Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214451.roa
File:                     AS214451.roa (raw, json)
Hash identifier:          egT7EC32x8mS+jPH5ymLN7lQRaew0OR7Jv0Lo2jrdPM=
Subject key identifier:   1B:CB:21:ED:51:A3:56:C6:72:93:D8:83:8B:AF:BB:94:CF:F6:EE:0A
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       57F6E4005AD68F9956711DF8EC42CA5F5CDB1F7D
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214451.roa
Signing time:             Fri 25 Jul 2025 08:07:41 +0000
ROA not before:           Fri 25 Jul 2025 08:02:41 +0000
ROA not after:            Fri 24 Jul 2026 08:07:41 +0000
asID:                     214451
IP address blocks:        2a0f:85c1:846::/48 maxlen: 48
                          2a0f:85c1:870::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 08:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:f6:e4:00:5a:d6:8f:99:56:71:1d:f8:ec:42:ca:5f:5c:db:1f:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:41 2025 GMT
            Not After : Jul 24 08:07:41 2026 GMT
        Subject: CN=1BCB21ED51A356C67293D8838BAFBB94CFF6EE0A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:97:9e:18:72:09:6d:98:1e:7f:43:7f:c7:d9:
                    f7:78:5c:21:d5:6f:5c:a0:9c:b5:56:d4:c6:41:5d:
                    d3:28:4d:79:96:57:fd:8a:70:65:12:0f:fd:7e:17:
                    ad:39:04:b5:42:1b:a6:09:db:42:9f:24:bc:5b:5f:
                    3b:eb:cf:95:08:f8:05:0b:08:51:a3:5a:aa:2b:da:
                    96:6f:84:4a:8f:3e:74:e5:26:fb:84:66:d2:2b:8c:
                    7e:d4:fa:be:25:cd:35:34:5b:78:60:a9:72:f9:e3:
                    e3:1d:b1:f3:c9:a5:cc:26:fc:e5:af:b4:fe:f8:8d:
                    6d:fe:3f:f9:fd:f2:18:e2:9d:cb:f0:f6:b9:03:a9:
                    c8:9e:0c:ce:42:cc:5c:e6:1e:2d:26:4c:ee:58:9e:
                    a1:32:a0:fe:4f:ee:3f:3c:ab:9f:39:31:04:c2:65:
                    b2:83:da:06:97:5c:f0:35:96:e3:74:92:72:e3:ac:
                    55:48:0f:e7:de:cd:52:7d:2f:ea:10:5e:87:6b:01:
                    64:c0:a7:ba:be:9e:00:83:6f:23:b4:8e:89:ec:cb:
                    2c:89:67:5f:47:55:a6:78:ac:fb:95:90:63:ae:89:
                    8f:18:12:e6:7e:b3:81:6a:d3:99:9b:86:11:06:41:
                    05:3f:a4:5c:6f:d7:6b:c9:ad:48:51:21:5e:7f:1e:
                    49:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:CB:21:ED:51:A3:56:C6:72:93:D8:83:8B:AF:BB:94:CF:F6:EE:0A
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214451.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:846::/48
                  2a0f:85c1:870::/44

    Signature Algorithm: sha256WithRSAEncryption
         b4:b8:b6:c9:4d:19:b9:d0:dc:0c:18:16:c2:46:af:fc:72:47:
         d9:d6:05:20:3d:08:42:0c:59:95:f8:3f:32:09:c0:40:f0:f5:
         61:f3:c4:31:9c:cc:f0:77:04:7a:4d:0d:e4:df:7f:04:59:27:
         15:53:12:e9:24:f7:f3:4f:4a:a4:81:dd:6b:c8:b3:dc:5a:b8:
         0f:27:a4:3d:fc:c8:a7:04:c0:2a:67:99:02:bd:7e:de:da:e0:
         b7:8e:ef:f4:00:30:19:d4:bb:f8:39:ce:70:f4:22:7b:c6:9b:
         03:e3:c1:4a:f2:0f:d6:4d:1b:b9:e8:24:78:dc:df:01:2f:3c:
         7c:1d:4d:65:4e:45:62:c5:e2:2b:e9:e0:26:a1:0b:2a:7f:b0:
         69:0d:fc:93:41:bd:22:7e:e0:ff:34:ba:aa:ff:5c:34:51:fb:
         d8:3e:1d:b4:80:3c:5f:60:69:04:4b:12:31:5f:d8:64:f8:03:
         25:20:64:5f:a9:13:9f:54:52:76:b0:f5:f5:59:0b:fa:21:43:
         68:9d:83:08:d7:23:7c:aa:84:98:f8:3f:52:a3:fc:c5:a9:9c:
         b5:70:d1:57:d3:2a:f6:bf:bc:93:88:d4:86:53:42:4b:2a:0c:
         17:00:90:0e:df:5a:f2:fa:10:1a:ff:ef:45:1d:90:dc:08:9a:
         0c:55:0a:d1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUV/bkAFrWj5lWcR347ELKX1zbH30wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyNDFaFw0yNjA3MjQwODA3NDFaMDMxMTAvBgNV
BAMTKDFCQ0IyMUVENTFBMzU2QzY3MjkzRDg4MzhCQUZCQjk0Q0ZGNkVFMEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGl54YcgltmB5/Q3/H2fd4XCHV
b1ygnLVW1MZBXdMoTXmWV/2KcGUSD/1+F605BLVCG6YJ20KfJLxbXzvrz5UI+AUL
CFGjWqor2pZvhEqPPnTlJvuEZtIrjH7U+r4lzTU0W3hgqXL54+MdsfPJpcwm/OWv
tP74jW3+P/n98hjincvw9rkDqcieDM5CzFzmHi0mTO5YnqEyoP5P7j88q585MQTC
ZbKD2gaXXPA1luN0knLjrFVID+fezVJ9L+oQXodrAWTAp7q+ngCDbyO0jonsyyyJ
Z19HVaZ4rPuVkGOuiY8YEuZ+s4Fq05mbhhEGQQU/pFxv12vJrUhRIV5/Hkn5AgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUG8sh7VGjVsZyk9iDi6+7lM/27gowHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NDUxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg+F
wQhGAwcEKg+FwQhwMA0GCSqGSIb3DQEBCwUAA4IBAQC0uLbJTRm50NwMGBbCRq/8
ckfZ1gUgPQhCDFmV+D8yCcBA8PVh88QxnMzwdwR6TQ3k338EWScVUxLpJPfzT0qk
gd1ryLPcWrgPJ6Q9/MinBMAqZ5kCvX7e2uC3ju/0ADAZ1Lv4Oc5w9CJ7xpsD48FK
8g/WTRu56CR43N8BLzx8HU1lTkVixeIr6eAmoQsqf7BpDfyTQb0ifuD/NLqq/1w0
UfvYPh20gDxfYGkESxIxX9hk+AMlIGRfqROfVFJ2sPX1WQv6IUNonYMI1yN8qoSY
+D9So/zFqZy1cNFX0yr2v7yTiNSGU0JLKgwXAJAO31ry+hAa/+9FHZDcCJoMVQrR
-----END CERTIFICATE-----