y0ukzutxwSEi4AjohoDmizjHOeY2feMH1ZkYeCZMb7xwLNIqozQyD1llTj1FAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUSiz1GXwbKpzsmkgFAhShrcYtyDUwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE0Njc3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQun
MA0GCSqGSIb3DQEBCwUAA4IBAQBp/PVZlw8cHm/3NpkqMTIhpJXAU5FhrzrycbIC
mX7ZL4iCDqYsT2AzWaJtS8U96RqmXMOdZ/0zdTz7BEIbkNdx/GbYXGvWYbgZxr6t
NCoCNGcjrDR+n68JxY3DXnP4QVnNRkJ2AWYUatWz6tn7qP5TZaLc7NZCkZLE/u9B
SRHVLZXA/vQEmuGFzHN4mP2wX7+ZwumyvfiilhZs9afj1sYtUckuC9unkgtY6q07
q2ua1MC7wANsp0B4QXoKTuk7TaBV2AEPx7cUlbsuIDDFH5IXyeKMTAC66jHnnRjz
vbgcAkHT7BnGNIPMI6p+iQ/+KDaBjvNVuJ9f5u8DIaUeA9+2
-----END CERTIFICATE-----