Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214802.roa
File:                     AS214802.roa (raw, json)
Hash identifier:          X6EWjK7u5Rola0pzubppy4XPL1C3KkZffq9Kpee/Qj8=
Subject key identifier:   C0:DC:8F:6B:9A:E4:9B:52:D3:A8:AE:A9:0F:50:E1:05:04:91:31:EE
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       17B19E43B93F3CEC9F6DFB2392D71EB92099DE3F
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214802.roa
Signing time:             Thu 06 Jun 2024 03:44:24 +0000
ROA not before:           Thu 06 Jun 2024 03:39:24 +0000
ROA not after:            Thu 05 Jun 2025 03:44:24 +0000
asID:                     214802
IP address blocks:        2a0f:85c1:80a::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jul 2024 20:37:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:b1:9e:43:b9:3f:3c:ec:9f:6d:fb:23:92:d7:1e:b9:20:99:de:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: Jun  6 03:39:24 2024 GMT
            Not After : Jun  5 03:44:24 2025 GMT
        Subject: CN=C0DC8F6B9AE49B52D3A8AEA90F50E105049131EE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:27:cd:05:fa:13:81:a0:c0:de:e4:84:2f:1a:
                    94:31:13:ed:6d:d8:e9:bf:22:3c:0e:14:7a:e0:9f:
                    08:91:bd:77:82:6e:a3:46:cc:db:66:af:50:0e:c7:
                    63:c9:a4:66:76:58:1a:51:e4:70:2d:42:3b:72:27:
                    35:79:ab:e6:5b:bd:cf:f2:f0:aa:e8:b8:fe:bf:e2:
                    7e:d3:2a:6f:bd:6f:8c:96:6d:ca:d3:c2:f0:75:f8:
                    81:ba:d9:e3:e1:f1:29:ce:5d:82:34:27:51:22:bb:
                    d8:f9:54:45:19:f9:91:2c:65:5b:37:2d:79:a1:43:
                    b8:3b:c6:0d:3a:9d:8a:8f:20:3a:14:b0:43:c8:c6:
                    82:54:be:62:96:93:6d:21:76:59:4e:75:2b:a1:55:
                    6a:74:bf:90:ad:40:ca:c6:e8:fb:bb:0a:f8:20:93:
                    7f:89:0d:56:57:75:bd:db:c7:85:6c:f5:bd:d9:19:
                    a4:7d:34:6f:b6:9f:70:21:b0:f4:70:c8:6e:fd:d0:
                    db:00:2f:0b:83:99:4f:46:ae:56:05:9c:da:f0:0e:
                    cd:07:03:f2:b7:1b:be:c3:d7:c3:bf:b5:36:ab:9d:
                    34:5c:86:54:9c:92:4d:a4:aa:f0:8c:bf:ab:63:62:
                    11:ae:66:3e:e7:db:27:13:0c:14:ce:5d:00:15:3a:
                    b8:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:DC:8F:6B:9A:E4:9B:52:D3:A8:AE:A9:0F:50:E1:05:04:91:31:EE
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214802.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:80a::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:af:3b:a4:aa:86:9c:2f:28:5c:98:3f:3b:c9:f7:33:51:88:
         f0:99:04:3b:c8:6e:74:2e:cc:76:22:2c:3d:63:85:75:94:d9:
         b0:3b:29:28:9a:83:41:73:02:e0:4b:4a:ed:73:c7:97:0e:af:
         d8:ee:69:24:75:79:0f:2d:69:17:38:92:fd:6d:10:c9:ef:0e:
         7f:45:a1:9a:f9:33:1e:db:da:5e:b6:31:81:eb:83:2d:2f:d8:
         0d:b8:67:ba:6c:ba:18:f9:19:11:c9:51:09:58:82:e9:eb:6a:
         35:20:a5:b1:66:82:1f:e6:54:61:24:a6:52:f9:3c:df:bd:24:
         ee:8a:c6:c2:ed:e6:95:f2:76:0e:95:82:93:08:3c:bd:02:d5:
         f7:e1:3a:32:56:b7:67:06:91:ed:be:6a:9b:71:c5:5e:be:24:
         31:24:c5:c3:b4:d7:33:88:9a:99:10:1a:5f:ac:fe:e3:06:74:
         d7:62:4c:c5:e7:4b:9b:89:20:ab:fa:61:63:94:93:31:6c:8c:
         64:b0:24:67:f4:83:b8:04:a7:99:9f:34:68:38:8f:cd:3f:ed:
         bc:fa:ba:2c:e3:3a:2c:a7:c1:22:ec:33:3d:61:9b:f4:bf:cd:
         84:1d:18:47:a6:9b:2f:3d:bd:e6:20:5c:c3:b1:75:70:b0:13:
         be:e0:d9:cb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUF7GeQ7k/POyfbfsjktceuSCZ3j8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA2MDYwMzM5MjRaFw0yNTA2MDUwMzQ0MjRaMDMxMTAvBgNV
BAMTKEMwREM4RjZCOUFFNDlCNTJEM0E4QUVBOTBGNTBFMTA1MDQ5MTMxRUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+J80F+hOBoMDe5IQvGpQxE+1t
2Om/IjwOFHrgnwiRvXeCbqNGzNtmr1AOx2PJpGZ2WBpR5HAtQjtyJzV5q+Zbvc/y
8KrouP6/4n7TKm+9b4yWbcrTwvB1+IG62ePh8SnOXYI0J1Eiu9j5VEUZ+ZEsZVs3
LXmhQ7g7xg06nYqPIDoUsEPIxoJUvmKWk20hdllOdSuhVWp0v5CtQMrG6Pu7Cvgg
k3+JDVZXdb3bx4Vs9b3ZGaR9NG+2n3AhsPRwyG790NsALwuDmU9GrlYFnNrwDs0H
A/K3G77D18O/tTarnTRchlSckk2kqvCMv6tjYhGuZj7n2ycTDBTOXQAVOrghAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUwNyPa5rkm1LTqK6pD1DhBQSRMe4wHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE0ODAyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQgKMA0GCSqGSIb3DQEBCwUAA4IBAQAErzukqoacLyhcmD87yfczUYjwmQQ7yG50
Lsx2Iiw9Y4V1lNmwOykomoNBcwLgS0rtc8eXDq/Y7mkkdXkPLWkXOJL9bRDJ7w5/
RaGa+TMe29petjGB64MtL9gNuGe6bLoY+RkRyVEJWILp62o1IKWxZoIf5lRhJKZS
+TzfvSTuisbC7eaV8nYOlYKTCDy9AtX34ToyVrdnBpHtvmqbccVeviQxJMXDtNcz
iJqZEBpfrP7jBnTXYkzF50ubiSCr+mFjlJMxbIxksCRn9IO4BKeZnzRoOI/NP+28
+ros4zosp8Ei7DM9YZv0v82EHRhHppsvPb3mIFzDsXVwsBO+4NnL
-----END CERTIFICATE-----
Generated at Wed Jul 17 04:39:55 2024 by rpki-client on console-fra.rpki-client.org