Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214486.roa
File:                     AS214486.roa (raw, json)
Hash identifier:          YEIzGPeTOLLu/lxxfga0NIREh32FOHzKMS0ekoj85mA=
Subject key identifier:   2E:DF:48:0E:EE:ED:56:F5:0F:5C:36:DC:66:B0:82:26:2E:08:91:A1
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       4B56E7750123CDF44D2A9B8A22E83EC132156049
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214486.roa
Signing time:             Fri 25 Jul 2025 08:07:38 +0000
ROA not before:           Fri 25 Jul 2025 08:02:38 +0000
ROA not after:            Fri 24 Jul 2026 08:07:38 +0000
asID:                     214486
IP address blocks:        2a0f:85c1:83d::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 08:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:56:e7:75:01:23:cd:f4:4d:2a:9b:8a:22:e8:3e:c1:32:15:60:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:38 2025 GMT
            Not After : Jul 24 08:07:38 2026 GMT
        Subject: CN=2EDF480EEEED56F50F5C36DC66B082262E0891A1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:cd:76:32:6b:2d:df:06:50:7a:a4:15:0d:e1:
                    30:1c:28:e9:f4:c3:75:8f:d7:5f:63:ee:16:55:d2:
                    1e:5b:58:fb:49:1a:0f:89:0e:b3:10:b4:b3:2a:cf:
                    27:99:4a:0f:9c:40:6a:42:7f:4e:ac:02:d1:61:92:
                    b1:62:d5:17:39:ff:b6:da:75:04:1b:6e:e2:5a:2b:
                    c4:39:a3:b5:b2:0a:6f:e9:bf:3a:92:c8:ce:ad:5b:
                    fd:9a:e0:a9:4f:5f:30:54:f8:5e:e0:64:60:74:5d:
                    2a:e1:89:02:2e:32:35:d0:34:f4:42:b3:ee:30:5b:
                    3b:db:98:31:16:8a:e7:2c:31:fe:cf:e8:bf:e0:a4:
                    b1:56:8f:0b:47:ab:b7:2d:3e:d4:fa:87:11:53:3f:
                    46:15:66:ee:13:a5:e0:ce:61:b0:4d:04:3c:5e:80:
                    8f:40:f7:e9:95:60:2a:34:86:10:48:2e:1d:e3:83:
                    4d:03:3d:99:90:ec:b9:99:7a:3d:1b:2d:a3:21:03:
                    86:f9:51:e5:55:02:28:af:3b:ae:ed:de:64:e4:5b:
                    b5:6e:02:e6:e7:fd:70:23:8e:38:3a:67:69:e4:89:
                    bb:d5:25:92:f8:11:f4:7b:ee:bc:ed:31:3c:80:91:
                    e0:b3:55:03:58:3a:a9:82:dc:0a:90:49:01:eb:57:
                    80:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:DF:48:0E:EE:ED:56:F5:0F:5C:36:DC:66:B0:82:26:2E:08:91:A1
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214486.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:83d::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:52:a7:b7:f2:37:b3:d2:a0:a8:3b:39:fc:de:9a:38:bc:4b:
         49:b9:83:ce:07:89:ed:a7:cb:a4:12:ef:ac:84:f8:d8:a0:ea:
         57:cd:0a:7a:54:88:40:35:4b:98:00:23:88:df:4c:43:df:34:
         b2:fb:14:5f:4c:8c:6d:4c:d9:03:48:41:17:4d:4e:0c:5e:2e:
         7c:29:23:e3:4a:a5:a3:71:f1:b4:3c:60:c4:70:c6:c5:f7:c5:
         49:4c:43:34:93:98:7a:71:27:c5:04:81:e0:ba:56:56:ba:9e:
         9e:a7:eb:5a:39:4b:67:90:1f:05:e9:76:27:ae:7b:2e:3c:9b:
         de:0c:57:00:e6:96:4b:62:3d:0f:a7:b6:d5:ee:cf:0f:cb:c1:
         3d:46:55:78:e6:92:6c:36:f4:d0:af:7c:c4:22:67:c5:f0:94:
         c4:fc:3b:c3:47:00:fa:f5:d4:b0:06:76:3d:a4:81:10:c3:a3:
         f1:3a:c3:6b:87:78:63:f9:d2:7a:35:01:85:80:4c:18:50:04:
         23:6e:f8:8e:01:01:57:95:46:e5:51:f9:af:48:c6:f2:7a:fd:
         15:cf:60:34:4d:28:38:8f:5a:3c:8a:a8:f4:30:8d:ea:6d:b5:
         d4:9d:55:af:39:fa:18:7d:99:9e:58:02:9e:9b:ee:d3:0a:11:
         c5:f7:ec:cf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUS1bndQEjzfRNKpuKIug+wTIVYEkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyMzhaFw0yNjA3MjQwODA3MzhaMDMxMTAvBgNV
BAMTKDJFREY0ODBFRUVFRDU2RjUwRjVDMzZEQzY2QjA4MjI2MkUwODkxQTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkzXYyay3fBlB6pBUN4TAcKOn0
w3WP119j7hZV0h5bWPtJGg+JDrMQtLMqzyeZSg+cQGpCf06sAtFhkrFi1Rc5/7ba
dQQbbuJaK8Q5o7WyCm/pvzqSyM6tW/2a4KlPXzBU+F7gZGB0XSrhiQIuMjXQNPRC
s+4wWzvbmDEWiucsMf7P6L/gpLFWjwtHq7ctPtT6hxFTP0YVZu4TpeDOYbBNBDxe
gI9A9+mVYCo0hhBILh3jg00DPZmQ7LmZej0bLaMhA4b5UeVVAiivO67t3mTkW7Vu
Aubn/XAjjjg6Z2nkibvVJZL4EfR77rztMTyAkeCzVQNYOqmC3AqQSQHrV4DFAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQULt9IDu7tVvUPXDbcZrCCJi4IkaEwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NDg2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQg9MA0GCSqGSIb3DQEBCwUAA4IBAQB6Uqe38jez0qCoOzn83po4vEtJuYPOB4nt
p8ukEu+shPjYoOpXzQp6VIhANUuYACOI30xD3zSy+xRfTIxtTNkDSEEXTU4MXi58
KSPjSqWjcfG0PGDEcMbF98VJTEM0k5h6cSfFBIHgulZWup6ep+taOUtnkB8F6XYn
rnsuPJveDFcA5pZLYj0Pp7bV7s8Py8E9RlV45pJsNvTQr3zEImfF8JTE/DvDRwD6
9dSwBnY9pIEQw6PxOsNrh3hj+dJ6NQGFgEwYUAQjbviOAQFXlUblUfmvSMbyev0V
z2A0TSg4j1o8iqj0MI3qbbXUnVWvOfoYfZmeWAKem+7TChHF9+zP
-----END CERTIFICATE-----