Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214675.roa
File:                     AS214675.roa (raw, json)
Hash identifier:          aJkaXE/RzIlQZYuFZ8Th33IFYRJp2ts2yBEfR3p3tCc=
Subject key identifier:   26:91:E1:72:94:CB:05:A1:4A:9F:BA:6E:9F:70:9D:A2:45:FA:36:46
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       71DA87D762BA6E3D0BC01662A3F680C8137E26D6
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214675.roa
Signing time:             Fri 25 Jul 2025 08:07:39 +0000
ROA not before:           Fri 25 Jul 2025 08:02:39 +0000
ROA not after:            Fri 24 Jul 2026 08:07:39 +0000
asID:                     214675
IP address blocks:        2a0f:85c1:3fa::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 14:37:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:da:87:d7:62:ba:6e:3d:0b:c0:16:62:a3:f6:80:c8:13:7e:26:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:39 2025 GMT
            Not After : Jul 24 08:07:39 2026 GMT
        Subject: CN=2691E17294CB05A14A9FBA6E9F709DA245FA3646
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:56:f9:ab:f8:66:37:89:44:04:70:dd:b1:6b:
                    1e:fe:b3:e8:4f:34:11:18:4c:47:73:7c:eb:8c:a4:
                    af:36:55:42:fb:07:56:0c:b3:88:92:15:61:66:3b:
                    0f:8f:73:d1:c3:83:5a:53:5c:fe:3f:1d:1b:b6:fc:
                    e6:40:c1:22:43:a5:5c:63:bd:b9:c8:14:bb:b6:f1:
                    0f:4f:29:4e:0f:34:4f:fd:94:8a:35:8d:36:1a:3c:
                    5a:6e:94:65:99:5c:c7:6e:57:df:ee:cf:93:60:27:
                    a7:30:58:a6:1a:54:53:9a:71:6d:55:80:7f:33:ca:
                    98:53:bb:26:6d:10:ed:58:1d:2f:4b:c6:de:79:08:
                    e4:90:de:79:ef:06:42:56:c8:71:de:19:f8:69:f8:
                    70:67:7a:ed:8d:80:10:b2:fa:f5:de:fe:10:0e:dc:
                    31:17:62:3a:e6:91:a2:d2:39:74:27:13:1e:3d:ee:
                    2d:8e:45:87:0b:89:9c:61:7a:da:aa:64:de:8a:39:
                    bb:d6:b9:b8:6b:ff:dd:f3:a4:4f:7f:c3:83:de:6b:
                    c6:f6:d6:0b:02:5b:91:50:98:87:92:82:54:ed:a6:
                    0f:aa:5d:3a:f5:e6:ff:e6:ac:9f:fe:e6:65:40:41:
                    38:46:93:b2:0a:0f:75:88:08:85:9e:02:1f:6c:35:
                    80:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:91:E1:72:94:CB:05:A1:4A:9F:BA:6E:9F:70:9D:A2:45:FA:36:46
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214675.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3fa::/48

    Signature Algorithm: sha256WithRSAEncryption
         c9:8d:89:b6:f9:d3:97:a4:28:a4:45:43:7e:53:34:3f:4d:7d:
         76:69:49:f3:5a:1f:13:1b:82:19:07:e0:0e:a5:38:28:8b:26:
         5b:8a:6e:e8:61:84:07:5b:d1:b3:16:12:3e:23:f9:65:31:53:
         89:50:40:20:22:92:29:08:1e:b2:27:b2:31:34:26:8d:ac:ef:
         0f:27:59:5d:37:dc:63:c6:99:0c:88:18:c3:0f:73:ed:28:9e:
         47:61:8d:09:70:12:81:17:45:8e:a8:a4:45:e3:dd:77:bd:dc:
         f1:2f:78:a4:26:c1:cc:68:08:65:f1:3a:28:43:1f:ae:82:92:
         f0:96:6f:34:b4:b7:b9:20:9c:b2:52:83:32:7d:6b:85:ed:42:
         ad:99:59:27:19:1b:ab:11:ef:87:1c:5e:55:a9:c2:48:15:c2:
         9a:5b:b4:0e:20:fe:25:8f:ca:7e:35:42:e3:6d:ab:a3:e3:74:
         80:41:00:83:c4:46:00:e3:e8:98:54:32:91:46:07:f6:30:4f:
         27:9d:41:15:66:6b:74:66:39:53:18:9e:a9:af:7c:0d:2c:3b:
         49:98:af:f8:44:25:d7:1e:7a:6c:7f:6e:60:0f:5d:9f:5f:1a:
         5c:ae:d7:4a:fe:55:7d:a2:56:ca:10:d9:f4:dd:a5:f8:a7:6b:
         76:cc:cf:2d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUcdqH12K6bj0LwBZio/aAyBN+JtYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyMzlaFw0yNjA3MjQwODA3MzlaMDMxMTAvBgNV
BAMTKDI2OTFFMTcyOTRDQjA1QTE0QTlGQkE2RTlGNzA5REEyNDVGQTM2NDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBVvmr+GY3iUQEcN2xax7+s+hP
NBEYTEdzfOuMpK82VUL7B1YMs4iSFWFmOw+Pc9HDg1pTXP4/HRu2/OZAwSJDpVxj
vbnIFLu28Q9PKU4PNE/9lIo1jTYaPFpulGWZXMduV9/uz5NgJ6cwWKYaVFOacW1V
gH8zyphTuyZtEO1YHS9Lxt55COSQ3nnvBkJWyHHeGfhp+HBneu2NgBCy+vXe/hAO
3DEXYjrmkaLSOXQnEx497i2ORYcLiZxhetqqZN6KObvWubhr/93zpE9/w4Pea8b2
1gsCW5FQmIeSglTtpg+qXTr15v/mrJ/+5mVAQThGk7IKD3WICIWeAh9sNYBxAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUJpHhcpTLBaFKn7pun3CdokX6NkYwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0Njc1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQP6MA0GCSqGSIb3DQEBCwUAA4IBAQDJjYm2+dOXpCikRUN+UzQ/TX12aUnzWh8T
G4IZB+AOpTgoiyZbim7oYYQHW9GzFhI+I/llMVOJUEAgIpIpCB6yJ7IxNCaNrO8P
J1ldN9xjxpkMiBjDD3PtKJ5HYY0JcBKBF0WOqKRF4913vdzxL3ikJsHMaAhl8Too
Qx+ugpLwlm80tLe5IJyyUoMyfWuF7UKtmVknGRurEe+HHF5VqcJIFcKaW7QOIP4l
j8p+NULjbauj43SAQQCDxEYA4+iYVDKRRgf2ME8nnUEVZmt0ZjlTGJ6pr3wNLDtJ
mK/4RCXXHnpsf25gD12fXxpcrtdK/lV9olbKENn03aX4p2t2zM8t
-----END CERTIFICATE-----