Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214818.roa
File:                     AS214818.roa (raw, json)
Hash identifier:          Eik7dKgd2QRss3XjE6ix0I2Y5gVcLgmfNzHvHQnjEr8=
Subject key identifier:   93:A4:15:C6:F5:FC:86:91:90:45:D4:80:C9:DE:F2:00:CF:86:30:83
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       447383C0951BB47711D8B1B236F6D8909E1F79DA
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214818.roa
Signing time:             Thu 06 Jun 2024 03:42:44 +0000
ROA not before:           Thu 06 Jun 2024 03:37:44 +0000
ROA not after:            Thu 05 Jun 2025 03:42:44 +0000
asID:                     214818
IP address blocks:        2a0f:85c1:808::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jul 2024 20:37:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:73:83:c0:95:1b:b4:77:11:d8:b1:b2:36:f6:d8:90:9e:1f:79:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: Jun  6 03:37:44 2024 GMT
            Not After : Jun  5 03:42:44 2025 GMT
        Subject: CN=93A415C6F5FC86919045D480C9DEF200CF863083
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:94:0e:c2:f1:34:33:e2:e4:0e:2f:3b:ff:19:
                    39:5b:ca:72:53:95:c6:31:1a:b7:66:50:24:3e:d5:
                    17:6a:00:9e:76:74:64:0e:35:c5:d6:d6:a7:4f:88:
                    dc:61:14:f1:01:28:c0:35:7d:b6:77:07:e5:3b:df:
                    f7:fb:25:3f:aa:36:a7:15:c1:a4:ea:c7:a0:8d:c9:
                    7c:24:ac:6b:81:31:89:45:35:05:11:18:6e:a1:9b:
                    ba:62:52:f6:46:5a:51:47:bc:97:d8:c8:59:af:e4:
                    cd:21:b0:53:e5:1a:db:b4:04:cc:fd:73:94:b5:8a:
                    d3:ec:74:f5:f1:92:6a:e6:24:c1:53:65:11:5d:3b:
                    db:6c:74:9b:12:33:89:17:23:b1:20:33:5f:dd:43:
                    65:6f:29:f6:5d:69:61:cc:6d:f4:4b:07:28:97:cb:
                    13:cc:7a:9c:f8:ad:26:a6:93:a6:de:84:61:27:9f:
                    a4:5a:3c:81:a2:00:f2:6e:d1:bf:6c:72:ac:2a:eb:
                    5f:63:20:a2:cd:72:cf:b5:68:41:b5:8c:9a:46:61:
                    48:7a:0e:a6:f9:32:ee:93:d7:2d:0f:da:53:9d:ee:
                    ce:be:a7:bd:66:fd:38:0f:17:1c:73:35:43:cd:38:
                    65:d4:43:36:28:ab:9e:1d:38:ae:a3:02:7e:8c:ab:
                    cc:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:A4:15:C6:F5:FC:86:91:90:45:D4:80:C9:DE:F2:00:CF:86:30:83
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214818.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:808::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:3d:f4:21:9b:04:54:90:2a:40:c1:fe:8e:db:30:15:a3:43:
         31:03:ef:c8:e3:87:10:57:44:4a:c6:74:c7:c3:49:92:c3:7d:
         a7:ef:1c:8f:6d:16:56:2a:e0:86:9d:d0:75:70:59:7c:87:48:
         c6:d2:a9:ab:0b:b4:41:2b:07:a6:9c:49:23:ed:89:7d:27:2a:
         55:88:a6:f1:15:cc:2e:f6:f3:cc:b0:46:db:89:6b:da:b6:87:
         4b:be:59:8c:4c:c0:c4:66:92:99:34:6a:fc:be:84:a9:37:5d:
         7e:bd:6d:82:9b:01:be:da:c7:b1:e4:a3:1c:1f:35:72:a1:3a:
         a9:d9:d8:dc:38:99:e4:28:f0:09:39:4a:a3:67:7c:9f:39:f1:
         43:e0:b3:91:68:88:0f:9a:ca:f4:40:37:e5:0e:dd:cb:60:71:
         62:f6:9f:f5:bd:6a:6c:b6:55:3e:cc:46:7c:86:54:50:39:1f:
         9a:47:43:08:23:cc:61:b4:79:b9:a8:9e:a7:52:3b:03:0d:be:
         36:bc:29:3b:8d:c9:20:82:b4:84:bd:71:9f:0d:99:1a:4d:f3:
         62:3c:94:b1:4a:d3:f6:cf:c3:4c:aa:4f:1e:ed:d0:eb:c4:b5:
         ba:de:db:80:f1:04:bc:75:ac:d8:6b:c3:9b:0e:85:a5:7f:0b:
         36:90:fe:88
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIURHODwJUbtHcR2LGyNvbYkJ4fedowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA2MDYwMzM3NDRaFw0yNTA2MDUwMzQyNDRaMDMxMTAvBgNV
BAMTKDkzQTQxNUM2RjVGQzg2OTE5MDQ1RDQ4MEM5REVGMjAwQ0Y4NjMwODMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDflA7C8TQz4uQOLzv/GTlbynJT
lcYxGrdmUCQ+1RdqAJ52dGQONcXW1qdPiNxhFPEBKMA1fbZ3B+U73/f7JT+qNqcV
waTqx6CNyXwkrGuBMYlFNQURGG6hm7piUvZGWlFHvJfYyFmv5M0hsFPlGtu0BMz9
c5S1itPsdPXxkmrmJMFTZRFdO9tsdJsSM4kXI7EgM1/dQ2VvKfZdaWHMbfRLByiX
yxPMepz4rSamk6behGEnn6RaPIGiAPJu0b9scqwq619jIKLNcs+1aEG1jJpGYUh6
Dqb5Mu6T1y0P2lOd7s6+p71m/TgPFxxzNUPNOGXUQzYoq54dOK6jAn6Mq8zrAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUk6QVxvX8hpGQRdSAyd7yAM+GMIMwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE0ODE4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQgIMA0GCSqGSIb3DQEBCwUAA4IBAQB/PfQhmwRUkCpAwf6O2zAVo0MxA+/I44cQ
V0RKxnTHw0mSw32n7xyPbRZWKuCGndB1cFl8h0jG0qmrC7RBKwemnEkj7Yl9JypV
iKbxFcwu9vPMsEbbiWvatodLvlmMTMDEZpKZNGr8voSpN11+vW2CmwG+2sex5KMc
HzVyoTqp2djcOJnkKPAJOUqjZ3yfOfFD4LORaIgPmsr0QDflDt3LYHFi9p/1vWps
tlU+zEZ8hlRQOR+aR0MII8xhtHm5qJ6nUjsDDb42vCk7jckggrSEvXGfDZkaTfNi
PJSxStP2z8NMqk8e7dDrxLW63tuA8QS8dazYa8ObDoWlfws2kP6I
-----END CERTIFICATE-----
Generated at Wed Jul 17 04:39:55 2024 by rpki-client on console-fra.rpki-client.org