Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214143.roa
File:                     AS214143.roa (raw, json)
Hash identifier:          FfiDXGaFcQeEN3RcIYaLN+O+LxII5349QXoPeHhM/Qg=
Subject key identifier:   0C:BD:60:86:E2:4A:86:BD:D4:3A:42:CD:DB:BE:72:2B:05:E2:24:D6
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       064F00B468FBD7488A7090768E60BE2F6D84FCC7
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214143.roa
Signing time:             Wed 21 May 2025 16:52:52 +0000
ROA not before:           Wed 21 May 2025 16:47:52 +0000
ROA not after:            Wed 20 May 2026 16:52:52 +0000
asID:                     214143
IP address blocks:        82.23.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:4f:00:b4:68:fb:d7:48:8a:70:90:76:8e:60:be:2f:6d:84:fc:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 21 16:47:52 2025 GMT
            Not After : May 20 16:52:52 2026 GMT
        Subject: CN=0CBD6086E24A86BDD43A42CDDBBE722B05E224D6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:44:59:f3:33:c8:2f:c2:b6:fd:7a:55:d2:67:
                    df:9d:c6:a9:17:b6:27:c4:43:91:96:24:09:ed:1d:
                    21:49:6c:d5:98:4e:14:24:c0:71:b6:af:ba:dd:70:
                    0b:f6:9d:09:d6:7a:64:f8:ec:d7:4e:1e:4d:f7:24:
                    c4:46:94:bb:50:95:44:c2:9c:30:e8:23:dd:14:c9:
                    23:a0:ee:0d:e4:c8:6f:60:70:90:c6:22:a3:87:ae:
                    52:ec:ee:2d:a8:b2:3a:08:77:fb:43:ca:ce:67:1b:
                    dc:a4:d5:d0:6b:a1:5d:7f:9a:8a:c4:ce:d7:1d:30:
                    d8:c4:e9:78:35:c1:0d:e6:99:03:40:b6:36:ea:d6:
                    56:df:f2:55:2f:7b:b7:37:ba:bf:41:c9:e4:bd:03:
                    93:7a:36:d4:df:13:47:06:4c:ad:cc:50:74:c1:6d:
                    4f:c6:d0:28:8c:77:c3:9b:49:4b:0b:f4:43:aa:10:
                    62:5f:c1:f3:59:ac:ff:a2:00:da:6a:14:de:d9:8d:
                    12:7d:8f:0b:ae:5f:1f:d8:d8:f4:b0:5f:83:3b:4a:
                    3b:51:c8:b7:7d:71:70:ad:cf:56:19:b9:aa:c2:19:
                    7d:da:40:1d:f0:14:9c:e3:f6:92:82:06:8f:0b:6c:
                    05:1f:bb:3e:14:55:3c:4d:c1:42:e1:b3:e3:25:d4:
                    0e:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:BD:60:86:E2:4A:86:BD:D4:3A:42:CD:DB:BE:72:2B:05:E2:24:D6
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214143.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.23.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:97:c2:13:8c:a3:43:6c:6e:9a:a6:45:f0:e0:f5:2d:68:6c:
         7d:37:87:60:02:75:09:4d:5d:c1:d8:c4:fc:1f:02:e4:08:8f:
         ec:3a:08:d3:75:12:e3:7f:6b:47:72:83:03:85:a5:90:22:0b:
         64:0b:30:d4:cd:90:4f:9d:b5:da:70:eb:6b:85:93:82:f4:a3:
         07:5c:94:69:20:4d:78:63:f6:71:c3:18:5f:fb:33:52:bb:4e:
         09:2f:7f:06:de:0e:59:e7:3d:54:85:a5:f1:23:65:59:c3:bf:
         8e:5d:23:96:7e:ff:03:dd:07:ab:14:19:f6:50:df:81:b8:31:
         e0:5f:30:84:31:e7:68:58:65:de:0a:4a:d4:c4:3b:20:e2:3e:
         75:83:21:c8:9e:cb:1f:bd:3d:b6:5b:cf:25:2d:23:89:cd:21:
         de:8a:45:10:9a:fb:8c:6c:f2:7a:35:2f:f4:df:e2:21:0c:67:
         3e:06:1e:63:e0:80:0b:99:00:be:7c:31:e2:29:91:be:9b:86:
         f2:cb:7c:fb:d8:8d:6a:09:dd:9d:8b:e8:5d:43:bd:42:ee:ae:
         d2:ee:3e:64:f3:b8:c0:24:f5:6b:19:48:79:a0:c8:69:ca:c4:
         e1:3f:9e:1b:f5:ab:36:35:77:f5:66:33:e4:93:b2:ac:bd:4e:
         48:17:70:16
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUBk8AtGj710iKcJB2jmC+L22E/McwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA1MjExNjQ3NTJaFw0yNjA1MjAxNjUyNTJaMDMxMTAvBgNV
BAMTKDBDQkQ2MDg2RTI0QTg2QkRENDNBNDJDRERCQkU3MjJCMDVFMjI0RDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGRFnzM8gvwrb9elXSZ9+dxqkX
tifEQ5GWJAntHSFJbNWYThQkwHG2r7rdcAv2nQnWemT47NdOHk33JMRGlLtQlUTC
nDDoI90UySOg7g3kyG9gcJDGIqOHrlLs7i2osjoId/tDys5nG9yk1dBroV1/morE
ztcdMNjE6Xg1wQ3mmQNAtjbq1lbf8lUve7c3ur9ByeS9A5N6NtTfE0cGTK3MUHTB
bU/G0CiMd8ObSUsL9EOqEGJfwfNZrP+iANpqFN7ZjRJ9jwuuXx/Y2PSwX4M7SjtR
yLd9cXCtz1YZuarCGX3aQB3wFJzj9pKCBo8LbAUfuz4UVTxNwULhs+Ml1A4nAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUDL1ghuJKhr3UOkLN275yKwXiJNYwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0MTQzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhf8
MA0GCSqGSIb3DQEBCwUAA4IBAQBhl8ITjKNDbG6apkXw4PUtaGx9N4dgAnUJTV3B
2MT8HwLkCI/sOgjTdRLjf2tHcoMDhaWQIgtkCzDUzZBPnbXacOtrhZOC9KMHXJRp
IE14Y/Zxwxhf+zNSu04JL38G3g5Z5z1UhaXxI2VZw7+OXSOWfv8D3QerFBn2UN+B
uDHgXzCEMedoWGXeCkrUxDsg4j51gyHInssfvT22W88lLSOJzSHeikUQmvuMbPJ6
NS/03+IhDGc+Bh5j4IALmQC+fDHiKZG+m4byy3z72I1qCd2di+hdQ71C7q7S7j5k
87jAJPVrGUh5oMhpysThP54b9as2NXf1ZjPkk7KsvU5IF3AW
-----END CERTIFICATE-----