Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214522.roa
File:                     AS214522.roa (raw, json)
Hash identifier:          SF12HePRV2I0njLKq6S30mq3/ToEmRzzc1ZqBOya3lg=
Subject key identifier:   DA:A8:54:1E:C6:CA:74:0B:41:3A:44:5F:75:E9:0B:E9:E3:3C:6A:0B
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       5A3E41078A992F071FC6A26FA956466310550098
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214522.roa
Signing time:             Fri 25 Jul 2025 08:07:43 +0000
ROA not before:           Fri 25 Jul 2025 08:02:43 +0000
ROA not after:            Fri 24 Jul 2026 08:07:43 +0000
asID:                     214522
IP address blocks:        2a0f:85c1:3f4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 16:13:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:3e:41:07:8a:99:2f:07:1f:c6:a2:6f:a9:56:46:63:10:55:00:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:43 2025 GMT
            Not After : Jul 24 08:07:43 2026 GMT
        Subject: CN=DAA8541EC6CA740B413A445F75E90BE9E33C6A0B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:11:56:f2:67:e9:fe:20:7b:33:f2:73:aa:49:
                    a5:be:66:9a:ec:81:6a:a2:b5:43:c9:92:76:f1:49:
                    a5:3f:92:14:f6:06:8a:21:c6:7c:bc:f6:63:4d:d0:
                    7c:b9:36:2d:34:e8:a1:d5:95:8f:8b:aa:cf:b7:d8:
                    39:37:89:7b:ff:c8:3b:58:a7:31:00:52:ea:e8:84:
                    04:53:2d:de:28:63:85:6a:2d:f1:05:f0:55:bf:08:
                    ff:dc:78:82:d1:e0:e1:0a:45:db:3d:4d:c6:fb:5e:
                    73:ea:36:f6:26:ae:16:f2:58:a8:37:b3:c4:36:5f:
                    6b:14:88:09:68:ee:67:17:73:ea:08:0c:36:e7:41:
                    6b:e9:e6:03:90:08:64:63:d3:bc:b5:e7:3f:d0:eb:
                    86:99:a6:4f:b5:6f:b6:73:6a:b1:f6:3b:5c:49:02:
                    eb:98:ba:39:2a:a3:dd:ba:90:6f:bb:73:d0:c0:1e:
                    e5:a0:43:f3:15:4b:0a:c0:d6:2c:e8:60:a3:cc:12:
                    5b:d6:06:a0:f9:40:1e:49:14:1d:a9:96:a6:29:8c:
                    e7:be:f0:c2:cd:bd:88:89:47:e5:56:d4:c4:7a:9e:
                    0f:8b:75:e1:89:d1:06:ad:6d:0b:0b:f5:ae:a7:67:
                    3c:5e:f3:1f:4b:52:5c:3b:4f:4a:71:94:19:5e:33:
                    3e:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:A8:54:1E:C6:CA:74:0B:41:3A:44:5F:75:E9:0B:E9:E3:3C:6A:0B
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214522.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3f4::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:c4:a8:c0:94:c7:c0:1c:00:70:b2:51:e0:cd:b2:52:ed:6d:
         2d:4f:96:8a:d1:69:b3:2c:ac:15:95:88:87:26:fb:7f:61:86:
         62:dd:4e:51:22:09:84:df:31:6a:26:ed:e7:e3:4b:51:93:62:
         b5:20:f5:4e:5b:6b:11:af:48:77:c4:4c:69:e3:91:c0:3d:a4:
         64:fd:b9:cb:2a:66:ec:38:d5:9c:dd:7a:80:f3:50:1c:d0:ef:
         54:7d:ba:13:47:32:52:7f:5b:90:0d:08:c7:de:e9:7b:ce:d9:
         d8:13:80:db:c1:aa:fb:37:48:c4:13:44:ec:50:ff:f1:25:82:
         7c:43:c5:29:ad:9f:70:4f:d9:0c:7a:55:cb:79:5a:f9:53:f3:
         60:c1:d6:30:e6:4e:f0:40:db:6e:56:fa:3f:06:a6:d7:b2:6f:
         b7:56:1e:ad:7f:9e:d7:55:a4:a6:7f:76:c1:24:b3:bc:f6:4f:
         03:b3:0a:c4:ff:d9:bf:fb:4f:3c:12:89:29:56:08:be:d4:cf:
         de:b0:c3:f9:65:e2:41:4a:ae:4c:e1:09:a1:8c:15:bf:8b:2e:
         63:33:6e:6f:44:62:15:59:22:4c:14:20:2f:b3:b2:24:11:49:
         06:1a:20:c3:76:12:90:9a:76:4d:36:d0:d3:97:bd:4b:e9:4c:
         79:af:c6:c1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUWj5BB4qZLwcfxqJvqVZGYxBVAJgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyNDNaFw0yNjA3MjQwODA3NDNaMDMxMTAvBgNV
BAMTKERBQTg1NDFFQzZDQTc0MEI0MTNBNDQ1Rjc1RTkwQkU5RTMzQzZBMEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuEVbyZ+n+IHsz8nOqSaW+Zprs
gWqitUPJknbxSaU/khT2Boohxny89mNN0Hy5Ni006KHVlY+Lqs+32Dk3iXv/yDtY
pzEAUurohARTLd4oY4VqLfEF8FW/CP/ceILR4OEKRds9Tcb7XnPqNvYmrhbyWKg3
s8Q2X2sUiAlo7mcXc+oIDDbnQWvp5gOQCGRj07y15z/Q64aZpk+1b7ZzarH2O1xJ
AuuYujkqo926kG+7c9DAHuWgQ/MVSwrA1izoYKPMElvWBqD5QB5JFB2plqYpjOe+
8MLNvYiJR+VW1MR6ng+LdeGJ0QatbQsL9a6nZzxe8x9LUlw7T0pxlBleMz75AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU2qhUHsbKdAtBOkRfdekL6eM8agswHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NTIyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQP0MA0GCSqGSIb3DQEBCwUAA4IBAQBQxKjAlMfAHABwslHgzbJS7W0tT5aK0Wmz
LKwVlYiHJvt/YYZi3U5RIgmE3zFqJu3n40tRk2K1IPVOW2sRr0h3xExp45HAPaRk
/bnLKmbsONWc3XqA81Ac0O9UfboTRzJSf1uQDQjH3ul7ztnYE4Dbwar7N0jEE0Ts
UP/xJYJ8Q8UprZ9wT9kMelXLeVr5U/NgwdYw5k7wQNtuVvo/BqbXsm+3Vh6tf57X
VaSmf3bBJLO89k8DswrE/9m/+088EokpVgi+1M/esMP5ZeJBSq5M4QmhjBW/iy5j
M25vRGIVWSJMFCAvs7IkEUkGGiDDdhKQmnZNNtDTl71L6Ux5r8bB
-----END CERTIFICATE-----
Generated at Thu Aug 7 20:13:10 2025 by rpki-client