Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214757.roa
File:                     AS214757.roa (raw, json)
Hash identifier:          7FEbTVG1Z7SJyWqgHN25+VCKq9VHtMRMCN1ixSnJhKc=
Subject key identifier:   C0:DB:87:1C:F9:13:3A:6F:79:15:75:7B:01:3C:0B:AA:6E:AC:FA:4C
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       5AF1BB90A945EDCB4FE76A5DB72696C4217EDFF9
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214757.roa
Signing time:             Tue 11 Jun 2024 00:16:39 +0000
ROA not before:           Tue 11 Jun 2024 00:11:39 +0000
ROA not after:            Tue 10 Jun 2025 00:16:39 +0000
asID:                     214757
IP address blocks:        2a0f:85c1:80c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jul 2024 13:47:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:f1:bb:90:a9:45:ed:cb:4f:e7:6a:5d:b7:26:96:c4:21:7e:df:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: Jun 11 00:11:39 2024 GMT
            Not After : Jun 10 00:16:39 2025 GMT
        Subject: CN=C0DB871CF9133A6F7915757B013C0BAA6EACFA4C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:6e:55:2e:52:8b:6f:01:a5:6b:47:be:cc:c5:
                    ef:6d:21:f5:42:be:ce:64:93:f1:f2:76:6c:7b:22:
                    6c:41:db:66:82:d0:e2:de:f8:9e:b7:12:c7:e0:be:
                    fc:61:dd:84:99:6a:2f:75:96:dc:e1:1b:a5:01:fd:
                    9c:5c:5d:ce:6d:52:8c:fd:e6:55:54:76:dd:ef:3c:
                    21:d3:03:f2:38:3d:9a:af:94:9f:a4:dc:b0:34:2c:
                    34:96:cc:00:27:62:db:e3:39:be:e4:d6:c5:a7:31:
                    48:b2:dd:4b:d9:df:2f:0c:74:a4:00:4a:6e:86:42:
                    c1:e0:a7:30:31:14:9b:79:6d:72:30:53:db:5d:0e:
                    f8:07:46:4c:a8:5e:74:12:c0:3e:34:b8:fb:a0:b8:
                    3e:c3:5e:c1:46:42:32:3e:39:02:90:2b:dd:d1:af:
                    06:cd:92:30:d9:db:44:36:2d:a9:dd:95:fa:1f:72:
                    a9:48:15:ed:dc:73:68:02:9f:80:c8:b0:68:fe:5c:
                    9b:42:44:58:b6:b6:e1:ca:64:96:4f:81:1b:2c:60:
                    cf:f2:a1:53:24:ea:b1:bc:95:6e:5c:49:68:dc:e6:
                    f7:8a:c0:1b:f5:20:ed:fc:05:8b:c1:0e:2e:4a:e4:
                    93:3f:ad:08:51:7b:6a:c3:01:06:51:e4:26:73:1e:
                    28:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:DB:87:1C:F9:13:3A:6F:79:15:75:7B:01:3C:0B:AA:6E:AC:FA:4C
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214757.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:80c::/48

    Signature Algorithm: sha256WithRSAEncryption
         4e:e5:7e:9b:e6:31:f8:a6:a1:56:13:68:f4:12:a2:99:be:6d:
         0f:ec:12:c6:fa:e9:74:dc:26:95:09:d6:7b:56:69:cc:5d:40:
         b4:13:bd:ca:7b:69:65:9d:27:cd:68:35:b8:de:06:da:b1:04:
         a0:92:b2:75:39:44:3b:32:20:1d:69:66:56:5b:88:67:10:13:
         e2:7c:7a:78:f5:38:40:f8:61:36:8a:07:fc:96:58:37:f1:d3:
         7a:d8:26:7a:52:c3:0f:f4:4c:08:50:6c:13:b7:f5:f5:e6:8e:
         70:0c:0b:01:13:d9:4c:58:b5:92:a9:b9:7e:62:78:89:f9:ea:
         cb:aa:a3:76:18:23:f9:43:ee:83:49:9b:09:b0:75:8f:5d:20:
         61:77:eb:d8:ef:d6:7b:db:73:fb:5b:97:14:15:dc:1f:cb:30:
         de:9b:36:0c:94:18:07:87:44:f9:66:75:60:df:c8:c5:98:aa:
         41:41:99:5e:5d:21:2e:10:85:b6:f1:d4:f0:4b:57:d9:38:e4:
         8a:b3:8e:97:87:f4:44:f9:d1:3a:75:69:fa:e7:27:97:69:2a:
         9d:4d:b2:1c:1f:0c:85:e9:94:52:61:74:36:70:57:a2:7b:84:
         8f:77:3e:1f:e9:78:67:eb:84:b2:84:6c:9a:f6:8e:03:5f:75:
         40:7c:e3:8d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUWvG7kKlF7ctP52pdtyaWxCF+3/kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA2MTEwMDExMzlaFw0yNTA2MTAwMDE2MzlaMDMxMTAvBgNV
BAMTKEMwREI4NzFDRjkxMzNBNkY3OTE1NzU3QjAxM0MwQkFBNkVBQ0ZBNEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1blUuUotvAaVrR77Mxe9tIfVC
vs5kk/Hydmx7ImxB22aC0OLe+J63Esfgvvxh3YSZai91ltzhG6UB/ZxcXc5tUoz9
5lVUdt3vPCHTA/I4PZqvlJ+k3LA0LDSWzAAnYtvjOb7k1sWnMUiy3UvZ3y8MdKQA
Sm6GQsHgpzAxFJt5bXIwU9tdDvgHRkyoXnQSwD40uPuguD7DXsFGQjI+OQKQK93R
rwbNkjDZ20Q2LandlfofcqlIFe3cc2gCn4DIsGj+XJtCRFi2tuHKZJZPgRssYM/y
oVMk6rG8lW5cSWjc5veKwBv1IO38BYvBDi5K5JM/rQhRe2rDAQZR5CZzHigtAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUwNuHHPkTOm95FXV7ATwLqm6s+kwwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE0NzU3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQgMMA0GCSqGSIb3DQEBCwUAA4IBAQBO5X6b5jH4pqFWE2j0EqKZvm0P7BLG+ul0
3CaVCdZ7VmnMXUC0E73Ke2llnSfNaDW43gbasQSgkrJ1OUQ7MiAdaWZWW4hnEBPi
fHp49ThA+GE2igf8llg38dN62CZ6UsMP9EwIUGwTt/X15o5wDAsBE9lMWLWSqbl+
YniJ+erLqqN2GCP5Q+6DSZsJsHWPXSBhd+vY79Z723P7W5cUFdwfyzDemzYMlBgH
h0T5ZnVg38jFmKpBQZleXSEuEIW28dTwS1fZOOSKs46Xh/RE+dE6dWn65yeXaSqd
TbIcHwyF6ZRSYXQ2cFeie4SPdz4f6Xhn64SyhGya9o4DX3VAfOON
-----END CERTIFICATE-----
Generated at Wed Jul 17 20:57:13 2024 by rpki-client on console-fra.rpki-client.org