Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214751.roa
File:                     AS214751.roa (raw, json)
Hash identifier:          n9AsYQoqpua+TxaihExD+qbHxxKyFCrUo3LqIj04VSQ=
Subject key identifier:   D7:FC:84:67:35:0A:DB:BE:A0:5A:3F:F6:36:C7:A5:44:A8:26:91:D5
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       5AC67457961EB931F1EA71DDD3F162AA0C09798D
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214751.roa
Signing time:             Tue 11 Jun 2024 00:17:34 +0000
ROA not before:           Tue 11 Jun 2024 00:12:34 +0000
ROA not after:            Tue 10 Jun 2025 00:17:34 +0000
asID:                     214751
IP address blocks:        2a0f:85c1:813::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jul 2024 13:47:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:c6:74:57:96:1e:b9:31:f1:ea:71:dd:d3:f1:62:aa:0c:09:79:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: Jun 11 00:12:34 2024 GMT
            Not After : Jun 10 00:17:34 2025 GMT
        Subject: CN=D7FC8467350ADBBEA05A3FF636C7A544A82691D5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:43:58:44:5a:bd:4a:31:7b:5d:0f:50:8a:3e:
                    2d:f3:c2:54:46:e6:76:de:c0:08:cc:5f:8c:4e:ba:
                    c3:c2:f3:92:e8:7b:63:84:0d:22:06:42:91:0e:0d:
                    76:2e:c8:95:80:a2:02:12:e3:bf:21:3e:cc:3c:1f:
                    38:ea:83:df:07:cd:42:6f:f0:43:06:4b:26:32:69:
                    db:27:4e:5c:89:dd:ad:b8:7e:0f:0f:8b:c2:c0:8e:
                    d0:c9:fc:b9:c6:f0:d4:1c:96:67:f4:26:92:b5:29:
                    6a:6b:de:5a:8b:b8:9f:a8:1f:72:e9:dd:df:cd:99:
                    d4:1e:cd:8d:03:6c:a0:6b:85:30:dd:8d:5e:5c:df:
                    23:1c:5f:a1:49:44:37:dd:78:0e:b4:e6:b8:2d:3a:
                    1a:74:ec:a8:af:14:80:31:15:be:5d:73:74:96:08:
                    1d:37:a2:5b:4b:22:c9:b0:8e:f7:40:27:a1:fe:70:
                    8c:66:b3:a7:66:bf:4c:47:dc:ff:42:6c:e3:2a:60:
                    bf:91:60:a1:c1:65:6e:a8:2a:5e:57:5b:e6:4c:b4:
                    27:61:17:0c:1b:2f:d2:fc:ca:1d:90:c0:33:f5:44:
                    62:92:cb:be:81:c7:66:20:15:ac:aa:c7:8c:b4:8f:
                    35:3e:30:46:bc:e7:08:42:17:0a:3b:a7:60:55:09:
                    67:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:FC:84:67:35:0A:DB:BE:A0:5A:3F:F6:36:C7:A5:44:A8:26:91:D5
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214751.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:813::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:6e:3c:9f:d3:2a:2c:b9:3b:a2:08:bb:7f:d1:c3:d5:8a:ce:
         f0:2a:78:38:94:85:4e:14:2f:30:18:a4:d4:e5:8a:e9:18:5e:
         18:33:d1:bb:59:e3:ae:a6:d5:59:2f:21:83:2b:2d:dd:b1:32:
         16:18:dc:f3:6e:d7:c3:ab:e4:fd:5c:0e:e6:e6:dc:9b:8a:13:
         05:b8:8b:69:27:b0:be:b1:11:2b:99:f9:29:c5:46:e1:72:ff:
         02:b3:c1:05:f3:da:8f:35:43:88:af:35:01:99:19:f9:fa:7f:
         55:dd:b4:2d:2a:33:c8:8a:fd:51:a5:f2:40:74:4c:ef:71:d3:
         13:f6:d5:f9:8c:bf:24:47:11:3e:54:7a:8b:43:05:a8:26:b5:
         3e:d3:3e:df:a6:04:4d:b7:1c:80:42:81:69:85:6a:2b:4d:0b:
         c2:cd:f3:59:d4:1a:58:70:53:5d:2e:00:b3:39:93:43:73:32:
         63:97:9c:76:f4:73:a6:10:75:eb:b9:80:d1:f6:fb:54:3b:01:
         80:b3:53:d1:63:5a:2b:78:3d:03:bc:a8:36:e7:3c:ec:b9:57:
         cb:77:4d:e3:c7:90:e6:44:ea:44:df:8e:41:04:b9:9d:0c:6f:
         c2:80:d5:a7:2f:3b:6b:1f:99:e3:f2:45:1a:36:e1:d3:79:a2:
         63:57:17:88
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUWsZ0V5YeuTHx6nHd0/FiqgwJeY0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA2MTEwMDEyMzRaFw0yNTA2MTAwMDE3MzRaMDMxMTAvBgNV
BAMTKEQ3RkM4NDY3MzUwQURCQkVBMDVBM0ZGNjM2QzdBNTQ0QTgyNjkxRDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuQ1hEWr1KMXtdD1CKPi3zwlRG
5nbewAjMX4xOusPC85Loe2OEDSIGQpEODXYuyJWAogIS478hPsw8Hzjqg98HzUJv
8EMGSyYyadsnTlyJ3a24fg8Pi8LAjtDJ/LnG8NQclmf0JpK1KWpr3lqLuJ+oH3Lp
3d/NmdQezY0DbKBrhTDdjV5c3yMcX6FJRDfdeA605rgtOhp07KivFIAxFb5dc3SW
CB03oltLIsmwjvdAJ6H+cIxms6dmv0xH3P9CbOMqYL+RYKHBZW6oKl5XW+ZMtCdh
FwwbL9L8yh2QwDP1RGKSy76Bx2YgFayqx4y0jzU+MEa85whCFwo7p2BVCWdBAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU1/yEZzUK276gWj/2NselRKgmkdUwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE0NzUxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQgTMA0GCSqGSIb3DQEBCwUAA4IBAQBKbjyf0yosuTuiCLt/0cPVis7wKng4lIVO
FC8wGKTU5YrpGF4YM9G7WeOuptVZLyGDKy3dsTIWGNzzbtfDq+T9XA7m5tybihMF
uItpJ7C+sRErmfkpxUbhcv8Cs8EF89qPNUOIrzUBmRn5+n9V3bQtKjPIiv1RpfJA
dEzvcdMT9tX5jL8kRxE+VHqLQwWoJrU+0z7fpgRNtxyAQoFphWorTQvCzfNZ1BpY
cFNdLgCzOZNDczJjl5x29HOmEHXruYDR9vtUOwGAs1PRY1oreD0DvKg25zzsuVfL
d03jx5DmROpE345BBLmdDG/CgNWnLztrH5nj8kUaNuHTeaJjVxeI
-----END CERTIFICATE-----
Generated at Wed Jul 17 20:57:13 2024 by rpki-client on console-fra.rpki-client.org