Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214642.roa
File:                     AS214642.roa (raw, json)
Hash identifier:          /9wFuPqLcsHg5kkNtVEwlXfh94a2LwK5ugPM0hbRICc=
Subject key identifier:   08:15:42:75:93:37:C8:84:0C:53:58:78:28:81:15:84:0B:8C:14:E3
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       509B729ED4C2D590493D64F98A939B64B694CE6A
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214642.roa
Signing time:             Fri 25 Jul 2025 08:07:35 +0000
ROA not before:           Fri 25 Jul 2025 08:02:35 +0000
ROA not after:            Fri 24 Jul 2026 08:07:35 +0000
asID:                     214642
IP address blocks:        2a0f:85c1:826::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 08:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:9b:72:9e:d4:c2:d5:90:49:3d:64:f9:8a:93:9b:64:b6:94:ce:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:35 2025 GMT
            Not After : Jul 24 08:07:35 2026 GMT
        Subject: CN=081542759337C8840C535878288115840B8C14E3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:2b:e8:70:54:17:e6:56:28:9b:cc:b4:7c:4e:
                    d2:54:a6:fb:40:41:0b:4b:d7:60:09:be:b2:f3:4a:
                    85:ff:bd:78:8d:6e:b7:9c:b5:31:7d:4f:f9:51:ed:
                    e7:97:57:14:15:1e:e0:24:05:43:25:97:d5:2e:7b:
                    02:ec:2b:52:95:3a:05:08:e8:85:ef:57:b4:60:61:
                    ab:02:6c:c1:67:fb:70:c7:ff:5f:2f:c3:04:40:cb:
                    96:f6:e4:4a:3b:b4:ea:42:08:e6:eb:27:5b:bc:2a:
                    cc:05:63:68:52:25:54:64:67:1d:b3:6d:d4:99:e4:
                    10:e4:97:b6:ee:aa:a9:64:41:0e:44:1f:d7:f6:2d:
                    40:78:58:4f:de:d8:06:eb:71:55:94:3d:9b:7f:91:
                    54:e2:9b:b9:4f:34:e2:2c:21:27:7b:0c:6c:fe:da:
                    42:48:66:40:a1:f5:ae:32:46:a7:dd:48:7d:2f:91:
                    f8:af:8e:8d:fb:42:1b:c9:b6:bd:23:fc:0a:38:96:
                    aa:03:3a:4a:a5:a9:4a:2b:79:89:72:f3:30:4b:95:
                    0a:dc:7e:fd:fe:35:bb:c1:52:ac:5c:c4:51:22:26:
                    77:f0:2e:67:d6:a4:9f:1e:05:ac:c3:28:cc:cf:5f:
                    0b:09:24:06:1a:94:4c:03:b1:84:75:23:f6:5b:41:
                    61:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:15:42:75:93:37:C8:84:0C:53:58:78:28:81:15:84:0B:8C:14:E3
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214642.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:826::/48

    Signature Algorithm: sha256WithRSAEncryption
         ee:07:47:01:a2:02:2a:62:ba:dc:d3:19:91:3b:09:7e:f8:1f:
         6b:2e:e9:40:c1:2d:1d:a8:5b:84:7f:f0:aa:b1:83:4a:25:3a:
         b6:ea:4f:bb:96:1c:ee:88:ce:8c:ce:09:74:4f:11:79:8d:29:
         7d:f4:49:e4:cc:2a:23:78:38:4d:89:c4:c2:35:0a:1d:0b:49:
         87:5c:7f:6c:ff:0c:a6:3b:99:e0:af:98:3c:9c:5a:f8:0b:54:
         c7:88:89:b7:85:cd:25:0c:17:b9:d8:70:ac:da:6c:2f:4e:dc:
         70:40:a4:08:91:14:88:b5:39:bf:56:10:bb:42:2f:e5:15:6d:
         ae:b5:f3:3f:c1:05:a7:00:d7:9b:b3:fd:89:3d:db:81:d7:37:
         16:c4:8f:b0:11:a6:7b:7f:64:58:9e:e0:09:de:d4:aa:fa:d8:
         5e:0b:f8:49:45:89:a6:8a:f3:b8:76:cb:85:7e:f6:f2:65:e8:
         2f:f9:55:32:6c:71:72:3c:2f:0a:85:51:8a:11:80:c0:b4:d3:
         ba:31:c4:a4:0c:de:0a:c9:0e:c2:97:39:da:e0:32:ae:d6:13:
         27:e2:d2:8e:45:fe:0e:3a:e2:e0:f6:ee:91:f9:47:c6:37:f9:
         03:cb:e8:2e:cb:78:ed:8a:a7:0e:1e:cc:64:92:9a:e1:5f:02:
         01:36:bb:e1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUUJtyntTC1ZBJPWT5ipObZLaUzmowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyMzVaFw0yNjA3MjQwODA3MzVaMDMxMTAvBgNV
BAMTKDA4MTU0Mjc1OTMzN0M4ODQwQzUzNTg3ODI4ODExNTg0MEI4QzE0RTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9K+hwVBfmViibzLR8TtJUpvtA
QQtL12AJvrLzSoX/vXiNbrectTF9T/lR7eeXVxQVHuAkBUMll9UuewLsK1KVOgUI
6IXvV7RgYasCbMFn+3DH/18vwwRAy5b25Eo7tOpCCObrJ1u8KswFY2hSJVRkZx2z
bdSZ5BDkl7buqqlkQQ5EH9f2LUB4WE/e2AbrcVWUPZt/kVTim7lPNOIsISd7DGz+
2kJIZkCh9a4yRqfdSH0vkfivjo37QhvJtr0j/Ao4lqoDOkqlqUoreYly8zBLlQrc
fv3+NbvBUqxcxFEiJnfwLmfWpJ8eBazDKMzPXwsJJAYalEwDsYR1I/ZbQWE9AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUCBVCdZM3yIQMU1h4KIEVhAuMFOMwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NjQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQgmMA0GCSqGSIb3DQEBCwUAA4IBAQDuB0cBogIqYrrc0xmROwl++B9rLulAwS0d
qFuEf/CqsYNKJTq26k+7lhzuiM6Mzgl0TxF5jSl99EnkzCojeDhNicTCNQodC0mH
XH9s/wymO5ngr5g8nFr4C1THiIm3hc0lDBe52HCs2mwvTtxwQKQIkRSItTm/VhC7
Qi/lFW2utfM/wQWnANebs/2JPduB1zcWxI+wEaZ7f2RYnuAJ3tSq+theC/hJRYmm
ivO4dsuFfvbyZegv+VUybHFyPC8KhVGKEYDAtNO6McSkDN4KyQ7Clzna4DKu1hMn
4tKORf4OOuLg9u6R+UfGN/kDy+guy3jtiqcOHsxkkprhXwIBNrvh
-----END CERTIFICATE-----