Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214832.roa
File:                     AS214832.roa (raw, json)
Hash identifier:          1qH/4Jr2k5VOpwmPak2lttQQaoXD6UlY/QdyRwHcuko=
Subject key identifier:   96:8B:AE:85:AB:26:D0:E4:8B:98:B6:EB:FC:92:98:E2:C7:82:41:5F
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       5FE2B5EDBF17612C40634AB5CD90962FC88D4D2E
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214832.roa
Signing time:             Fri 24 May 2024 11:10:13 +0000
ROA not before:           Fri 24 May 2024 11:05:13 +0000
ROA not after:            Fri 23 May 2025 11:10:13 +0000
asID:                     214832
IP address blocks:        2a0f:85c1:805::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jul 2024 20:37:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:e2:b5:ed:bf:17:61:2c:40:63:4a:b5:cd:90:96:2f:c8:8d:4d:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 24 11:05:13 2024 GMT
            Not After : May 23 11:10:13 2025 GMT
        Subject: CN=968BAE85AB26D0E48B98B6EBFC9298E2C782415F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:7a:02:68:f1:76:46:e6:58:a3:83:e1:67:d9:
                    5b:18:e2:c6:3a:5d:a3:3e:5d:80:8b:cd:13:7f:85:
                    ed:8b:82:ea:9b:74:b3:ab:a4:a1:58:0d:c8:02:2b:
                    1d:5f:17:f7:43:f3:bc:cf:88:9b:ab:b6:4a:1f:55:
                    b0:ed:ee:93:8d:7e:e1:5a:5c:d6:a3:45:81:f8:f1:
                    5d:10:3b:3c:d6:80:62:f8:d0:9e:00:4e:4c:a5:3c:
                    88:07:2a:c8:87:69:3f:95:e3:04:89:46:e4:2e:d7:
                    de:e0:3c:34:15:3e:12:a5:42:cb:e7:0c:1c:06:de:
                    df:f1:3f:73:25:c5:35:a0:0e:69:64:ac:6d:5d:14:
                    c6:d9:c0:22:6e:dd:32:c8:3a:bd:ce:b6:d4:63:d9:
                    18:e5:70:74:7f:fc:5a:ad:45:eb:6b:6a:06:7f:62:
                    b4:74:f4:b7:fc:28:e0:36:25:d7:07:7a:53:70:04:
                    84:65:a7:8d:d7:ac:bb:ce:5c:c7:ed:0c:39:22:2c:
                    cd:32:2b:ab:8c:bd:ed:e2:cf:d6:82:0f:33:c5:1d:
                    be:07:03:fa:23:56:0e:17:58:a6:d7:dd:f3:ba:6b:
                    2d:5b:6f:d3:19:32:c6:e1:5b:75:b0:e0:91:8f:58:
                    20:7d:58:0e:38:e7:2c:c4:c7:c0:c9:1f:bb:e0:ce:
                    b8:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:8B:AE:85:AB:26:D0:E4:8B:98:B6:EB:FC:92:98:E2:C7:82:41:5F
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214832.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:805::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:d9:29:a9:1c:23:e0:20:8d:c3:4a:f8:4d:a6:6b:71:6a:27:
         ce:b4:a6:af:ec:45:c0:62:f2:62:c0:f7:18:eb:2d:04:39:e4:
         82:ce:40:10:eb:42:11:32:a5:41:d0:76:c5:00:79:7c:71:fa:
         d2:77:1e:86:fd:68:80:90:42:64:88:63:a6:01:5a:9b:43:29:
         5e:c8:04:eb:a3:11:41:67:3c:9a:34:ef:47:6a:52:39:0a:ae:
         c3:d6:39:1a:c0:fe:75:06:83:ec:14:b5:b2:58:8c:a4:75:64:
         32:08:dc:df:54:74:99:2a:85:25:c9:4d:9c:7a:ef:41:40:c4:
         f0:76:f6:08:5c:ca:92:c9:34:d1:10:dd:e1:7d:da:2c:51:df:
         27:30:ed:9f:21:40:1f:09:77:e5:f7:b1:3f:0f:3b:5d:e4:7d:
         25:f8:6c:36:bd:5b:33:30:b6:88:fb:a9:c3:b5:c6:c6:be:86:
         6d:d6:6b:63:04:81:16:94:2f:6b:59:f2:1c:98:cf:c1:ea:89:
         ac:69:35:1b:6e:57:10:ff:bc:6f:77:f3:eb:29:99:f6:e2:5f:
         f9:95:08:bf:b3:08:17:92:15:9e:7c:1a:34:b7:91:60:05:14:
         2a:00:eb:f4:ab:6f:24:9e:7b:42:f0:72:a1:ee:52:0c:02:9e:
         c6:d5:28:5f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUX+K17b8XYSxAY0q1zZCWL8iNTS4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjQxMTA1MTNaFw0yNTA1MjMxMTEwMTNaMDMxMTAvBgNV
BAMTKDk2OEJBRTg1QUIyNkQwRTQ4Qjk4QjZFQkZDOTI5OEUyQzc4MjQxNUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDregJo8XZG5lijg+Fn2VsY4sY6
XaM+XYCLzRN/he2LguqbdLOrpKFYDcgCKx1fF/dD87zPiJurtkofVbDt7pONfuFa
XNajRYH48V0QOzzWgGL40J4ATkylPIgHKsiHaT+V4wSJRuQu197gPDQVPhKlQsvn
DBwG3t/xP3MlxTWgDmlkrG1dFMbZwCJu3TLIOr3OttRj2RjlcHR//FqtRetragZ/
YrR09Lf8KOA2JdcHelNwBIRlp43XrLvOXMftDDkiLM0yK6uMve3iz9aCDzPFHb4H
A/ojVg4XWKbX3fO6ay1bb9MZMsbhW3Ww4JGPWCB9WA445yzEx8DJH7vgzrhhAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUlouuhasm0OSLmLbr/JKY4seCQV8wHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE0ODMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQgFMA0GCSqGSIb3DQEBCwUAA4IBAQAq2SmpHCPgII3DSvhNpmtxaifOtKav7EXA
YvJiwPcY6y0EOeSCzkAQ60IRMqVB0HbFAHl8cfrSdx6G/WiAkEJkiGOmAVqbQyle
yATroxFBZzyaNO9HalI5Cq7D1jkawP51BoPsFLWyWIykdWQyCNzfVHSZKoUlyU2c
eu9BQMTwdvYIXMqSyTTREN3hfdosUd8nMO2fIUAfCXfl97E/Dztd5H0l+Gw2vVsz
MLaI+6nDtcbGvoZt1mtjBIEWlC9rWfIcmM/B6omsaTUbblcQ/7xvd/PrKZn24l/5
lQi/swgXkhWefBo0t5FgBRQqAOv0q28knntC8HKh7lIMAp7G1Shf
-----END CERTIFICATE-----
Generated at Wed Jul 17 04:35:22 2024 by rpki-client on console-ams.rpki-client.org