Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214404.roa
File:                     AS214404.roa (raw, json)
Hash identifier:          7og/lvNYGeQ5suzXJAHSfAg7mXolNtO5U3MJNYTbxQ8=
Subject key identifier:   2F:7A:CE:7F:30:13:D6:46:C5:99:9A:FC:FB:E7:2C:DA:29:66:AA:77
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       60689544BF4865931F24C5BB6E446C914559610E
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214404.roa
Signing time:             Fri 25 Jul 2025 08:07:40 +0000
ROA not before:           Fri 25 Jul 2025 08:02:40 +0000
ROA not after:            Fri 24 Jul 2026 08:07:40 +0000
asID:                     214404
IP address blocks:        2a0f:85c1:84c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 08:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:68:95:44:bf:48:65:93:1f:24:c5:bb:6e:44:6c:91:45:59:61:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:40 2025 GMT
            Not After : Jul 24 08:07:40 2026 GMT
        Subject: CN=2F7ACE7F3013D646C5999AFCFBE72CDA2966AA77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ad:c7:e4:b0:66:b3:72:84:0b:ff:9d:5b:f7:
                    5c:68:13:b4:f9:35:34:4c:e3:21:6b:73:fe:66:b4:
                    21:f6:47:4f:7d:27:9b:84:22:6c:75:f7:f8:0c:80:
                    40:e4:bd:a3:e3:55:a2:d5:7e:d9:25:97:70:5d:e4:
                    bd:03:cd:0c:b7:94:67:4d:30:fd:34:a0:ab:95:b3:
                    18:e4:57:30:d8:2d:d5:67:ba:b2:27:2e:11:ac:4e:
                    82:09:dc:f3:61:43:d4:34:f0:3a:f1:af:2d:38:03:
                    fc:50:b3:bf:08:d5:cd:7d:82:f9:0a:a8:65:22:fa:
                    09:11:d6:75:32:5e:9e:19:33:5f:53:a1:c9:16:f1:
                    b6:dd:22:09:3f:3f:12:c1:6f:4a:2f:5f:a2:56:4e:
                    f8:7f:37:62:c7:30:9f:00:95:33:b4:36:2f:44:75:
                    e3:60:59:ae:e4:bd:16:e3:08:29:61:ac:ae:b0:d1:
                    6d:15:54:07:4f:66:2a:0a:de:21:6f:5f:9b:cb:8c:
                    79:f2:10:e6:06:8a:c3:ea:c2:b5:d2:82:8b:ed:27:
                    3f:bd:36:ba:b5:b0:8f:34:9c:7c:df:50:ff:74:c6:
                    74:7a:e2:f9:f3:01:23:cb:ab:6d:69:eb:65:79:d8:
                    59:cb:0b:13:47:c4:09:12:e7:63:a4:39:8c:f1:54:
                    9c:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:7A:CE:7F:30:13:D6:46:C5:99:9A:FC:FB:E7:2C:DA:29:66:AA:77
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214404.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:84c::/48

    Signature Algorithm: sha256WithRSAEncryption
         99:19:94:ec:d5:e3:04:a3:c6:70:a3:82:ad:14:5c:d9:84:38:
         67:2f:60:be:cf:89:ee:9d:c2:b1:e7:51:45:4b:42:88:36:9e:
         ba:32:77:88:28:b4:b7:fa:07:ea:52:81:89:d6:41:f5:7c:98:
         f8:ee:9e:73:d3:bb:b8:7e:df:c8:81:09:79:a8:ca:1a:31:27:
         7d:33:27:9c:1c:e5:16:94:f9:33:cd:0a:f7:78:1d:32:bb:b0:
         9e:40:71:07:77:8f:79:74:99:cd:46:6f:fc:6e:46:d1:8e:54:
         23:85:b8:8b:cd:62:08:a3:09:65:c2:8d:93:8a:54:75:81:81:
         87:ce:27:b5:a6:a9:6b:a9:1a:80:41:00:24:93:b5:94:41:5b:
         63:20:90:0a:68:17:c5:a1:60:d4:b8:a2:21:0c:ba:51:b5:c1:
         5d:16:b5:a8:d5:28:47:fa:4f:b2:6f:be:13:20:6c:a7:60:ba:
         06:5e:e0:a4:be:29:09:0c:2f:58:00:65:84:38:53:d4:76:be:
         47:31:64:76:ec:ec:a7:d4:53:47:5f:17:56:b0:d6:ae:e6:f8:
         db:cd:04:b0:42:7a:5e:f0:85:37:65:f0:d8:88:b1:a7:70:0c:
         af:cd:f2:7f:50:46:44:a3:97:62:fc:87:b6:7e:1a:77:1a:1d:
         30:52:63:52
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUYGiVRL9IZZMfJMW7bkRskUVZYQ4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyNDBaFw0yNjA3MjQwODA3NDBaMDMxMTAvBgNV
BAMTKDJGN0FDRTdGMzAxM0Q2NDZDNTk5OUFGQ0ZCRTcyQ0RBMjk2NkFBNzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDrcfksGazcoQL/51b91xoE7T5
NTRM4yFrc/5mtCH2R099J5uEImx19/gMgEDkvaPjVaLVftkll3Bd5L0DzQy3lGdN
MP00oKuVsxjkVzDYLdVnurInLhGsToIJ3PNhQ9Q08Drxry04A/xQs78I1c19gvkK
qGUi+gkR1nUyXp4ZM19TockW8bbdIgk/PxLBb0ovX6JWTvh/N2LHMJ8AlTO0Ni9E
deNgWa7kvRbjCClhrK6w0W0VVAdPZioK3iFvX5vLjHnyEOYGisPqwrXSgovtJz+9
Nrq1sI80nHzfUP90xnR64vnzASPLq21p62V52FnLCxNHxAkS52OkOYzxVJy7AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUL3rOfzAT1kbFmZr8++cs2ilmqncwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NDA0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQhMMA0GCSqGSIb3DQEBCwUAA4IBAQCZGZTs1eMEo8Zwo4KtFFzZhDhnL2C+z4nu
ncKx51FFS0KINp66MneIKLS3+gfqUoGJ1kH1fJj47p5z07u4ft/IgQl5qMoaMSd9
MyecHOUWlPkzzQr3eB0yu7CeQHEHd495dJnNRm/8bkbRjlQjhbiLzWIIowllwo2T
ilR1gYGHzie1pqlrqRqAQQAkk7WUQVtjIJAKaBfFoWDUuKIhDLpRtcFdFrWo1ShH
+k+yb74TIGynYLoGXuCkvikJDC9YAGWEOFPUdr5HMWR27Oyn1FNHXxdWsNau5vjb
zQSwQnpe8IU3ZfDYiLGncAyvzfJ/UEZEo5di/Ie2fhp3Gh0wUmNS
-----END CERTIFICATE-----