Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214420.roa
File:                     AS214420.roa (raw, json)
Hash identifier:          5kkUYN3v5lzce/M99WEzm8ERF5exhTtMaYai9ruWzP8=
Subject key identifier:   AA:A7:D1:12:3F:65:FF:36:0B:0A:34:EE:AF:20:A4:B4:C7:B0:11:39
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       38A2B07DCB24C9F74393FF10E61390DA47F9DE77
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214420.roa
Signing time:             Thu 07 Aug 2025 10:15:24 +0000
ROA not before:           Thu 07 Aug 2025 10:10:24 +0000
ROA not after:            Thu 06 Aug 2026 10:15:24 +0000
asID:                     214420
IP address blocks:        2a0f:85c1:ccd::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 12 Aug 2025 02:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:a2:b0:7d:cb:24:c9:f7:43:93:ff:10:e6:13:90:da:47:f9:de:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug  7 10:10:24 2025 GMT
            Not After : Aug  6 10:15:24 2026 GMT
        Subject: CN=AAA7D1123F65FF360B0A34EEAF20A4B4C7B01139
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:9f:7e:ff:ac:e8:18:6a:5d:f9:ba:2a:bf:fc:
                    15:38:98:21:79:3e:b7:e5:6e:b9:ae:34:35:2b:62:
                    45:cd:a0:8c:b3:5c:c7:8d:75:cc:1c:1b:01:4f:75:
                    a4:7f:a3:57:f0:81:37:7a:f3:99:74:af:1f:e9:1f:
                    8b:4a:58:1d:6e:6f:3a:a7:b8:a5:0d:ce:68:07:ba:
                    cd:49:0d:a1:21:d3:0d:7d:81:05:c5:5d:79:85:7f:
                    66:ed:05:f3:fc:52:fa:d1:4f:d7:54:6c:95:8e:6b:
                    3f:70:45:dc:a9:41:2c:e0:f5:43:1f:d7:2e:61:84:
                    56:34:e7:b7:c7:61:1b:24:0e:43:60:77:90:36:e3:
                    9f:f6:3e:77:cd:60:7c:3a:80:d1:f2:81:4b:3c:6b:
                    f8:8c:1d:df:fd:05:cf:d2:cb:94:30:24:bc:cb:67:
                    a7:55:c2:e5:d3:a7:e2:35:b7:07:04:72:55:86:b2:
                    7e:75:75:0a:dd:6b:5d:44:83:99:28:36:6c:8b:96:
                    77:fa:fe:b9:cb:9a:09:fd:61:80:2b:bd:1d:41:b2:
                    3c:1e:ad:30:ec:ca:2d:05:09:c9:8e:10:a4:0d:f7:
                    4a:c7:c3:82:bb:f4:69:fa:88:c7:15:93:00:f6:18:
                    1c:c2:22:59:d3:8c:ae:ff:89:78:9f:b9:91:5b:5a:
                    a4:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:A7:D1:12:3F:65:FF:36:0B:0A:34:EE:AF:20:A4:B4:C7:B0:11:39
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214420.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:ccd::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:ad:df:99:2d:b9:94:79:34:07:d1:44:60:33:9a:5f:bc:b5:
         9b:8b:87:3d:ca:4e:94:a3:e6:ae:e1:66:a9:17:6b:e6:eb:81:
         08:de:d0:d7:78:6b:8c:47:57:55:66:71:1e:e7:a5:3a:7c:c0:
         c9:0d:e8:90:3d:e0:3c:ea:40:52:7a:28:5d:68:6b:29:84:9d:
         a6:cd:19:a1:1b:9f:f3:3b:cb:d2:4d:ac:1e:e4:68:a8:34:63:
         db:39:8a:ea:60:31:18:b5:06:af:68:07:2f:bf:21:b3:1c:8b:
         72:04:f5:a0:3f:c6:a7:fc:d7:4e:f1:d8:fe:83:7d:18:53:f1:
         59:f8:61:fd:b7:21:e2:8e:3a:9b:56:97:81:6c:95:85:17:ee:
         aa:d7:b7:0a:73:d6:55:68:94:65:f0:89:24:8e:3c:a2:4a:44:
         96:21:07:74:74:2c:84:7b:65:b5:f9:57:7b:b9:6e:9c:55:f2:
         e8:56:43:bc:f6:ae:7f:8e:4b:c9:c5:89:17:41:1a:a8:74:3e:
         b7:e6:cd:7c:c8:91:05:ef:a9:f0:de:22:af:82:94:49:7c:e9:
         76:ed:fe:d5:e6:99:83:56:63:82:e5:c1:67:49:ae:61:9a:d1:
         8e:a6:0f:bc:62:49:e3:2f:ac:4b:46:f9:44:37:8e:f6:b2:bb:
         5a:e7:7a:4a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUOKKwfcskyfdDk/8Q5hOQ2kf53ncwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA4MDcxMDEwMjRaFw0yNjA4MDYxMDE1MjRaMDMxMTAvBgNV
BAMTKEFBQTdEMTEyM0Y2NUZGMzYwQjBBMzRFRUFGMjBBNEI0QzdCMDExMzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDln37/rOgYal35uiq//BU4mCF5
PrflbrmuNDUrYkXNoIyzXMeNdcwcGwFPdaR/o1fwgTd685l0rx/pH4tKWB1ubzqn
uKUNzmgHus1JDaEh0w19gQXFXXmFf2btBfP8UvrRT9dUbJWOaz9wRdypQSzg9UMf
1y5hhFY057fHYRskDkNgd5A245/2PnfNYHw6gNHygUs8a/iMHd/9Bc/Sy5QwJLzL
Z6dVwuXTp+I1twcEclWGsn51dQrda11Eg5koNmyLlnf6/rnLmgn9YYArvR1Bsjwe
rTDsyi0FCcmOEKQN90rHw4K79Gn6iMcVkwD2GBzCIlnTjK7/iXifuZFbWqTvAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUqqfREj9l/zYLCjTuryCktMewETkwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NDIwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQzNMA0GCSqGSIb3DQEBCwUAA4IBAQAGrd+ZLbmUeTQH0URgM5pfvLWbi4c9yk6U
o+au4WapF2vm64EI3tDXeGuMR1dVZnEe56U6fMDJDeiQPeA86kBSeihdaGsphJ2m
zRmhG5/zO8vSTawe5GioNGPbOYrqYDEYtQavaAcvvyGzHItyBPWgP8an/NdO8dj+
g30YU/FZ+GH9tyHijjqbVpeBbJWFF+6q17cKc9ZVaJRl8IkkjjyiSkSWIQd0dCyE
e2W1+Vd7uW6cVfLoVkO89q5/jkvJxYkXQRqodD635s18yJEF76nw3iKvgpRJfOl2
7f7V5pmDVmOC5cFnSa5hmtGOpg+8YknjL6xLRvlEN472srta53pK
-----END CERTIFICATE-----