Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214848.roa
File:                     AS214848.roa (raw, json)
Hash identifier:          iSh18+cv5vgetP3DBY88E9Y1xq1zEtW0XaX4AEQiFSU=
Subject key identifier:   39:AC:BF:CC:11:3D:EE:B3:4E:D2:17:8F:3B:D4:0E:B8:5A:AD:C3:44
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       66EDAE46D18ED49E8117D42DA789051DA62AEF69
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214848.roa
Signing time:             Tue 11 Jun 2024 00:17:12 +0000
ROA not before:           Tue 11 Jun 2024 00:12:12 +0000
ROA not after:            Tue 10 Jun 2025 00:17:12 +0000
asID:                     214848
IP address blocks:        2a0f:85c1:3ca::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jul 2024 20:37:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:ed:ae:46:d1:8e:d4:9e:81:17:d4:2d:a7:89:05:1d:a6:2a:ef:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: Jun 11 00:12:12 2024 GMT
            Not After : Jun 10 00:17:12 2025 GMT
        Subject: CN=39ACBFCC113DEEB34ED2178F3BD40EB85AADC344
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:69:a6:4c:3e:f9:ea:21:26:61:f3:1f:4b:62:
                    13:fc:77:c0:5f:32:a3:28:5e:85:01:e9:00:d7:08:
                    7c:53:48:f2:aa:bb:71:f4:c4:49:c6:88:7a:6b:f0:
                    61:96:9d:9e:ed:45:56:34:13:73:e4:3d:65:71:cd:
                    3e:ad:67:06:36:08:c8:cc:7c:7d:a4:42:02:8b:7a:
                    c8:c8:e5:81:e4:58:e9:2c:f8:25:0d:1b:db:c5:1f:
                    a1:0e:82:f7:ed:b7:f9:02:f0:1e:77:cd:22:eb:89:
                    4a:31:a3:9b:86:f5:54:f6:3a:04:8e:fd:40:d4:05:
                    8a:aa:4e:d9:5d:cf:aa:43:bb:05:a4:73:55:07:b1:
                    2e:43:2a:fe:35:f7:23:23:e1:5a:75:18:94:c5:92:
                    ed:bb:e4:14:6a:ca:1c:b4:3a:48:e9:c3:30:33:c2:
                    67:8b:65:8e:35:fa:d3:21:c6:f5:d4:8d:80:57:e8:
                    f8:19:a1:c7:ff:ee:68:6c:dc:0b:b2:40:c8:2f:ee:
                    32:d3:df:ac:41:72:d8:0d:55:ba:b6:4b:36:d9:ab:
                    eb:9b:15:e4:d2:67:8b:d8:60:24:6b:b2:ff:84:c3:
                    ff:3f:b8:db:63:90:d9:41:2b:e2:6f:9b:dc:29:6f:
                    4f:cc:48:e0:47:a8:86:68:22:12:4d:f7:d4:9a:26:
                    a5:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:AC:BF:CC:11:3D:EE:B3:4E:D2:17:8F:3B:D4:0E:B8:5A:AD:C3:44
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214848.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3ca::/48

    Signature Algorithm: sha256WithRSAEncryption
         79:64:66:0b:06:f8:4d:9c:69:63:21:5f:6a:14:be:10:8d:85:
         d4:b3:cf:92:fc:ee:7c:cb:af:1b:71:a5:e7:7e:01:3e:d8:43:
         b9:ec:33:29:f5:6a:b6:fd:c3:29:6f:d6:93:05:41:f9:74:03:
         e4:24:c4:bc:c9:a6:f8:cf:a4:9d:be:a6:d8:8a:43:13:b6:ce:
         20:65:0a:2f:61:da:9e:4e:07:90:da:a3:d2:67:b3:b6:16:f7:
         1d:b1:3e:1c:84:b8:c4:02:ae:e5:9c:d6:9a:c2:f3:5c:ad:4c:
         9a:ed:ae:8b:ff:f8:19:fc:3b:0f:0d:68:3d:8f:14:a6:af:86:
         3a:cc:bb:f9:66:97:71:3c:dc:71:fc:36:03:84:81:7b:32:02:
         2c:2c:f5:37:97:92:f8:92:fd:a7:23:00:08:2f:55:24:14:72:
         37:35:d9:ca:61:78:a5:e8:8f:ba:8a:ae:88:e3:77:75:8a:cf:
         23:e6:84:17:bb:ed:5d:d7:c6:a8:9f:e9:b5:9a:8e:20:81:e3:
         98:cd:34:57:28:38:a7:76:31:6e:a2:fa:c6:40:ca:b1:e0:dd:
         f7:8e:d1:de:5f:7a:01:f8:93:68:4b:d2:24:00:f8:aa:b8:ee:
         14:9b:75:c6:ff:77:f7:39:80:f8:4e:3d:59:91:f3:d1:21:15:
         9a:99:a9:b6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUZu2uRtGO1J6BF9Qtp4kFHaYq72kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA2MTEwMDEyMTJaFw0yNTA2MTAwMDE3MTJaMDMxMTAvBgNV
BAMTKDM5QUNCRkNDMTEzREVFQjM0RUQyMTc4RjNCRDQwRUI4NUFBREMzNDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdaaZMPvnqISZh8x9LYhP8d8Bf
MqMoXoUB6QDXCHxTSPKqu3H0xEnGiHpr8GGWnZ7tRVY0E3PkPWVxzT6tZwY2CMjM
fH2kQgKLesjI5YHkWOks+CUNG9vFH6EOgvftt/kC8B53zSLriUoxo5uG9VT2OgSO
/UDUBYqqTtldz6pDuwWkc1UHsS5DKv419yMj4Vp1GJTFku275BRqyhy0OkjpwzAz
wmeLZY41+tMhxvXUjYBX6PgZocf/7mhs3AuyQMgv7jLT36xBctgNVbq2SzbZq+ub
FeTSZ4vYYCRrsv+Ew/8/uNtjkNlBK+Jvm9wpb0/MSOBHqIZoIhJN99SaJqXvAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUOay/zBE97rNO0hePO9QOuFqtw0QwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE0ODQ4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQPKMA0GCSqGSIb3DQEBCwUAA4IBAQB5ZGYLBvhNnGljIV9qFL4QjYXUs8+S/O58
y68bcaXnfgE+2EO57DMp9Wq2/cMpb9aTBUH5dAPkJMS8yab4z6SdvqbYikMTts4g
ZQovYdqeTgeQ2qPSZ7O2FvcdsT4chLjEAq7lnNaawvNcrUya7a6L//gZ/DsPDWg9
jxSmr4Y6zLv5ZpdxPNxx/DYDhIF7MgIsLPU3l5L4kv2nIwAIL1UkFHI3NdnKYXil
6I+6iq6I43d1is8j5oQXu+1d18aon+m1mo4ggeOYzTRXKDindjFuovrGQMqx4N33
jtHeX3oB+JNoS9IkAPiquO4Um3XG/3f3OYD4Tj1ZkfPRIRWamam2
-----END CERTIFICATE-----
Generated at Wed Jul 17 04:39:55 2024 by rpki-client on console-fra.rpki-client.org