Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214143.roa
File:                     AS214143.roa (raw, json)
Hash identifier:          uqf1dMKdy5NwOK9q/8CU7gmN/dqqHOVggVUFqUdRMWk=
Subject key identifier:   AE:64:1C:96:83:36:97:CA:DC:65:30:C6:D7:59:3F:30:58:A1:30:A0
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       210BC7BA1950D5B6D5CCC4B88B9923BAA6ADA21F
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214143.roa
Signing time:             Fri 22 Nov 2024 09:22:36 +0000
ROA not before:           Fri 22 Nov 2024 09:17:36 +0000
ROA not after:            Fri 21 Nov 2025 09:22:36 +0000
asID:                     214143
IP address blocks:        46.203.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:0b:c7:ba:19:50:d5:b6:d5:cc:c4:b8:8b:99:23:ba:a6:ad:a2:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Nov 22 09:17:36 2024 GMT
            Not After : Nov 21 09:22:36 2025 GMT
        Subject: CN=AE641C96833697CADC6530C6D7593F3058A130A0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:78:0b:e3:ac:26:31:8f:57:71:fb:e1:21:47:
                    54:d2:aa:cc:3c:d2:f5:1b:86:c0:e6:d7:29:84:08:
                    da:2f:f3:a2:27:8a:9b:88:12:f5:82:eb:dd:25:af:
                    6c:30:57:d0:bc:73:7b:a4:8c:d3:fa:0c:56:eb:fc:
                    6c:b2:e0:09:1b:81:64:b1:96:39:b6:9f:15:3e:94:
                    6f:8e:f3:e6:0f:c3:ee:6d:f7:6d:e5:86:59:e5:9e:
                    24:a1:b0:f8:af:85:95:3f:40:c4:e4:5b:a8:a5:0c:
                    47:01:3a:f4:eb:c3:4e:dd:9d:73:2a:7b:e4:1d:c5:
                    0d:26:6a:f3:82:47:21:0b:91:e7:b3:af:ce:96:81:
                    c4:a4:6c:e3:32:88:f9:88:db:5f:17:16:2e:2d:f2:
                    57:e1:92:1e:ad:35:90:1a:78:75:2d:68:71:46:b7:
                    a9:bb:3b:0c:fc:80:33:fc:9b:45:d7:9a:31:0a:86:
                    89:f0:9a:52:57:16:f6:f0:4d:69:fe:5a:73:2e:88:
                    cb:43:d6:20:80:53:98:5f:9a:a1:03:ea:ca:d1:e3:
                    f2:ce:18:30:6d:80:0f:6a:3d:c6:46:37:25:4f:26:
                    43:71:e1:e1:70:55:54:75:91:f9:77:0a:55:2f:90:
                    49:48:8f:cd:34:70:37:25:95:9c:64:26:a4:92:b6:
                    cf:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:64:1C:96:83:36:97:CA:DC:65:30:C6:D7:59:3F:30:58:A1:30:A0
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214143.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.203.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:ca:6b:24:e4:ce:b3:1c:24:b0:05:1c:10:95:5f:13:78:c5:
         f3:1a:e8:70:f3:07:ba:b7:41:0a:c9:9e:a1:60:00:c4:11:01:
         31:51:23:05:a0:42:35:b0:a2:79:86:03:50:24:21:a1:f0:d3:
         5d:a9:73:ff:40:d7:4a:b7:1a:2e:a8:ee:33:01:f4:42:84:76:
         72:42:05:c2:3f:57:81:86:a2:d2:ab:33:8a:3f:fc:db:02:6d:
         f5:a2:3b:aa:5b:22:7d:5b:7e:c9:6b:af:f8:2c:51:87:fc:5d:
         e6:d7:8a:05:8c:0c:62:34:ae:17:ff:7c:c5:33:cd:84:bf:a6:
         cd:ee:cf:ab:54:56:8d:0e:f7:c3:af:f2:07:8d:12:b4:4f:bd:
         b0:5d:89:ed:77:86:6f:e8:9d:de:87:39:ba:ac:34:f1:72:77:
         c0:af:26:dc:5e:99:93:e1:bf:98:85:4f:3d:7a:9b:e0:9b:2b:
         e0:b9:51:56:54:bd:bb:79:05:ca:11:10:e8:27:84:0f:50:29:
         89:8b:2f:62:65:6a:b0:0e:e8:03:4f:0a:00:5e:82:5c:ab:ec:
         a4:d9:9e:66:e3:ff:a7:ce:35:e2:aa:f2:26:2e:45:45:99:c0:
         9e:97:04:24:e3:3b:03:b3:d0:98:a2:c8:02:36:bf:86:71:cf:
         9d:d7:25:17
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUIQvHuhlQ1bbVzMS4i5kjuqatoh8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNDExMjIwOTE3MzZaFw0yNTExMjEwOTIyMzZaMDMxMTAvBgNV
BAMTKEFFNjQxQzk2ODMzNjk3Q0FEQzY1MzBDNkQ3NTkzRjMwNThBMTMwQTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPeAvjrCYxj1dx++EhR1TSqsw8
0vUbhsDm1ymECNov86InipuIEvWC690lr2wwV9C8c3ukjNP6DFbr/Gyy4AkbgWSx
ljm2nxU+lG+O8+YPw+5t923lhlnlniShsPivhZU/QMTkW6ilDEcBOvTrw07dnXMq
e+QdxQ0mavOCRyELkeezr86WgcSkbOMyiPmI218XFi4t8lfhkh6tNZAaeHUtaHFG
t6m7Owz8gDP8m0XXmjEKhonwmlJXFvbwTWn+WnMuiMtD1iCAU5hfmqED6srR4/LO
GDBtgA9qPcZGNyVPJkNx4eFwVVR1kfl3ClUvkElIj800cDcllZxkJqSSts8fAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUrmQcloM2l8rcZTDG11k/MFihMKAwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE0MTQzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALssC
MA0GCSqGSIb3DQEBCwUAA4IBAQAsymsk5M6zHCSwBRwQlV8TeMXzGuhw8we6t0EK
yZ6hYADEEQExUSMFoEI1sKJ5hgNQJCGh8NNdqXP/QNdKtxouqO4zAfRChHZyQgXC
P1eBhqLSqzOKP/zbAm31ojuqWyJ9W37Ja6/4LFGH/F3m14oFjAxiNK4X/3zFM82E
v6bN7s+rVFaNDvfDr/IHjRK0T72wXYntd4Zv6J3ehzm6rDTxcnfArybcXpmT4b+Y
hU89epvgmyvguVFWVL27eQXKERDoJ4QPUCmJiy9iZWqwDugDTwoAXoJcq+yk2Z5m
4/+nzjXiqvImLkVFmcCelwQk4zsDs9CYosgCNr+Gcc+d1yUX
-----END CERTIFICATE-----