Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214768.roa
File:                     AS214768.roa (raw, json)
Hash identifier:          7Q3zhCMcSMNxDyRKH59ImixjzlsNgDE6rAPwx/diL/0=
Subject key identifier:   DA:BE:8B:43:83:AC:11:54:ED:71:36:74:C0:A2:BA:B9:3E:6D:FD:BE
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       6D305547DB3D6F278EB158242AE0E9A822FDB558
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214768.roa
Signing time:             Fri 25 Jul 2025 08:07:43 +0000
ROA not before:           Fri 25 Jul 2025 08:02:43 +0000
ROA not after:            Fri 24 Jul 2026 08:07:43 +0000
asID:                     214768
IP address blocks:        2a0f:85c1:3f1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 14:26:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:30:55:47:db:3d:6f:27:8e:b1:58:24:2a:e0:e9:a8:22:fd:b5:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:43 2025 GMT
            Not After : Jul 24 08:07:43 2026 GMT
        Subject: CN=DABE8B4383AC1154ED713674C0A2BAB93E6DFDBE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:8d:be:00:82:4c:06:72:48:72:35:38:c8:53:
                    71:83:d2:15:5c:ab:b8:14:bc:ef:95:69:3f:c7:30:
                    60:a3:61:24:48:c6:2d:d6:11:89:0a:07:69:06:c9:
                    b4:e5:7b:ac:1a:22:78:e8:01:6e:5b:b3:6f:79:98:
                    27:27:4b:0a:ba:9c:ed:f2:bd:05:71:32:b2:e3:7e:
                    73:ea:b3:f9:ec:9e:27:f4:8b:74:2b:cf:2b:59:74:
                    86:ab:6e:01:a3:e4:d2:8a:c5:9a:b1:13:29:62:20:
                    bf:11:da:67:55:d2:c3:e9:7c:80:57:0b:cf:39:cf:
                    8a:de:d6:9b:bb:7b:9d:e0:c6:19:45:d0:8f:db:fb:
                    0c:f3:a3:6c:52:c7:8d:06:aa:0b:74:9f:cc:59:24:
                    f9:9d:c5:eb:97:81:da:16:ee:c6:19:47:10:db:54:
                    25:e5:f0:53:12:a7:31:bd:d1:17:8e:52:a8:79:78:
                    20:05:97:a2:cf:6b:bc:c3:c2:70:3a:16:b5:8b:7e:
                    e3:e6:7c:4d:1f:ef:78:67:34:a1:82:72:46:78:d1:
                    6b:2e:88:4a:43:66:85:42:4d:f5:49:92:fa:cd:62:
                    7f:fe:9c:7f:48:e4:dc:ce:95:a3:f8:c9:2d:2b:cb:
                    b6:21:b3:29:95:c5:b7:10:4a:9d:f5:6d:7b:c1:3a:
                    84:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:BE:8B:43:83:AC:11:54:ED:71:36:74:C0:A2:BA:B9:3E:6D:FD:BE
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214768.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3f1::/48

    Signature Algorithm: sha256WithRSAEncryption
         d1:74:91:1e:c4:4c:6f:ab:6a:1e:7a:46:c6:69:db:89:fb:c1:
         3a:1d:f3:b4:cb:11:bc:0a:46:ae:a3:74:2d:81:e3:37:04:d9:
         10:ab:6f:63:2a:35:74:56:81:1c:08:c4:6f:0b:6b:80:4d:da:
         2e:7a:26:ce:e9:4d:27:e7:4f:de:d4:9e:63:05:6c:7b:32:ba:
         ac:78:bf:8f:15:a3:bf:d4:0b:5c:af:14:58:d9:5a:3d:c7:71:
         8b:16:b0:0e:bc:72:94:94:98:da:f3:58:2a:1c:e8:63:b3:14:
         85:93:14:52:48:49:75:93:78:fd:8f:3c:4e:3b:2c:99:fd:43:
         88:fe:64:1d:58:d8:99:a3:e1:52:e5:54:2b:53:15:a0:51:79:
         e0:df:7b:da:62:5c:2e:fb:b7:cf:0d:f4:a5:97:94:2d:dc:1d:
         b8:25:5e:94:98:ad:b7:06:31:ac:02:15:34:6c:6f:f0:77:fb:
         ea:69:10:9f:fe:31:78:4e:7f:6f:2e:4f:28:9c:f5:b9:a2:49:
         da:9b:83:1b:42:87:f7:43:63:c0:84:04:ae:b9:a8:8b:f2:ed:
         09:a0:76:33:31:86:42:54:8a:92:7b:e8:35:35:4c:3b:c3:21:
         7e:62:29:1c:1f:6f:44:7a:83:a5:4e:97:0d:72:1a:b7:fb:58:
         25:9d:06:05
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUbTBVR9s9byeOsVgkKuDpqCL9tVgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyNDNaFw0yNjA3MjQwODA3NDNaMDMxMTAvBgNV
BAMTKERBQkU4QjQzODNBQzExNTRFRDcxMzY3NEMwQTJCQUI5M0U2REZEQkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMjb4AgkwGckhyNTjIU3GD0hVc
q7gUvO+VaT/HMGCjYSRIxi3WEYkKB2kGybTle6waInjoAW5bs295mCcnSwq6nO3y
vQVxMrLjfnPqs/nsnif0i3QrzytZdIarbgGj5NKKxZqxEyliIL8R2mdV0sPpfIBX
C885z4re1pu7e53gxhlF0I/b+wzzo2xSx40Gqgt0n8xZJPmdxeuXgdoW7sYZRxDb
VCXl8FMSpzG90ReOUqh5eCAFl6LPa7zDwnA6FrWLfuPmfE0f73hnNKGCckZ40Wsu
iEpDZoVCTfVJkvrNYn/+nH9I5NzOlaP4yS0ry7YhsymVxbcQSp31bXvBOoT9AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU2r6LQ4OsEVTtcTZ0wKK6uT5t/b4wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NzY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQPxMA0GCSqGSIb3DQEBCwUAA4IBAQDRdJEexExvq2oeekbGaduJ+8E6HfO0yxG8
Ckauo3QtgeM3BNkQq29jKjV0VoEcCMRvC2uATdoueibO6U0n50/e1J5jBWx7Mrqs
eL+PFaO/1AtcrxRY2Vo9x3GLFrAOvHKUlJja81gqHOhjsxSFkxRSSEl1k3j9jzxO
OyyZ/UOI/mQdWNiZo+FS5VQrUxWgUXng33vaYlwu+7fPDfSll5Qt3B24JV6UmK23
BjGsAhU0bG/wd/vqaRCf/jF4Tn9vLk8onPW5oknam4MbQof3Q2PAhASuuaiL8u0J
oHYzMYZCVIqSe+g1NUw7wyF+YikcH29EeoOlTpcNchq3+1glnQYF
-----END CERTIFICATE-----