Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214752.roa
File:                     AS214752.roa (raw, json)
Hash identifier:          Nf8k/3MzhCvmcvFEqTO87OLQ8wXrG49Xjv3LzHUEQ64=
Subject key identifier:   47:89:7F:85:84:42:0E:54:CA:DB:12:17:26:6C:7F:01:FB:EB:14:2E
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       5AFC3105E1AC2FBDF471C96E25BBA0552D693F82
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214752.roa
Signing time:             Fri 25 Jul 2025 08:07:46 +0000
ROA not before:           Fri 25 Jul 2025 08:02:46 +0000
ROA not after:            Fri 24 Jul 2026 08:07:46 +0000
asID:                     214752
IP address blocks:        2a0f:85c1:812::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 14:26:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:fc:31:05:e1:ac:2f:bd:f4:71:c9:6e:25:bb:a0:55:2d:69:3f:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:46 2025 GMT
            Not After : Jul 24 08:07:46 2026 GMT
        Subject: CN=47897F8584420E54CADB1217266C7F01FBEB142E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:6a:31:95:c8:93:27:4a:47:ca:f3:71:67:40:
                    38:53:c4:7f:4c:6d:11:33:9d:78:a2:88:48:bf:20:
                    61:f0:5d:ba:e5:cb:c2:f2:3d:69:8d:d9:f7:a4:a6:
                    ff:fe:fc:37:83:08:66:c1:7e:a7:db:b7:da:4c:1d:
                    4c:46:91:48:3e:ae:6a:7d:a0:13:c6:b7:ce:d5:72:
                    c8:e9:76:93:8b:c1:f8:1b:6c:3d:23:95:05:d2:2e:
                    8d:d3:51:50:66:60:4d:00:e2:30:6b:00:1d:21:d2:
                    22:eb:64:36:64:02:1f:82:f7:0d:5f:67:94:2d:a6:
                    88:76:51:c2:cf:29:2f:4b:fe:e5:9f:ac:43:ff:38:
                    ae:8a:46:d1:b8:cb:f4:07:44:d4:71:c9:c8:1c:0e:
                    9a:f6:b9:3b:e1:08:47:07:ac:b4:07:67:19:15:c9:
                    f5:ab:17:f4:52:98:fe:d6:f9:00:fc:8d:f0:21:d5:
                    bc:53:c9:f7:c4:3c:19:35:df:0a:d2:17:2a:7b:c2:
                    51:57:8f:8e:b4:d4:23:f3:14:93:80:12:02:ea:db:
                    5f:c1:87:c6:b1:2c:bb:80:c8:63:ee:db:8c:e8:63:
                    f6:fb:fe:de:e0:60:c7:fe:c9:d4:28:64:d3:7a:68:
                    8b:bd:dd:31:a2:f6:9e:a9:46:5e:fb:c8:85:39:9e:
                    48:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:89:7F:85:84:42:0E:54:CA:DB:12:17:26:6C:7F:01:FB:EB:14:2E
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214752.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:812::/48

    Signature Algorithm: sha256WithRSAEncryption
         ab:6e:3d:99:bb:0a:61:02:75:fa:34:f9:2e:b0:34:8e:c0:f2:
         07:cd:a6:5b:be:ea:26:96:bf:98:51:09:96:aa:20:98:e8:7f:
         fd:b2:39:d8:f2:fe:68:91:6b:51:cd:ca:99:08:14:93:de:e3:
         60:c3:2a:f8:f9:57:61:72:eb:4b:da:a8:7a:b4:65:a3:b1:6c:
         0b:ab:52:fe:70:27:d1:21:ef:8e:48:77:9b:a6:57:64:92:cd:
         67:d0:7e:6b:aa:bd:21:b4:bb:33:f0:e4:dc:20:11:ba:60:36:
         d6:fa:e0:aa:c4:d1:49:81:6f:52:2c:e2:f7:6c:5c:60:e9:ca:
         87:ba:ad:14:2d:78:70:ba:3b:5d:02:11:57:bf:1d:44:44:78:
         42:30:5f:6e:93:cb:18:23:a6:b4:94:6e:fb:63:97:ed:8f:49:
         f6:df:a8:44:4c:e3:64:1b:07:57:20:ef:d5:b7:05:3f:9e:77:
         03:33:59:53:79:2e:b5:b3:b1:63:bb:ea:00:ec:26:af:a2:10:
         a6:39:a7:9e:48:9e:31:cf:7f:ad:88:54:74:26:0d:e8:16:8a:
         f4:55:17:74:43:c2:26:61:74:06:ee:96:8e:21:d1:67:d5:9c:
         ff:43:96:d2:a1:9e:60:ab:ad:f1:82:e9:d0:73:08:13:33:15:
         36:be:2c:20
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUWvwxBeGsL730ccluJbugVS1pP4IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyNDZaFw0yNjA3MjQwODA3NDZaMDMxMTAvBgNV
BAMTKDQ3ODk3Rjg1ODQ0MjBFNTRDQURCMTIxNzI2NkM3RjAxRkJFQjE0MkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7ajGVyJMnSkfK83FnQDhTxH9M
bREznXiiiEi/IGHwXbrly8LyPWmN2fekpv/+/DeDCGbBfqfbt9pMHUxGkUg+rmp9
oBPGt87VcsjpdpOLwfgbbD0jlQXSLo3TUVBmYE0A4jBrAB0h0iLrZDZkAh+C9w1f
Z5Qtpoh2UcLPKS9L/uWfrEP/OK6KRtG4y/QHRNRxycgcDpr2uTvhCEcHrLQHZxkV
yfWrF/RSmP7W+QD8jfAh1bxTyffEPBk13wrSFyp7wlFXj4601CPzFJOAEgLq21/B
h8axLLuAyGPu24zoY/b7/t7gYMf+ydQoZNN6aIu93TGi9p6pRl77yIU5nkiHAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUR4l/hYRCDlTK2xIXJmx/AfvrFC4wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NzUyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQgSMA0GCSqGSIb3DQEBCwUAA4IBAQCrbj2ZuwphAnX6NPkusDSOwPIHzaZbvuom
lr+YUQmWqiCY6H/9sjnY8v5okWtRzcqZCBST3uNgwyr4+VdhcutL2qh6tGWjsWwL
q1L+cCfRIe+OSHebpldkks1n0H5rqr0htLsz8OTcIBG6YDbW+uCqxNFJgW9SLOL3
bFxg6cqHuq0ULXhwujtdAhFXvx1ERHhCMF9uk8sYI6a0lG77Y5ftj0n236hETONk
GwdXIO/VtwU/nncDM1lTeS61s7Fju+oA7CavohCmOaeeSJ4xz3+tiFR0Jg3oFor0
VRd0Q8ImYXQG7paOIdFn1Zz/Q5bSoZ5gq63xgunQcwgTMxU2viwg
-----END CERTIFICATE-----