Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214565.roa
File:                     AS214565.roa (raw, json)
Hash identifier:          pkEn/oXEk6obBx3ob8M9dxCZ6c9vgusBW8HTU2vxixc=
Subject key identifier:   80:DB:39:D7:1C:A7:76:49:AE:A4:EE:BD:95:B5:43:2E:6D:09:8F:B6
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       630934AEB06DBF5793B42775C92C4E42DB3F93C4
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214565.roa
Signing time:             Fri 25 Jul 2025 08:07:41 +0000
ROA not before:           Fri 25 Jul 2025 08:02:41 +0000
ROA not after:            Fri 24 Jul 2026 08:07:41 +0000
asID:                     214565
IP address blocks:        2a0f:85c1:832::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 08:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:09:34:ae:b0:6d:bf:57:93:b4:27:75:c9:2c:4e:42:db:3f:93:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:41 2025 GMT
            Not After : Jul 24 08:07:41 2026 GMT
        Subject: CN=80DB39D71CA77649AEA4EEBD95B5432E6D098FB6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:cf:5e:28:4f:f2:37:45:13:1b:bd:78:61:20:
                    a1:73:db:d9:3c:d2:fd:27:b8:05:99:73:e8:7d:4e:
                    91:92:3d:d4:c7:8d:ee:1e:b0:d3:d4:67:c2:2e:69:
                    6d:15:b0:ff:ab:0c:e6:2e:a6:00:7d:59:8b:bd:bf:
                    41:8c:46:30:04:f8:ba:e8:ee:64:3b:10:8d:8e:da:
                    2b:84:20:4d:ee:f8:1e:ac:36:06:b4:2a:03:bf:2b:
                    0a:65:40:e9:96:72:94:86:94:59:b8:9f:1d:f4:2f:
                    c5:b1:a1:48:c5:d0:ee:63:94:66:82:d4:5a:ff:18:
                    6b:c3:3f:35:95:c7:ee:0d:4f:a1:6d:21:9d:57:98:
                    b8:a0:2d:e5:22:fb:8c:f8:a6:8a:02:59:83:60:d3:
                    cb:3c:9b:4a:57:dc:c4:6d:34:6b:ab:07:c5:ed:8c:
                    22:92:ee:42:be:69:13:22:91:1a:19:99:45:f6:5c:
                    06:62:4d:56:63:9b:39:cd:74:d6:13:4d:ae:52:5b:
                    61:ef:f6:61:2c:b1:43:0f:20:e9:d1:8c:0e:5e:21:
                    db:d5:e0:54:5b:70:c1:ce:45:11:97:fe:eb:ee:c4:
                    f0:61:70:80:ac:28:e4:a7:df:99:7e:21:58:49:93:
                    a1:21:71:00:4f:aa:a3:dc:78:af:65:ed:fd:cc:5d:
                    0d:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:DB:39:D7:1C:A7:76:49:AE:A4:EE:BD:95:B5:43:2E:6D:09:8F:B6
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214565.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:832::/48

    Signature Algorithm: sha256WithRSAEncryption
         ce:75:9c:9e:1f:93:dd:bd:97:9d:c4:f2:3d:63:1d:df:aa:c0:
         3b:22:e5:f3:e7:bd:fa:fd:07:a7:b4:3e:b5:a5:39:e3:39:db:
         64:39:b1:7e:d0:b6:86:ab:95:09:ed:77:63:97:ee:1b:d1:09:
         72:46:9e:93:47:aa:39:db:79:47:dc:84:3d:9e:61:f4:a6:94:
         7e:ca:7b:4c:25:2a:36:5d:dd:ad:c8:55:13:70:9a:0d:07:b9:
         74:99:b7:03:8f:79:6f:ca:3c:e8:76:d4:d0:e3:aa:7f:00:0c:
         06:61:3a:0f:2c:08:6e:5d:c6:2c:ff:35:20:28:33:34:54:66:
         ba:ca:d4:40:75:40:8c:ec:05:49:aa:02:6c:38:1b:48:d9:94:
         65:9c:0e:c9:89:66:dc:cb:87:37:da:db:ca:88:ac:37:4f:89:
         d9:6a:75:ce:6d:9d:83:06:ae:02:f6:63:12:1f:74:30:16:d5:
         b1:5c:86:5e:5d:91:f1:13:d3:a3:ed:de:ed:2a:0f:18:65:f9:
         bc:ec:84:88:c3:d7:3d:be:3d:e8:2a:7b:60:8a:6a:88:58:04:
         cd:5a:b2:b8:4d:92:b3:68:28:70:e7:ed:fe:e3:f8:62:69:70:
         a6:32:4a:13:14:82:18:d2:20:38:1b:97:33:32:9c:35:4f:00:
         25:44:b5:24
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUYwk0rrBtv1eTtCd1ySxOQts/k8QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyNDFaFw0yNjA3MjQwODA3NDFaMDMxMTAvBgNV
BAMTKDgwREIzOUQ3MUNBNzc2NDlBRUE0RUVCRDk1QjU0MzJFNkQwOThGQjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDz14oT/I3RRMbvXhhIKFz29k8
0v0nuAWZc+h9TpGSPdTHje4esNPUZ8IuaW0VsP+rDOYupgB9WYu9v0GMRjAE+Lro
7mQ7EI2O2iuEIE3u+B6sNga0KgO/KwplQOmWcpSGlFm4nx30L8WxoUjF0O5jlGaC
1Fr/GGvDPzWVx+4NT6FtIZ1XmLigLeUi+4z4pooCWYNg08s8m0pX3MRtNGurB8Xt
jCKS7kK+aRMikRoZmUX2XAZiTVZjmznNdNYTTa5SW2Hv9mEssUMPIOnRjA5eIdvV
4FRbcMHORRGX/uvuxPBhcICsKOSn35l+IVhJk6EhcQBPqqPceK9l7f3MXQ0bAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUgNs51xyndkmupO69lbVDLm0Jj7YwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NTY1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQgyMA0GCSqGSIb3DQEBCwUAA4IBAQDOdZyeH5PdvZedxPI9Yx3fqsA7IuXz5736
/QentD61pTnjOdtkObF+0LaGq5UJ7Xdjl+4b0QlyRp6TR6o523lH3IQ9nmH0ppR+
yntMJSo2Xd2tyFUTcJoNB7l0mbcDj3lvyjzodtTQ46p/AAwGYToPLAhuXcYs/zUg
KDM0VGa6ytRAdUCM7AVJqgJsOBtI2ZRlnA7JiWbcy4c32tvKiKw3T4nZanXObZ2D
Bq4C9mMSH3QwFtWxXIZeXZHxE9Oj7d7tKg8YZfm87ISIw9c9vj3oKntgimqIWATN
WrK4TZKzaChw5+3+4/hiaXCmMkoTFIIY0iA4G5czMpw1TwAlRLUk
-----END CERTIFICATE-----