Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214634.roa
File:                     AS214634.roa (raw, json)
Hash identifier:          sTGloc50C6tE55AOnbwRep5uLx20nm6opK/Fw/ba0Yw=
Subject key identifier:   7A:C3:66:C5:26:62:E2:5B:31:2F:26:C7:DF:B7:FE:11:2C:B7:ED:CD
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       4845B708C761C9A85F873D8094F67A6479D3FBBA
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214634.roa
Signing time:             Fri 25 Jul 2025 08:07:38 +0000
ROA not before:           Fri 25 Jul 2025 08:02:38 +0000
ROA not after:            Fri 24 Jul 2026 08:07:38 +0000
asID:                     214634
IP address blocks:        2a0f:85c1:825::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 08:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:45:b7:08:c7:61:c9:a8:5f:87:3d:80:94:f6:7a:64:79:d3:fb:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:38 2025 GMT
            Not After : Jul 24 08:07:38 2026 GMT
        Subject: CN=7AC366C52662E25B312F26C7DFB7FE112CB7EDCD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:00:1e:94:f7:14:c4:23:b2:59:60:a2:b1:18:
                    c9:41:a7:4b:dc:1d:5b:91:fb:23:85:33:ef:82:46:
                    e4:84:f8:1c:96:4e:a1:1c:ce:88:5c:d3:50:ab:4b:
                    8c:3f:12:a6:f6:5a:05:08:6f:f4:6f:3b:6f:0e:42:
                    1d:1f:b0:1c:7f:f6:c7:90:ea:05:c1:82:7e:14:66:
                    19:03:d1:ec:88:d0:ab:16:8a:1f:b2:56:56:65:d9:
                    8d:0d:4f:02:73:06:ec:54:5f:90:d2:ae:b0:67:4c:
                    98:91:4f:53:78:21:9a:7c:48:be:45:79:8b:5b:d2:
                    ab:80:d4:c7:a4:ea:c1:94:ca:8f:fa:0b:ca:fa:59:
                    d6:6d:81:c4:97:a2:11:49:e3:f0:41:f3:4c:9b:64:
                    ad:f6:d2:94:b6:3a:28:2c:4d:3f:b7:70:0a:10:ca:
                    9a:b1:f4:7b:88:d3:ef:41:51:1d:de:75:2e:03:19:
                    6d:7e:42:e0:15:db:22:36:32:12:3e:39:e6:57:37:
                    ea:9a:66:c3:95:37:d9:91:95:60:24:44:25:c0:79:
                    41:91:91:6f:7e:c9:75:d2:6f:f1:20:5b:c1:25:2b:
                    59:3a:6c:92:86:0a:91:29:51:56:4e:f9:3b:56:79:
                    a8:ab:32:79:d4:46:2b:48:0d:78:e7:7b:83:53:8a:
                    3e:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:C3:66:C5:26:62:E2:5B:31:2F:26:C7:DF:B7:FE:11:2C:B7:ED:CD
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214634.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:825::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:22:c3:67:7d:e8:61:13:97:05:25:0b:da:81:a6:8e:ff:83:
         85:24:e9:ee:82:1b:08:82:6b:32:50:b2:51:8c:e6:88:26:36:
         43:86:0d:d5:96:49:82:97:0f:19:4a:07:13:d5:63:10:93:ad:
         98:60:36:bc:61:c2:58:91:e8:f8:54:dc:0e:ea:a9:49:5b:21:
         55:98:9d:a0:6c:59:a1:f8:c4:14:b2:0f:3f:00:c8:60:01:b8:
         db:db:da:de:61:9e:ae:65:b8:3e:3b:95:c4:01:81:e8:87:e8:
         93:fb:c9:03:ab:34:2d:72:48:d2:cf:4f:48:eb:d7:96:53:37:
         44:85:cf:12:df:41:92:94:db:16:c5:d6:df:95:96:a6:3d:26:
         89:02:18:a2:ea:bc:21:ee:43:14:13:65:23:0a:5f:47:55:74:
         92:9e:ff:41:d2:b5:52:7d:f6:08:18:36:b3:8a:6f:38:b1:0e:
         a5:15:b8:ce:12:3e:d3:56:bb:ce:f9:8f:29:91:b5:ca:83:07:
         13:bc:2a:9a:19:a2:1d:f2:54:b5:bc:45:ab:3f:c0:b6:dc:d1:
         cb:9e:52:21:ea:c8:69:f5:6c:90:40:2a:4c:29:b3:d0:7d:63:
         c4:60:9c:04:58:99:f3:2c:ea:f3:26:42:d1:97:b6:0d:92:30:
         d1:4e:65:d7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUSEW3CMdhyahfhz2AlPZ6ZHnT+7owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyMzhaFw0yNjA3MjQwODA3MzhaMDMxMTAvBgNV
BAMTKDdBQzM2NkM1MjY2MkUyNUIzMTJGMjZDN0RGQjdGRTExMkNCN0VEQ0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxAB6U9xTEI7JZYKKxGMlBp0vc
HVuR+yOFM++CRuSE+ByWTqEczohc01CrS4w/Eqb2WgUIb/RvO28OQh0fsBx/9seQ
6gXBgn4UZhkD0eyI0KsWih+yVlZl2Y0NTwJzBuxUX5DSrrBnTJiRT1N4IZp8SL5F
eYtb0quA1Mek6sGUyo/6C8r6WdZtgcSXohFJ4/BB80ybZK320pS2OigsTT+3cAoQ
ypqx9HuI0+9BUR3edS4DGW1+QuAV2yI2MhI+OeZXN+qaZsOVN9mRlWAkRCXAeUGR
kW9+yXXSb/EgW8ElK1k6bJKGCpEpUVZO+TtWeairMnnURitIDXjne4NTij7LAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUesNmxSZi4lsxLybH37f+ESy37c0wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NjM0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQglMA0GCSqGSIb3DQEBCwUAA4IBAQCLIsNnfehhE5cFJQvagaaO/4OFJOnughsI
gmsyULJRjOaIJjZDhg3VlkmClw8ZSgcT1WMQk62YYDa8YcJYkej4VNwO6qlJWyFV
mJ2gbFmh+MQUsg8/AMhgAbjb29reYZ6uZbg+O5XEAYHoh+iT+8kDqzQtckjSz09I
69eWUzdEhc8S30GSlNsWxdbflZamPSaJAhii6rwh7kMUE2UjCl9HVXSSnv9B0rVS
ffYIGDazim84sQ6lFbjOEj7TVrvO+Y8pkbXKgwcTvCqaGaId8lS1vEWrP8C23NHL
nlIh6shp9WyQQCpMKbPQfWPEYJwEWJnzLOrzJkLRl7YNkjDRTmXX
-----END CERTIFICATE-----