Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214769.roa
File:                     AS214769.roa (raw, json)
Hash identifier:          PO+1PuEzThvhE/kvIUpHw/eCEtYcMcyh9EWe52Dhlhk=
Subject key identifier:   35:78:7E:C0:86:5A:24:D0:F2:66:8B:A8:D2:7B:8B:36:44:B0:DB:1F
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       6DCF83DC19861DC32C1A2BC289A4A04AD4A2D564
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214769.roa
Signing time:             Fri 25 Jul 2025 08:07:40 +0000
ROA not before:           Fri 25 Jul 2025 08:02:40 +0000
ROA not after:            Fri 24 Jul 2026 08:07:40 +0000
asID:                     214769
IP address blocks:        2a0f:85c1:3d5::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 08:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:cf:83:dc:19:86:1d:c3:2c:1a:2b:c2:89:a4:a0:4a:d4:a2:d5:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:40 2025 GMT
            Not After : Jul 24 08:07:40 2026 GMT
        Subject: CN=35787EC0865A24D0F2668BA8D27B8B3644B0DB1F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:57:6b:1e:24:c3:b8:da:81:fb:66:66:28:a4:
                    d8:f0:e6:72:eb:33:68:43:e9:f7:60:49:de:5e:03:
                    72:79:a9:b7:18:10:16:6e:e3:5e:a7:fd:f7:9b:fa:
                    9f:45:36:e1:af:02:50:cc:b1:8a:38:39:c2:d8:9f:
                    90:2e:28:27:86:e1:4f:3e:07:a1:c3:c2:02:3d:cd:
                    f4:7c:d7:9b:6d:0e:40:e3:41:42:8c:8c:ba:70:4f:
                    cf:33:26:10:8c:7d:9b:28:68:dc:9f:8d:5b:c2:35:
                    6c:de:b3:7f:1c:c4:ae:65:7c:ce:c5:10:0d:bb:cf:
                    cc:f0:84:be:19:74:a4:d9:ca:b2:52:01:81:b3:f6:
                    c5:67:05:18:d0:aa:9e:75:64:3e:0b:a0:12:ee:a8:
                    9e:92:48:ea:0d:55:dc:fb:6e:66:c8:20:bf:b9:a9:
                    bf:aa:97:ec:dd:e0:4f:7d:39:b1:d4:2a:c3:f8:40:
                    55:c3:56:a2:12:24:f0:7e:8a:7b:9f:a7:df:1b:de:
                    c3:03:bd:b3:e9:e2:b6:d5:27:94:a7:cd:5f:1e:93:
                    8c:09:b5:54:22:6f:e6:29:7a:82:4d:81:4c:f2:25:
                    87:d4:92:d1:87:b8:76:cb:ca:06:48:18:5e:fd:a2:
                    11:fb:89:77:2d:b1:06:49:de:f0:09:7f:67:ee:8f:
                    d9:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:78:7E:C0:86:5A:24:D0:F2:66:8B:A8:D2:7B:8B:36:44:B0:DB:1F
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214769.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3d5::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:48:20:16:34:bc:9d:a1:3b:8f:9e:59:fc:04:31:9a:2c:6b:
         9b:48:f2:2b:af:56:8b:d7:df:62:b8:77:8d:18:db:10:de:aa:
         a9:d2:d5:95:9d:7b:0a:58:b0:71:99:9f:d9:cb:ef:33:4d:12:
         0e:93:16:7b:52:ed:c7:a5:41:d4:67:cd:82:38:a7:87:7d:0b:
         67:f2:20:a0:74:79:d4:c0:5d:02:86:ab:67:c6:b0:ce:4b:f1:
         97:c5:f8:63:31:a9:69:ec:a2:3f:c3:31:5a:48:ac:25:f6:de:
         e8:93:9c:70:4f:ad:da:ce:d5:46:94:6c:50:aa:1a:48:67:be:
         bd:c9:e7:16:16:06:e7:fc:dd:83:01:4d:5c:cd:f2:52:cd:31:
         82:0a:75:6f:2a:5f:07:d7:61:9f:3e:50:7f:6d:6d:fd:d3:b9:
         f3:b4:55:fa:4f:d9:37:6a:b7:43:85:9f:98:45:89:fa:03:f6:
         a8:72:3d:fc:64:4e:c0:e1:93:33:7e:6e:76:a1:e1:71:4d:a9:
         33:c7:f1:a7:3a:e1:dc:40:18:d8:dc:9f:04:24:b0:3b:26:92:
         c9:d6:c7:92:6c:2f:60:c1:8b:94:4d:bc:cb:f2:0a:62:01:6c:
         db:ab:e9:ad:c9:74:5f:04:e6:41:87:27:86:e2:f2:5a:64:a4:
         e1:27:f9:ac
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUbc+D3BmGHcMsGivCiaSgStSi1WQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyNDBaFw0yNjA3MjQwODA3NDBaMDMxMTAvBgNV
BAMTKDM1Nzg3RUMwODY1QTI0RDBGMjY2OEJBOEQyN0I4QjM2NDRCMERCMUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMV2seJMO42oH7ZmYopNjw5nLr
M2hD6fdgSd5eA3J5qbcYEBZu416n/feb+p9FNuGvAlDMsYo4OcLYn5AuKCeG4U8+
B6HDwgI9zfR815ttDkDjQUKMjLpwT88zJhCMfZsoaNyfjVvCNWzes38cxK5lfM7F
EA27z8zwhL4ZdKTZyrJSAYGz9sVnBRjQqp51ZD4LoBLuqJ6SSOoNVdz7bmbIIL+5
qb+ql+zd4E99ObHUKsP4QFXDVqISJPB+inufp98b3sMDvbPp4rbVJ5SnzV8ek4wJ
tVQib+YpeoJNgUzyJYfUktGHuHbLygZIGF79ohH7iXctsQZJ3vAJf2fuj9kDAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUNXh+wIZaJNDyZouo0nuLNkSw2x8wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NzY5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQPVMA0GCSqGSIb3DQEBCwUAA4IBAQAESCAWNLydoTuPnln8BDGaLGubSPIrr1aL
199iuHeNGNsQ3qqp0tWVnXsKWLBxmZ/Zy+8zTRIOkxZ7Uu3HpUHUZ82COKeHfQtn
8iCgdHnUwF0ChqtnxrDOS/GXxfhjMalp7KI/wzFaSKwl9t7ok5xwT63aztVGlGxQ
qhpIZ769yecWFgbn/N2DAU1czfJSzTGCCnVvKl8H12GfPlB/bW3907nztFX6T9k3
ardDhZ+YRYn6A/aocj38ZE7A4ZMzfm52oeFxTakzx/GnOuHcQBjY3J8EJLA7JpLJ
1seSbC9gwYuUTbzL8gpiAWzbq+mtyXRfBOZBhyeG4vJaZKThJ/ms
-----END CERTIFICATE-----