Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214340.roa
File:                     AS214340.roa (raw, json)
Hash identifier:          rsS90y65AZ2tmc+M2dv1R8EVhYUgYXI0QduxodH8dn0=
Subject key identifier:   66:98:12:2D:16:D3:CA:F6:5A:21:7E:BD:DC:01:21:BC:76:56:C8:13
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       2CF6173597AFE023C2E9027EB647D49DC8E7CA01
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214340.roa
Signing time:             Thu 22 Aug 2024 08:17:18 +0000
ROA not before:           Thu 22 Aug 2024 08:12:18 +0000
ROA not after:            Thu 21 Aug 2025 08:17:18 +0000
asID:                     214340
IP address blocks:        92.113.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:f6:17:35:97:af:e0:23:c2:e9:02:7e:b6:47:d4:9d:c8:e7:ca:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Aug 22 08:12:18 2024 GMT
            Not After : Aug 21 08:17:18 2025 GMT
        Subject: CN=6698122D16D3CAF65A217EBDDC0121BC7656C813
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:de:01:2e:c1:bd:bb:dc:7d:5f:a3:dc:22:ac:
                    33:94:c2:3b:af:1f:db:e1:56:88:98:c7:d0:24:97:
                    3a:ab:a3:8b:da:6d:c0:70:1f:ca:79:8c:30:4e:9e:
                    28:d3:08:0e:36:44:1a:aa:74:41:c9:17:95:5a:68:
                    be:0a:66:e5:9d:f4:5a:46:66:7b:59:a9:85:c5:72:
                    bd:24:50:c0:60:7b:fc:d7:ba:61:6e:97:00:26:06:
                    ca:0a:89:91:14:f6:4f:b3:88:35:6c:98:1b:83:34:
                    67:d7:5c:02:ea:18:2c:b6:8c:a0:48:7d:db:65:14:
                    01:64:0a:42:ef:3d:3c:9b:93:fc:e9:ec:68:91:79:
                    6f:e3:e6:82:e9:93:cf:82:72:87:b4:64:1a:72:85:
                    6b:05:78:b7:ff:d1:37:72:56:56:d9:2e:5c:88:90:
                    11:e3:d9:db:e1:27:c2:67:68:1f:24:f7:5c:01:a6:
                    94:a3:2b:0c:0f:9c:45:d6:2d:50:cb:21:c3:2d:ce:
                    12:29:fd:0f:be:9a:cb:6e:f4:9e:98:00:b0:f2:e4:
                    30:19:fb:07:09:b4:18:e7:f2:01:1a:01:3b:e5:31:
                    17:be:00:1c:08:9a:6a:8f:93:bf:07:ba:4b:67:83:
                    ed:c7:49:f4:0b:57:42:51:1d:c9:17:b6:6e:f8:1e:
                    c2:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:98:12:2D:16:D3:CA:F6:5A:21:7E:BD:DC:01:21:BC:76:56:C8:13
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214340.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.113.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:81:13:ba:f4:fd:f4:00:46:a7:cc:91:cd:2b:50:ab:85:07:
         6e:99:9f:2d:01:d0:65:04:92:5e:f2:de:53:6a:e3:f8:fd:1a:
         23:d1:f5:13:87:e4:27:5e:fa:31:5a:58:4b:f4:02:b4:da:32:
         d0:b4:4b:27:dd:f4:7b:12:ac:9a:d9:6b:b9:c7:5c:0e:3a:b8:
         02:c9:50:68:a9:0c:f1:d2:4d:ca:f6:5b:9d:26:b4:c0:63:b0:
         e4:4a:b2:71:83:fa:b6:1b:99:8f:8f:51:6b:69:9e:7f:17:ba:
         89:d2:c2:c1:3f:18:09:de:00:e7:1e:ac:bd:d6:8e:e2:ad:fd:
         8a:74:76:d7:04:97:39:66:28:b7:7f:59:8a:90:cc:f6:d7:60:
         bc:07:08:69:4c:61:15:c2:20:48:98:8e:72:51:d0:47:7f:fc:
         3a:8c:2e:b8:76:0f:85:08:53:bf:47:f5:05:90:fc:ff:8d:23:
         b3:2f:9b:39:8d:6d:93:ee:7d:58:f2:99:96:a6:8b:ac:79:78:
         d2:d3:fa:b6:f3:35:a5:81:a0:7b:8d:79:f4:fd:df:bb:fd:5f:
         6b:ed:e5:21:3c:3c:6f:99:c2:9f:18:af:52:73:e9:61:8c:99:
         33:74:fe:55:39:3f:f9:1b:91:0e:53:30:98:98:84:99:2c:fd:
         4e:22:7d:26
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIULPYXNZev4CPC6QJ+tkfUncjnygEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNDA4MjIwODEyMThaFw0yNTA4MjEwODE3MThaMDMxMTAvBgNV
BAMTKDY2OTgxMjJEMTZEM0NBRjY1QTIxN0VCRERDMDEyMUJDNzY1NkM4MTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCz3gEuwb273H1fo9wirDOUwjuv
H9vhVoiYx9Aklzqro4vabcBwH8p5jDBOnijTCA42RBqqdEHJF5VaaL4KZuWd9FpG
ZntZqYXFcr0kUMBge/zXumFulwAmBsoKiZEU9k+ziDVsmBuDNGfXXALqGCy2jKBI
fdtlFAFkCkLvPTybk/zp7GiReW/j5oLpk8+Ccoe0ZBpyhWsFeLf/0TdyVlbZLlyI
kBHj2dvhJ8JnaB8k91wBppSjKwwPnEXWLVDLIcMtzhIp/Q++mstu9J6YALDy5DAZ
+wcJtBjn8gEaATvlMRe+ABwImmqPk78Huktng+3HSfQLV0JRHckXtm74HsK7AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUZpgSLRbTyvZaIX693AEhvHZWyBMwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE0MzQwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXHEM
MA0GCSqGSIb3DQEBCwUAA4IBAQB9gRO69P30AEanzJHNK1CrhQdumZ8tAdBlBJJe
8t5TauP4/Roj0fUTh+QnXvoxWlhL9AK02jLQtEsn3fR7Eqya2Wu5x1wOOrgCyVBo
qQzx0k3K9ludJrTAY7DkSrJxg/q2G5mPj1FraZ5/F7qJ0sLBPxgJ3gDnHqy91o7i
rf2KdHbXBJc5Zii3f1mKkMz212C8BwhpTGEVwiBImI5yUdBHf/w6jC64dg+FCFO/
R/UFkPz/jSOzL5s5jW2T7n1Y8pmWpouseXjS0/q28zWlgaB7jXn0/d+7/V9r7eUh
PDxvmcKfGK9Sc+lhjJkzdP5VOT/5G5EOUzCYmISZLP1OIn0m
-----END CERTIFICATE-----