Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214989.roa
File:                     AS214989.roa (raw, json)
Hash identifier:          qHOc+E7v6JMzxxQizzIw8jrUuIgtsQW2s52tpW9WpyE=
Subject key identifier:   03:4F:F6:35:76:67:C5:B2:D2:3E:2D:6A:2F:4E:0E:36:D2:BB:C8:D9
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       2851A8A8356C36FC7C6501A37AE3383582FEC05E
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214989.roa
Signing time:             Fri 12 Jul 2024 03:33:34 +0000
ROA not before:           Fri 12 Jul 2024 03:28:34 +0000
ROA not after:            Fri 11 Jul 2025 03:33:34 +0000
asID:                     214989
IP address blocks:        2a0f:85c1:3cf::/48 maxlen: 48
                          2a0f:85c1:3e0::/44 maxlen: 44
                          2a0f:85c1:500::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jul 2024 13:47:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:51:a8:a8:35:6c:36:fc:7c:65:01:a3:7a:e3:38:35:82:fe:c0:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: Jul 12 03:28:34 2024 GMT
            Not After : Jul 11 03:33:34 2025 GMT
        Subject: CN=034FF6357667C5B2D23E2D6A2F4E0E36D2BBC8D9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:71:59:86:c8:28:16:d2:db:8c:b0:1c:37:e8:
                    f5:d0:5d:34:a1:93:da:82:88:bf:78:02:6c:75:8d:
                    5c:9e:f1:51:bf:fd:03:83:59:6b:92:90:d8:0e:ca:
                    c4:c4:24:46:fe:1f:b1:b4:fe:75:5f:b3:8e:94:fc:
                    eb:8d:0d:bd:c7:be:10:77:08:96:20:c5:e6:89:cc:
                    ad:b7:53:81:8e:bb:f7:58:ca:01:82:ad:a7:25:f5:
                    79:05:a5:54:b2:ae:c5:c5:fc:b0:5f:fc:d2:10:06:
                    f5:9d:df:53:0f:33:b0:74:4b:d4:f8:ef:d0:f6:e8:
                    f4:ac:da:7d:39:5d:14:6d:17:6e:bb:0e:63:36:98:
                    2f:bf:3a:7f:d8:19:bf:7c:20:2d:5b:bb:e6:20:5c:
                    fd:55:7d:00:46:91:f7:5a:97:4d:78:d2:10:af:63:
                    00:61:06:8a:c6:75:b2:8a:ec:88:4f:4f:7e:39:79:
                    04:a5:c6:ef:a8:0b:c4:8c:60:43:07:01:cc:34:cc:
                    6d:34:45:ae:05:46:f9:2c:38:32:f2:f6:6d:16:bd:
                    81:7d:4a:b9:2b:34:98:9e:2f:2c:8b:1d:6c:4a:ae:
                    5f:f3:51:e6:22:ef:5c:7b:8b:7a:40:50:6a:26:aa:
                    47:e9:41:01:31:08:bd:8e:ad:8b:f9:b4:31:ca:e3:
                    34:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:4F:F6:35:76:67:C5:B2:D2:3E:2D:6A:2F:4E:0E:36:D2:BB:C8:D9
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/AS214989.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3cf::/48
                  2a0f:85c1:3e0::/44
                  2a0f:85c1:500::/40

    Signature Algorithm: sha256WithRSAEncryption
         7b:73:89:18:9a:9f:14:19:b7:ce:73:c5:49:a5:8c:2e:82:92:
         ad:22:d0:8e:17:0e:36:5e:a9:83:df:50:5c:5d:32:c4:2b:2b:
         c7:94:46:01:97:94:30:19:89:c1:51:e7:f0:e9:7b:eb:f8:4a:
         04:02:a6:d4:5a:8e:dc:6d:16:77:e0:fb:5d:27:2a:b6:fb:f1:
         95:0f:36:bb:65:57:81:6f:52:84:3b:22:ee:38:7e:b6:b0:7f:
         92:17:6f:9b:49:a8:7c:af:bb:55:c3:3c:0a:01:d7:ff:b8:f5:
         51:66:a1:e0:1a:17:d3:9d:ff:30:44:aa:f5:e4:51:04:b2:77:
         da:9b:63:13:b1:ac:f3:2f:16:87:16:84:43:27:21:37:b6:f3:
         5c:7b:7a:c9:70:a2:bb:6f:a3:1e:63:69:35:aa:8c:09:cb:ef:
         83:4a:96:f6:22:13:d9:4a:1b:30:00:e0:c0:a0:d2:58:3a:b6:
         34:97:c4:81:dd:b6:74:92:04:d5:5f:4d:19:1b:d9:d6:fc:ab:
         93:18:4b:17:6b:14:2e:14:b9:39:1a:24:70:13:29:33:f1:3c:
         ca:ec:c7:e0:03:b5:cf:83:ea:c2:a1:cf:33:19:04:53:55:62:
         34:f6:23:dc:5d:ff:52:f6:36:71:a3:a0:d2:1e:cc:91:17:16:
         65:3a:9c:fb
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgIUKFGoqDVsNvx8ZQGjeuM4NYL+wF4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDA3MTIwMzI4MzRaFw0yNTA3MTEwMzMzMzRaMDMxMTAvBgNV
BAMTKDAzNEZGNjM1NzY2N0M1QjJEMjNFMkQ2QTJGNEUwRTM2RDJCQkM4RDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbcVmGyCgW0tuMsBw36PXQXTSh
k9qCiL94Amx1jVye8VG//QODWWuSkNgOysTEJEb+H7G0/nVfs46U/OuNDb3HvhB3
CJYgxeaJzK23U4GOu/dYygGCracl9XkFpVSyrsXF/LBf/NIQBvWd31MPM7B0S9T4
79D26PSs2n05XRRtF267DmM2mC+/On/YGb98IC1bu+YgXP1VfQBGkfdal0140hCv
YwBhBorGdbKK7IhPT345eQSlxu+oC8SMYEMHAcw0zG00Ra4FRvksODLy9m0WvYF9
SrkrNJieLyyLHWxKrl/zUeYi71x7i3pAUGomqkfpQQExCL2OrYv5tDHK4zR5AgMB
AAGjggIeMIICGjAdBgNVHQ4EFgQUA0/2NXZnxbLSPi1qL04ONtK7yNkwHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZjMjBhZGQzLWE4OGUt
NGJiMi1hODRkLTU1ZGEyMTI4ZjE5Ni8wL0FTMjE0OTg5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAAjAaAwcAKg+F
wQPPAwcEKg+FwQPgAwYAKg+FwQUwDQYJKoZIhvcNAQELBQADggEBAHtziRianxQZ
t85zxUmljC6Ckq0i0I4XDjZeqYPfUFxdMsQrK8eURgGXlDAZicFR5/Dpe+v4SgQC
ptRajtxtFnfg+10nKrb78ZUPNrtlV4FvUoQ7Iu44frawf5IXb5tJqHyvu1XDPAoB
1/+49VFmoeAaF9Od/zBEqvXkUQSyd9qbYxOxrPMvFocWhEMnITe281x7eslwortv
ox5jaTWqjAnL74NKlvYiE9lKGzAA4MCg0lg6tjSXxIHdtnSSBNVfTRkb2db8q5MY
SxdrFC4UuTkaJHATKTPxPMrsx+ADtc+D6sKhzzMZBFNVYjT2I9xd/1L2NnGjoNIe
zJEXFmU6nPs=
-----END CERTIFICATE-----
Generated at Wed Jul 17 20:57:13 2024 by rpki-client on console-fra.rpki-client.org