Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214480.roa
File:                     AS214480.roa (raw, json)
Hash identifier:          ncXnRGkUjVE1gEtoLH0Iwirv7mbIyRooDzhnXLDVMJM=
Subject key identifier:   40:01:BF:38:F5:9E:B5:DA:F2:CB:22:A9:04:12:69:57:9C:E4:16:06
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       1ECC9FB66F98CD8D89B749C51BF9BF72ABABE53C
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214480.roa
Signing time:             Thu 19 Dec 2024 12:34:40 +0000
ROA not before:           Thu 19 Dec 2024 12:29:40 +0000
ROA not after:            Thu 18 Dec 2025 12:34:40 +0000
asID:                     214480
IP address blocks:        46.202.82.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 14:35:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:cc:9f:b6:6f:98:cd:8d:89:b7:49:c5:1b:f9:bf:72:ab:ab:e5:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Dec 19 12:29:40 2024 GMT
            Not After : Dec 18 12:34:40 2025 GMT
        Subject: CN=4001BF38F59EB5DAF2CB22A9041269579CE41606
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:d0:29:ce:82:21:4a:cd:3d:71:de:99:a8:dc:
                    b5:54:8a:5d:e6:f2:25:48:9d:88:7f:b3:63:d0:9a:
                    30:42:77:a4:e6:3c:91:5b:0d:de:85:37:46:ac:cc:
                    0d:20:94:72:18:59:3b:82:ac:f8:74:c3:f2:a6:41:
                    bd:96:e3:7d:36:38:96:b0:57:ac:77:89:92:d8:a4:
                    08:f2:35:19:68:c8:65:cf:83:37:b8:a1:ce:62:78:
                    6d:41:2e:09:b8:5a:2a:32:42:d8:31:ed:0a:4a:be:
                    28:34:b9:e8:e2:41:5e:3b:23:78:24:11:b0:23:28:
                    2f:8c:67:87:7d:89:e6:0c:1c:07:32:03:b7:e5:35:
                    ad:c5:c5:f0:fd:8d:09:02:5d:74:10:fd:5c:c8:ba:
                    a5:6e:c6:a6:90:f8:91:53:0b:e2:d6:4e:f7:af:6b:
                    5b:22:11:e7:2b:7d:9a:72:50:04:f9:5c:6f:1f:ef:
                    dc:02:e9:1a:99:3a:20:ba:35:20:fa:bd:8e:9a:99:
                    7c:74:73:98:f9:8b:d0:39:d8:9b:10:77:3f:6d:42:
                    e9:87:1d:d5:5f:bc:65:18:94:58:c3:e7:b3:77:d2:
                    c2:b2:9f:1d:fc:87:1b:a5:45:df:e7:8a:96:a6:f5:
                    33:62:ce:de:12:a2:cc:3f:59:cd:f3:39:69:fc:2d:
                    db:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:01:BF:38:F5:9E:B5:DA:F2:CB:22:A9:04:12:69:57:9C:E4:16:06
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214480.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.202.82.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:53:84:c2:d8:b5:a1:fe:96:54:7e:66:f0:dc:49:e5:a4:53:
         04:32:74:80:32:60:56:7c:bb:2a:6a:b8:9c:b2:77:12:53:1f:
         2f:86:95:35:97:88:dc:ba:0d:38:c5:50:08:aa:f0:eb:7a:79:
         a1:4f:19:c4:1c:0d:76:e5:50:b7:03:c2:a4:64:fc:ac:1e:c6:
         9d:7b:bb:9b:31:6f:3d:63:08:b5:5b:aa:c3:e0:63:34:01:4a:
         e0:33:a0:7c:12:d0:f1:e6:b1:2b:9f:d4:57:03:56:5a:c9:88:
         3e:45:cf:03:92:34:67:7a:0d:54:64:18:54:fa:6f:5c:7d:67:
         87:8b:52:1f:f9:74:3f:5c:c3:ce:cd:cc:5a:b0:b2:5d:4f:10:
         56:69:45:f3:6f:ea:33:85:e1:51:14:79:75:67:7c:68:1e:0c:
         50:cb:f8:12:71:b2:2f:65:f0:a5:ac:38:e3:4e:72:3d:8f:9f:
         94:fa:ce:15:3a:21:54:d3:c0:fd:c3:6c:cf:55:8f:c5:14:48:
         f9:f4:01:b9:e1:5d:d6:8f:12:3d:06:39:05:61:2c:a3:9c:41:
         e1:a4:c0:5a:11:78:9e:cd:93:54:6d:58:e0:ca:9d:ff:8f:bc:
         57:73:cf:93:ff:bf:fa:9e:83:81:b4:0f:ce:ed:03:6e:1f:da:
         6f:b7:5c:32
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUHsyftm+YzY2Jt0nFG/m/cqur5TwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNDEyMTkxMjI5NDBaFw0yNTEyMTgxMjM0NDBaMDMxMTAvBgNV
BAMTKDQwMDFCRjM4RjU5RUI1REFGMkNCMjJBOTA0MTI2OTU3OUNFNDE2MDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCa0CnOgiFKzT1x3pmo3LVUil3m
8iVInYh/s2PQmjBCd6TmPJFbDd6FN0aszA0glHIYWTuCrPh0w/KmQb2W4302OJaw
V6x3iZLYpAjyNRloyGXPgze4oc5ieG1BLgm4WioyQtgx7QpKvig0uejiQV47I3gk
EbAjKC+MZ4d9ieYMHAcyA7flNa3FxfD9jQkCXXQQ/VzIuqVuxqaQ+JFTC+LWTvev
a1siEecrfZpyUAT5XG8f79wC6RqZOiC6NSD6vY6amXx0c5j5i9A52JsQdz9tQumH
HdVfvGUYlFjD57N30sKynx38hxulRd/nipam9TNizt4Sosw/Wc3zOWn8Lds1AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUQAG/OPWetdryyyKpBBJpV5zkFgYwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE0NDgwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLspS
MA0GCSqGSIb3DQEBCwUAA4IBAQAjU4TC2LWh/pZUfmbw3EnlpFMEMnSAMmBWfLsq
aricsncSUx8vhpU1l4jcug04xVAIqvDrenmhTxnEHA125VC3A8KkZPysHsade7ub
MW89Ywi1W6rD4GM0AUrgM6B8EtDx5rErn9RXA1ZayYg+Rc8DkjRneg1UZBhU+m9c
fWeHi1If+XQ/XMPOzcxasLJdTxBWaUXzb+ozheFRFHl1Z3xoHgxQy/gScbIvZfCl
rDjjTnI9j5+U+s4VOiFU08D9w2zPVY/FFEj59AG54V3WjxI9BjkFYSyjnEHhpMBa
EXiezZNUbVjgyp3/j7xXc8+T/7/6noOBtA/O7QNuH9pvt1wy
-----END CERTIFICATE-----