Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214480.roa
File:                     AS214480.roa (raw, json)
Hash identifier:          sLAQXMeIsPJxWvdVUjzlJG6QiTfdLR+VMhcm/q1mVT4=
Subject key identifier:   FB:EC:4F:8F:AE:1F:EF:DF:B5:51:28:E3:45:5C:B4:FD:B5:F6:B9:D7
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       46D5F291A182460BCC0ABFF6F77FBB82988A6B77
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214480.roa
Signing time:             Fri 25 Jul 2025 08:07:38 +0000
ROA not before:           Fri 25 Jul 2025 08:02:38 +0000
ROA not after:            Fri 24 Jul 2026 08:07:38 +0000
asID:                     214480
IP address blocks:        2a0f:85c1:842::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 23:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:d5:f2:91:a1:82:46:0b:cc:0a:bf:f6:f7:7f:bb:82:98:8a:6b:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:38 2025 GMT
            Not After : Jul 24 08:07:38 2026 GMT
        Subject: CN=FBEC4F8FAE1FEFDFB55128E3455CB4FDB5F6B9D7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:66:c0:55:c0:55:70:e0:b3:e1:e1:59:4a:94:
                    5f:6f:83:97:ac:be:8f:af:41:ae:a2:ed:15:7c:05:
                    a6:b0:b8:bf:4a:a7:00:9e:10:4d:8a:95:d7:45:f8:
                    d9:90:0e:c0:5a:90:b3:6a:55:55:67:f6:aa:0e:f5:
                    c2:03:46:4a:e1:2a:df:81:ab:cb:48:2e:b5:bf:32:
                    ff:d7:ff:55:25:0d:74:a7:fe:f9:f3:a1:db:9e:ff:
                    71:a8:bf:6d:1d:10:92:9e:22:18:d3:a8:99:f3:c0:
                    02:8b:d3:96:73:a7:0c:5a:83:fe:56:02:f2:cc:ed:
                    87:f7:94:8a:68:84:bf:17:89:34:1e:4f:4a:76:8a:
                    08:d7:25:cd:52:1b:ff:9e:82:fc:6c:3a:40:58:21:
                    f3:d6:b4:2f:75:3c:36:84:e2:48:d0:0f:db:77:45:
                    47:cd:5e:fb:63:28:4e:6c:23:e9:27:cf:55:84:8d:
                    20:7e:e6:cd:1b:1b:ed:ef:e5:8b:a3:8b:d0:10:b1:
                    71:86:40:25:c2:6f:46:17:5f:22:71:91:cb:a2:0d:
                    75:06:a4:d9:42:3a:f8:83:7b:67:33:9f:95:7a:60:
                    40:09:c9:e7:6a:14:5d:33:21:46:19:0a:d4:4b:ed:
                    7f:02:22:61:35:07:66:1c:91:79:88:71:af:55:30:
                    3e:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:EC:4F:8F:AE:1F:EF:DF:B5:51:28:E3:45:5C:B4:FD:B5:F6:B9:D7
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214480.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:842::/48

    Signature Algorithm: sha256WithRSAEncryption
         d3:09:0a:6b:47:86:a3:93:41:ed:98:9c:7b:fe:9b:6f:78:b4:
         d7:12:48:10:c0:ed:cd:99:6e:36:07:ba:bc:b2:14:c0:90:5e:
         8b:61:4d:24:52:af:41:84:f1:5d:2d:87:3e:50:39:9b:77:79:
         0d:b4:0c:87:e2:6a:94:bb:d8:f5:62:60:14:a0:45:52:ab:97:
         28:82:5b:00:89:d9:58:dd:55:54:6c:63:57:e6:c5:89:a6:ae:
         d3:b9:90:10:ff:7d:64:27:92:04:3b:70:88:b8:55:40:e8:ed:
         b1:c5:bd:c5:3f:6b:29:6b:83:df:f4:a0:12:52:92:42:ee:83:
         39:3a:72:10:3f:75:27:fb:9f:4a:af:dc:a3:5e:3c:83:87:88:
         66:eb:7f:02:90:05:82:e1:8d:3e:78:41:b7:31:88:bf:05:90:
         c1:11:90:a5:b4:7e:17:f7:52:f6:5e:9a:11:f1:19:7f:40:64:
         51:28:67:5f:a5:1d:a4:af:96:0a:13:ee:bf:a2:fa:2f:c6:64:
         7c:a0:e1:7f:fa:23:40:bf:8d:6e:01:a6:1e:c5:61:a3:c5:64:
         34:df:d5:69:d1:4f:07:9d:89:1f:62:0c:b1:e0:c9:b5:05:46:
         bb:fe:de:a8:a9:87:eb:5b:3c:08:d1:3c:f6:a3:77:27:39:91:
         bf:c6:c5:56
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIURtXykaGCRgvMCr/293+7gpiKa3cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyMzhaFw0yNjA3MjQwODA3MzhaMDMxMTAvBgNV
BAMTKEZCRUM0RjhGQUUxRkVGREZCNTUxMjhFMzQ1NUNCNEZEQjVGNkI5RDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdZsBVwFVw4LPh4VlKlF9vg5es
vo+vQa6i7RV8BaawuL9KpwCeEE2KlddF+NmQDsBakLNqVVVn9qoO9cIDRkrhKt+B
q8tILrW/Mv/X/1UlDXSn/vnzodue/3Gov20dEJKeIhjTqJnzwAKL05Zzpwxag/5W
AvLM7Yf3lIpohL8XiTQeT0p2igjXJc1SG/+egvxsOkBYIfPWtC91PDaE4kjQD9t3
RUfNXvtjKE5sI+knz1WEjSB+5s0bG+3v5Yuji9AQsXGGQCXCb0YXXyJxkcuiDXUG
pNlCOviDe2czn5V6YEAJyedqFF0zIUYZCtRL7X8CImE1B2YckXmIca9VMD5zAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU++xPj64f79+1USjjRVy0/bX2udcwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NDgwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQhCMA0GCSqGSIb3DQEBCwUAA4IBAQDTCQprR4ajk0HtmJx7/ptveLTXEkgQwO3N
mW42B7q8shTAkF6LYU0kUq9BhPFdLYc+UDmbd3kNtAyH4mqUu9j1YmAUoEVSq5co
glsAidlY3VVUbGNX5sWJpq7TuZAQ/31kJ5IEO3CIuFVA6O2xxb3FP2spa4Pf9KAS
UpJC7oM5OnIQP3Un+59Kr9yjXjyDh4hm638CkAWC4Y0+eEG3MYi/BZDBEZCltH4X
91L2XpoR8Rl/QGRRKGdfpR2kr5YKE+6/ovovxmR8oOF/+iNAv41uAaYexWGjxWQ0
39Vp0U8HnYkfYgyx4Mm1BUa7/t6oqYfrWzwI0Tz2o3cnOZG/xsVW
-----END CERTIFICATE-----