Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214768.roa
File:                     AS214768.roa (raw, json)
Hash identifier:          KEatDVKdt7OEx8/xb7sH8X8B4+EXxmcne6/bhxzZQIs=
Subject key identifier:   76:2F:A8:DE:CF:FF:00:3F:A3:EF:FF:37:88:10:71:54:AB:CE:B4:B0
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       1AE25D77E17E3E031750D3391EC763EE8A77E867
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214768.roa
Signing time:             Tue 11 Jun 2024 01:23:24 +0000
ROA not before:           Tue 11 Jun 2024 01:18:24 +0000
ROA not after:            Tue 10 Jun 2025 01:23:24 +0000
asID:                     214768
IP address blocks:        2a0f:85c1:3f1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jul 2024 13:47:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:e2:5d:77:e1:7e:3e:03:17:50:d3:39:1e:c7:63:ee:8a:77:e8:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: Jun 11 01:18:24 2024 GMT
            Not After : Jun 10 01:23:24 2025 GMT
        Subject: CN=762FA8DECFFF003FA3EFFF3788107154ABCEB4B0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:c3:e2:6c:f1:b7:31:81:92:b3:74:ae:87:0c:
                    60:1c:45:51:c6:cd:fc:be:fa:fc:67:44:1d:15:ff:
                    b9:e3:a8:85:cf:82:f1:a5:ca:01:a0:2c:1f:5d:e9:
                    1a:9c:b8:42:eb:4e:2f:67:2f:4e:31:dc:7c:0c:93:
                    e6:d4:4c:2b:66:04:51:85:aa:cf:74:91:a6:a3:93:
                    7d:6c:b2:cd:1c:40:87:9b:4f:c0:72:a7:d5:d4:2b:
                    f6:a4:e2:31:d2:71:a4:08:05:19:f2:eb:70:c6:83:
                    ff:b6:79:17:49:0c:34:59:d0:57:42:c0:87:61:47:
                    63:c0:19:8a:2c:48:5a:31:bb:75:e4:58:9c:0f:3e:
                    61:10:f0:c1:20:d7:dc:04:67:a0:70:7f:40:b7:ce:
                    2c:d7:43:5b:ac:3d:8d:ed:79:15:e4:b3:8d:45:0b:
                    3f:8f:cb:92:20:ea:8f:b2:12:4e:0b:85:03:f9:44:
                    6a:19:3f:b8:d6:dc:7a:45:96:02:d4:3b:05:87:bb:
                    ee:b4:25:35:ed:92:c0:28:fb:86:bb:08:48:d5:51:
                    d1:ab:e2:ed:c0:b7:2f:34:12:97:5e:8d:0e:7a:be:
                    c8:e0:26:59:7b:4b:3a:73:7e:0b:20:23:7f:fc:bd:
                    90:a9:47:fd:a7:03:2b:83:b7:51:bd:fc:b2:16:cb:
                    7b:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:2F:A8:DE:CF:FF:00:3F:A3:EF:FF:37:88:10:71:54:AB:CE:B4:B0
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214768.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3f1::/48

    Signature Algorithm: sha256WithRSAEncryption
         49:51:a9:6b:29:5b:f3:87:81:51:5f:28:d8:32:25:87:c1:5a:
         bb:23:82:96:fc:9b:55:df:09:78:5d:7f:d9:24:02:42:9e:37:
         f0:4b:54:cd:eb:bb:7d:0d:87:c8:b9:3b:3b:a0:ba:01:19:6d:
         3b:c0:c4:34:09:9c:e3:d8:78:e6:1e:8f:b7:71:9e:e0:b0:bc:
         9c:66:3d:d0:be:a7:8f:3c:aa:11:f4:47:a7:a5:2c:9f:d8:ac:
         9e:3c:16:94:57:b7:8b:99:a8:37:14:8a:9a:9d:15:b3:4d:20:
         a7:a3:a6:5a:65:db:f7:70:77:3c:2a:ca:45:aa:c8:51:20:a4:
         90:92:1d:ed:40:45:f0:90:43:12:4a:9c:89:1a:9d:57:20:69:
         a7:ec:53:2a:40:2b:6d:00:e9:c8:0c:80:fa:b3:b3:bf:d3:de:
         ae:dc:3e:72:db:e8:09:4b:a1:11:df:d8:91:b8:e4:8f:b1:84:
         ad:8e:d5:12:da:44:77:4e:9b:80:25:f7:a7:f8:79:f8:42:aa:
         58:1d:17:99:df:c2:fc:40:dc:1f:91:9d:a6:66:cb:5e:11:de:
         ff:03:7e:63:43:bf:04:a1:a3:09:6a:12:2f:a0:3f:3d:2b:05:
         c8:f5:f1:e2:25:2f:c2:76:87:4f:9c:74:0e:2c:3d:d9:8f:e6:
         de:6b:6a:68
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUGuJdd+F+PgMXUNM5Hsdj7op36GcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA2MTEwMTE4MjRaFw0yNTA2MTAwMTIzMjRaMDMxMTAvBgNV
BAMTKDc2MkZBOERFQ0ZGRjAwM0ZBM0VGRkYzNzg4MTA3MTU0QUJDRUI0QjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrw+Js8bcxgZKzdK6HDGAcRVHG
zfy++vxnRB0V/7njqIXPgvGlygGgLB9d6RqcuELrTi9nL04x3HwMk+bUTCtmBFGF
qs90kaajk31sss0cQIebT8Byp9XUK/ak4jHScaQIBRny63DGg/+2eRdJDDRZ0FdC
wIdhR2PAGYosSFoxu3XkWJwPPmEQ8MEg19wEZ6Bwf0C3zizXQ1usPY3teRXks41F
Cz+Py5Ig6o+yEk4LhQP5RGoZP7jW3HpFlgLUOwWHu+60JTXtksAo+4a7CEjVUdGr
4u3Aty80EpdejQ56vsjgJll7SzpzfgsgI3/8vZCpR/2nAyuDt1G9/LIWy3vbAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUdi+o3s//AD+j7/83iBBxVKvOtLAwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE0NzY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQPxMA0GCSqGSIb3DQEBCwUAA4IBAQBJUalrKVvzh4FRXyjYMiWHwVq7I4KW/JtV
3wl4XX/ZJAJCnjfwS1TN67t9DYfIuTs7oLoBGW07wMQ0CZzj2HjmHo+3cZ7gsLyc
Zj3QvqePPKoR9EenpSyf2KyePBaUV7eLmag3FIqanRWzTSCno6ZaZdv3cHc8KspF
qshRIKSQkh3tQEXwkEMSSpyJGp1XIGmn7FMqQCttAOnIDID6s7O/096u3D5y2+gJ
S6ER39iRuOSPsYStjtUS2kR3TpuAJfen+Hn4QqpYHReZ38L8QNwfkZ2mZsteEd7/
A35jQ78EoaMJahIvoD89KwXI9fHiJS/CdodPnHQOLD3Zj+bea2po
-----END CERTIFICATE-----
Generated at Wed Jul 17 22:48:20 2024 by rpki-client on console-ams.rpki-client.org