Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214909.roa
File:                     AS214909.roa (raw, json)
Hash identifier:          I2UNiyyCD3SieyYCvxp+r+H4N4ozSvSU51wtJQKSMN0=
Subject key identifier:   E7:45:47:07:23:B6:67:EC:DB:52:FC:97:76:7A:9C:3D:DE:84:73:19
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       6CE62C2F9AE2D34E8A2AC4BE2F33BB36DB4EB0BE
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214909.roa
Signing time:             Thu 23 May 2024 16:49:07 +0000
ROA not before:           Thu 23 May 2024 16:44:07 +0000
ROA not after:            Thu 22 May 2025 16:49:07 +0000
asID:                     214909
IP address blocks:        2a0f:85c1:3f7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jul 2024 20:37:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:e6:2c:2f:9a:e2:d3:4e:8a:2a:c4:be:2f:33:bb:36:db:4e:b0:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: May 23 16:44:07 2024 GMT
            Not After : May 22 16:49:07 2025 GMT
        Subject: CN=E745470723B667ECDB52FC97767A9C3DDE847319
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:59:7c:01:5c:84:79:05:65:01:dc:01:fb:f6:
                    0b:f9:d2:4f:05:c1:80:8f:25:da:02:50:4b:00:47:
                    14:6b:92:b0:95:1b:71:8a:e3:f9:74:8c:69:ad:89:
                    99:05:ab:c6:bb:ca:3d:0a:12:01:7d:de:9e:91:61:
                    a7:21:bc:f5:98:b7:2b:a9:c5:e3:3c:ae:d8:f9:7e:
                    f4:14:b4:f0:db:8c:fd:d7:93:2e:d9:2d:59:f4:74:
                    5d:98:10:cd:2a:d4:9c:67:2c:1d:9f:2c:4a:f3:f2:
                    78:01:5a:a7:44:79:e5:a9:9a:7d:81:19:cc:17:47:
                    c1:c5:2d:fa:a7:3a:ee:ba:21:d2:98:4e:91:00:91:
                    24:89:fb:8b:f0:97:1f:c2:fc:4b:9a:93:3d:eb:74:
                    03:2c:ad:c4:0d:ea:0a:76:96:13:17:42:d4:54:4d:
                    c4:d0:9a:4f:47:2e:15:7b:c0:e6:90:61:c4:8e:58:
                    01:be:48:cd:ce:1a:aa:6b:ce:19:fe:2b:f9:b8:8b:
                    63:39:22:05:ad:95:03:a0:e7:f5:aa:26:5d:58:ee:
                    5d:fe:4a:32:16:8d:48:04:8d:da:34:ce:11:55:17:
                    b2:6e:1c:a0:9a:83:73:70:60:2e:89:41:95:bf:eb:
                    f2:a0:ff:b2:aa:52:e1:b3:be:f1:16:c5:40:3a:2d:
                    d5:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:45:47:07:23:B6:67:EC:DB:52:FC:97:76:7A:9C:3D:DE:84:73:19
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214909.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3f7::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:1f:b0:ce:b7:75:57:ea:d8:a5:06:ce:b8:4e:55:31:4f:2e:
         38:1e:1c:21:06:47:f5:cb:97:97:4a:43:c5:bd:e1:7c:2d:f8:
         a5:3a:88:17:77:59:ed:5f:27:e9:71:58:02:1b:d0:46:2f:d4:
         6b:da:4c:d8:92:8a:c6:b8:c7:2f:a3:ba:49:88:c1:6e:cd:60:
         4e:de:99:0c:d1:13:d9:29:bc:c3:43:a0:63:09:f0:33:ee:f5:
         5d:28:97:b5:ed:0b:83:03:e5:dc:79:6a:54:d7:c5:9d:97:aa:
         37:a8:9a:f8:87:12:f8:c5:7f:b3:7a:5e:ce:86:89:6e:f8:14:
         3d:c5:6c:61:bd:f1:0f:ee:81:63:b4:72:03:3b:8f:db:0a:05:
         93:4b:4c:fc:4d:cc:dc:39:71:97:06:55:3e:10:1b:1d:e6:2e:
         f6:4a:8b:88:9e:07:fd:a9:19:0f:60:c4:6c:c8:65:59:22:f6:
         77:52:72:21:30:9e:2f:83:f1:94:95:22:37:90:27:c8:8a:fe:
         07:29:ed:e4:24:bf:6e:fe:16:c2:95:41:20:79:7d:39:19:40:
         29:64:d9:38:91:43:24:09:a5:03:80:63:fd:4b:91:6f:1c:17:
         5d:f9:df:62:95:79:08:09:03:e3:08:49:52:2b:ef:59:a2:ec:
         86:d0:05:b0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUbOYsL5ri006KKsS+LzO7NttOsL4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA1MjMxNjQ0MDdaFw0yNTA1MjIxNjQ5MDdaMDMxMTAvBgNV
BAMTKEU3NDU0NzA3MjNCNjY3RUNEQjUyRkM5Nzc2N0E5QzNEREU4NDczMTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCWXwBXIR5BWUB3AH79gv50k8F
wYCPJdoCUEsARxRrkrCVG3GK4/l0jGmtiZkFq8a7yj0KEgF93p6RYachvPWYtyup
xeM8rtj5fvQUtPDbjP3Xky7ZLVn0dF2YEM0q1JxnLB2fLErz8ngBWqdEeeWpmn2B
GcwXR8HFLfqnOu66IdKYTpEAkSSJ+4vwlx/C/Euakz3rdAMsrcQN6gp2lhMXQtRU
TcTQmk9HLhV7wOaQYcSOWAG+SM3OGqprzhn+K/m4i2M5IgWtlQOg5/WqJl1Y7l3+
SjIWjUgEjdo0zhFVF7JuHKCag3NwYC6JQZW/6/Kg/7KqUuGzvvEWxUA6LdWLAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU50VHByO2Z+zbUvyXdnqcPd6EcxkwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE0OTA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQP3MA0GCSqGSIb3DQEBCwUAA4IBAQBoH7DOt3VX6tilBs64TlUxTy44HhwhBkf1
y5eXSkPFveF8LfilOogXd1ntXyfpcVgCG9BGL9Rr2kzYkorGuMcvo7pJiMFuzWBO
3pkM0RPZKbzDQ6BjCfAz7vVdKJe17QuDA+XceWpU18Wdl6o3qJr4hxL4xX+zel7O
holu+BQ9xWxhvfEP7oFjtHIDO4/bCgWTS0z8TczcOXGXBlU+EBsd5i72SouIngf9
qRkPYMRsyGVZIvZ3UnIhMJ4vg/GUlSI3kCfIiv4HKe3kJL9u/hbClUEgeX05GUAp
ZNk4kUMkCaUDgGP9S5FvHBdd+d9ilXkICQPjCElSK+9ZouyG0AWw
-----END CERTIFICATE-----
Generated at Wed Jul 17 04:39:55 2024 by rpki-client on console-fra.rpki-client.org