Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214377.roa
File:                     AS214377.roa (raw, json)
Hash identifier:          QOK/LVLMZYPcGYudnTYtfNOdwrEK9DCClv/ZoKX9Cfs=
Subject key identifier:   84:29:19:66:75:54:09:54:01:4F:C8:E0:80:C1:AF:C8:33:D1:0D:5A
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       66A7ECA88E9E1120918A95964C81C9D33A3CCA01
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214377.roa
Signing time:             Fri 25 Jul 2025 08:07:44 +0000
ROA not before:           Fri 25 Jul 2025 08:02:44 +0000
ROA not after:            Fri 24 Jul 2026 08:07:44 +0000
asID:                     214377
IP address blocks:        2a0f:85c1:844::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 08:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:a7:ec:a8:8e:9e:11:20:91:8a:95:96:4c:81:c9:d3:3a:3c:ca:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:44 2025 GMT
            Not After : Jul 24 08:07:44 2026 GMT
        Subject: CN=8429196675540954014FC8E080C1AFC833D10D5A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a5:60:99:00:d6:f4:63:37:74:fb:e0:60:c5:
                    82:43:05:71:d5:bc:3d:e5:54:90:ae:1c:87:e4:d2:
                    74:f2:ba:32:1e:31:4a:e0:f9:99:54:6f:b0:06:4a:
                    f9:1d:ab:73:fc:23:32:45:cf:9a:5f:64:9d:bd:f5:
                    6f:a2:63:f9:23:8f:3a:5b:42:1f:08:3b:3f:e8:2c:
                    a7:2c:df:1b:41:eb:12:96:37:61:77:1f:37:be:7c:
                    71:12:47:c7:fe:4f:ab:ae:9f:82:d7:69:77:06:6c:
                    57:18:1d:cc:9c:69:da:1d:70:c7:bf:87:6f:bb:fb:
                    88:83:b8:4d:0f:98:9c:86:1d:18:e1:9f:53:59:98:
                    6e:2e:b7:91:5c:d2:cb:31:e5:09:93:bc:40:e5:e3:
                    cc:bc:aa:50:03:14:f7:35:e6:4d:40:bb:10:94:e5:
                    ac:e2:55:ce:d5:76:5c:c1:b7:41:1a:22:e2:b9:92:
                    0b:3c:0d:f0:d7:8b:1b:15:0c:bc:bd:31:67:7a:e9:
                    94:c2:3d:50:63:29:09:25:79:ed:b8:44:bd:17:75:
                    d6:49:31:98:15:c9:07:92:1a:e0:f5:bd:c7:fc:43:
                    12:8e:f1:30:0a:c3:bf:aa:f5:c0:de:1a:f1:b8:d5:
                    32:f8:4f:91:f6:a8:3f:52:29:3c:a6:24:19:b3:22:
                    bf:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:29:19:66:75:54:09:54:01:4F:C8:E0:80:C1:AF:C8:33:D1:0D:5A
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214377.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:844::/48

    Signature Algorithm: sha256WithRSAEncryption
         d6:ac:f1:6f:37:c3:2f:85:37:24:e0:38:44:7e:83:9c:ae:93:
         63:ae:09:b6:f1:3b:b4:19:f2:7b:63:4d:3e:2c:a8:1c:b2:60:
         0a:b6:69:6c:7d:25:b6:7c:65:f9:6c:07:ce:d2:74:68:11:5e:
         0d:8e:75:b5:c3:74:1d:c8:9b:35:07:b2:c3:3d:45:09:ea:06:
         55:93:a5:1a:9c:99:6f:b5:9e:4f:be:da:87:22:b8:83:1a:d9:
         0a:6a:9b:4f:18:87:55:d0:33:ab:56:6d:04:e1:54:74:15:82:
         91:7f:de:d3:dc:6f:a6:bc:58:5a:fe:e2:27:49:45:cb:f7:8f:
         6f:4f:f0:b2:3e:d6:04:16:a0:53:ae:d7:b6:a9:81:84:bb:ad:
         e8:0f:1f:1f:77:29:54:ef:2b:14:98:e0:22:ce:3b:74:2e:e5:
         e8:d7:fc:b1:7a:69:b3:e5:27:e0:ae:83:6b:06:3b:85:8d:0c:
         4d:ec:d8:63:f5:05:47:07:e5:1b:a5:9f:10:fa:d4:a0:17:02:
         b5:0e:90:2a:0e:2a:81:18:c1:f9:82:ce:ee:1f:c1:95:26:2a:
         84:8a:6c:0a:d4:c1:94:8f:46:53:be:0f:71:bb:fa:f1:5d:30:
         ff:74:99:2e:02:9d:ef:d5:47:5c:83:4a:1f:31:61:a8:18:c0:
         a3:51:85:38
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUZqfsqI6eESCRipWWTIHJ0zo8ygEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyNDRaFw0yNjA3MjQwODA3NDRaMDMxMTAvBgNV
BAMTKDg0MjkxOTY2NzU1NDA5NTQwMTRGQzhFMDgwQzFBRkM4MzNEMTBENUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5pWCZANb0Yzd0++BgxYJDBXHV
vD3lVJCuHIfk0nTyujIeMUrg+ZlUb7AGSvkdq3P8IzJFz5pfZJ299W+iY/kjjzpb
Qh8IOz/oLKcs3xtB6xKWN2F3Hze+fHESR8f+T6uun4LXaXcGbFcYHcycadodcMe/
h2+7+4iDuE0PmJyGHRjhn1NZmG4ut5Fc0ssx5QmTvEDl48y8qlADFPc15k1AuxCU
5aziVc7VdlzBt0EaIuK5kgs8DfDXixsVDLy9MWd66ZTCPVBjKQklee24RL0XddZJ
MZgVyQeSGuD1vcf8QxKO8TAKw7+q9cDeGvG41TL4T5H2qD9SKTymJBmzIr8/AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUhCkZZnVUCVQBT8jggMGvyDPRDVowHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0Mzc3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQhEMA0GCSqGSIb3DQEBCwUAA4IBAQDWrPFvN8MvhTck4DhEfoOcrpNjrgm28Tu0
GfJ7Y00+LKgcsmAKtmlsfSW2fGX5bAfO0nRoEV4NjnW1w3QdyJs1B7LDPUUJ6gZV
k6UanJlvtZ5PvtqHIriDGtkKaptPGIdV0DOrVm0E4VR0FYKRf97T3G+mvFha/uIn
SUXL949vT/CyPtYEFqBTrte2qYGEu63oDx8fdylU7ysUmOAizjt0LuXo1/yxemmz
5SfgroNrBjuFjQxN7Nhj9QVHB+UbpZ8Q+tSgFwK1DpAqDiqBGMH5gs7uH8GVJiqE
imwK1MGUj0ZTvg9xu/rxXTD/dJkuAp3v1Udcg0ofMWGoGMCjUYU4
-----END CERTIFICATE-----