Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214937.roa
File:                     AS214937.roa (raw, json)
Hash identifier:          i/5MB71Zu7xdvEEG5GGx2K1C5AGARhTtCJUgcLhR2hQ=
Subject key identifier:   0D:2A:E1:BD:B4:1F:1F:33:BC:BC:77:79:0F:03:A4:CC:CB:8B:D9:15
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       5276B4EA3D64180D52AB0AA5003221E9E67C840C
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214937.roa
Signing time:             Mon 09 Dec 2024 02:19:39 +0000
ROA not before:           Mon 09 Dec 2024 02:14:39 +0000
ROA not after:            Mon 08 Dec 2025 02:19:39 +0000
asID:                     214937
IP address blocks:        46.203.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 14:35:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:76:b4:ea:3d:64:18:0d:52:ab:0a:a5:00:32:21:e9:e6:7c:84:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Dec  9 02:14:39 2024 GMT
            Not After : Dec  8 02:19:39 2025 GMT
        Subject: CN=0D2AE1BDB41F1F33BCBC77790F03A4CCCB8BD915
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:54:2d:18:b5:c1:11:01:53:a5:e5:d0:83:85:
                    43:1c:ec:9a:78:5e:2f:60:7d:b9:60:e6:00:b2:0d:
                    7f:ba:41:a6:f8:3b:62:f0:79:d2:4f:61:b6:64:09:
                    17:28:b5:01:02:5b:8a:53:12:d7:75:8a:61:25:ec:
                    4f:62:93:ef:08:64:e7:3e:bc:f4:77:31:ba:86:10:
                    52:85:10:75:16:be:64:9d:7d:48:16:d3:ca:75:30:
                    38:21:5e:9d:d2:36:16:c2:8d:3f:6c:75:23:4d:ae:
                    5e:19:b6:b0:27:ca:28:e1:91:11:78:29:fc:fb:0d:
                    04:aa:4d:8e:dc:b5:42:f2:93:d5:f9:5e:b0:e6:01:
                    2b:9e:d3:d8:70:a4:c9:7c:53:c6:54:a7:f1:49:5e:
                    a3:29:fe:98:24:8e:62:4b:6c:6b:78:5e:c8:7a:8e:
                    a0:22:f9:29:30:c0:f2:f5:87:6c:95:54:39:35:3f:
                    7f:5e:c4:11:c4:9d:2c:f7:73:5d:0e:34:d9:bf:6b:
                    96:77:23:d1:4e:78:5b:3a:65:1e:0f:99:7b:a1:cc:
                    7a:9a:7c:ff:10:d2:42:8b:13:76:6e:05:e8:7a:3b:
                    ee:fb:ac:6c:6e:b3:28:e0:3f:35:75:d6:2c:7f:c0:
                    07:75:fc:b5:b6:61:e4:c0:1c:e5:78:44:79:96:21:
                    69:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:2A:E1:BD:B4:1F:1F:33:BC:BC:77:79:0F:03:A4:CC:CB:8B:D9:15
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214937.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.203.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:19:8f:e7:78:08:44:03:d3:21:43:e3:b8:67:19:9a:5d:19:
         1e:21:86:83:5d:a4:9a:ea:12:24:15:c9:9b:6f:f4:bb:ef:ef:
         1a:7d:1a:07:09:50:38:ea:f2:44:6e:b2:47:05:25:b4:e5:d0:
         11:91:65:b4:af:fd:38:0e:08:1f:2c:90:df:38:9c:5f:60:2a:
         ed:b8:b9:58:52:22:04:9c:43:68:b2:96:2e:8b:b0:c3:9c:51:
         e7:72:45:2e:62:90:21:08:e0:b0:5f:97:65:1b:62:7c:46:a0:
         da:ef:3e:62:e9:b3:13:16:64:05:f9:06:dd:08:48:47:4c:7b:
         75:c2:80:ee:b5:e5:2e:9a:41:a4:e2:94:f8:9a:0c:d1:ae:95:
         10:07:7b:d9:72:77:93:cf:96:26:e6:aa:36:44:ed:6b:c7:b9:
         09:92:ba:dd:97:82:4d:81:96:52:13:1e:04:b3:50:ec:86:d4:
         5b:b5:b8:62:e1:bc:d5:f7:46:18:fe:a7:a8:63:74:a7:a1:54:
         bf:68:f7:78:38:c8:44:92:94:dc:d2:6a:1f:ce:1a:41:52:c0:
         61:d4:57:0f:91:6b:56:98:58:d5:fa:75:0d:76:90:a5:4a:58:
         77:a9:0b:97:9c:57:6d:e2:18:10:6c:79:10:c2:8d:37:df:98:
         b1:53:28:b3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUUna06j1kGA1SqwqlADIh6eZ8hAwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNDEyMDkwMjE0MzlaFw0yNTEyMDgwMjE5MzlaMDMxMTAvBgNV
BAMTKDBEMkFFMUJEQjQxRjFGMzNCQ0JDNzc3OTBGMDNBNENDQ0I4QkQ5MTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5VC0YtcERAVOl5dCDhUMc7Jp4
Xi9gfblg5gCyDX+6Qab4O2LwedJPYbZkCRcotQECW4pTEtd1imEl7E9ik+8IZOc+
vPR3MbqGEFKFEHUWvmSdfUgW08p1MDghXp3SNhbCjT9sdSNNrl4ZtrAnyijhkRF4
Kfz7DQSqTY7ctULyk9X5XrDmASue09hwpMl8U8ZUp/FJXqMp/pgkjmJLbGt4Xsh6
jqAi+SkwwPL1h2yVVDk1P39exBHEnSz3c10ONNm/a5Z3I9FOeFs6ZR4PmXuhzHqa
fP8Q0kKLE3ZuBeh6O+77rGxusyjgPzV11ix/wAd1/LW2YeTAHOV4RHmWIWnxAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUDSrhvbQfHzO8vHd5DwOkzMuL2RUwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE0OTM3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALsvq
MA0GCSqGSIb3DQEBCwUAA4IBAQCBGY/neAhEA9MhQ+O4ZxmaXRkeIYaDXaSa6hIk
Fcmbb/S77+8afRoHCVA46vJEbrJHBSW05dARkWW0r/04DggfLJDfOJxfYCrtuLlY
UiIEnENospYui7DDnFHnckUuYpAhCOCwX5dlG2J8RqDa7z5i6bMTFmQF+QbdCEhH
THt1woDuteUumkGk4pT4mgzRrpUQB3vZcneTz5Ym5qo2RO1rx7kJkrrdl4JNgZZS
Ex4Es1DshtRbtbhi4bzV90YY/qeoY3SnoVS/aPd4OMhEkpTc0mofzhpBUsBh1FcP
kWtWmFjV+nUNdpClSlh3qQuXnFdt4hgQbHkQwo0335ixUyiz
-----END CERTIFICATE-----