Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214802.roa
File:                     AS214802.roa (raw, json)
Hash identifier:          C7jMjerppSKA/uywqd7IasfbYrmACDkMoeDv8Cfs+fg=
Subject key identifier:   54:53:25:59:8D:A2:DD:03:4B:7A:3F:66:C0:C3:95:32:A9:FC:35:57
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       7ECFB77378585D6D47FB77E630832EFCE3B3A107
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214802.roa
Signing time:             Fri 25 Jul 2025 08:07:40 +0000
ROA not before:           Fri 25 Jul 2025 08:02:40 +0000
ROA not after:            Fri 24 Jul 2026 08:07:40 +0000
asID:                     214802
IP address blocks:        2a0f:85c1:80a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 08:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:cf:b7:73:78:58:5d:6d:47:fb:77:e6:30:83:2e:fc:e3:b3:a1:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:40 2025 GMT
            Not After : Jul 24 08:07:40 2026 GMT
        Subject: CN=545325598DA2DD034B7A3F66C0C39532A9FC3557
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:ed:8c:b4:cc:5f:08:a9:3f:6c:f5:6f:07:2e:
                    2d:60:62:d5:72:6e:b7:09:47:1b:13:01:dd:20:f1:
                    85:d7:ba:30:fb:8f:b4:8d:b7:cd:34:30:72:d0:82:
                    33:ec:42:1f:ff:a9:69:30:5f:1f:df:41:86:f6:a3:
                    43:50:30:6c:f4:45:3d:aa:87:8b:6c:08:6e:16:f8:
                    65:46:e3:00:70:d7:ed:57:93:8f:d6:4a:2a:be:04:
                    ee:7c:00:b8:2b:66:83:b1:9d:1e:1c:fa:07:e6:59:
                    37:49:0e:83:a1:86:bd:ed:6f:e9:9e:bd:ca:4c:29:
                    06:04:da:a4:39:59:84:9c:f7:5e:61:85:dd:c1:11:
                    c1:1d:71:de:a5:7d:e6:91:6a:99:70:2d:c7:ea:c1:
                    d1:d8:06:cb:b8:3a:3b:aa:11:a4:f2:bb:d9:f8:75:
                    b9:4d:a5:d2:18:cc:79:59:5a:fc:50:11:2a:ad:88:
                    14:c2:0f:cd:ce:80:b0:55:83:65:38:cb:a5:d2:de:
                    8d:05:26:e5:cf:9d:da:a1:86:3c:7f:ba:98:f3:b7:
                    fc:c8:27:bb:43:f0:05:f6:cd:95:76:c5:40:ab:8e:
                    92:19:75:ed:d2:dc:ab:13:80:aa:f3:19:d5:d5:ac:
                    a1:c0:a4:9d:96:6a:76:15:ba:e3:6e:d4:b1:7b:a8:
                    6a:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:53:25:59:8D:A2:DD:03:4B:7A:3F:66:C0:C3:95:32:A9:FC:35:57
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214802.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:80a::/48

    Signature Algorithm: sha256WithRSAEncryption
         80:a9:48:80:7b:2b:fd:08:22:62:55:86:fc:f4:82:3e:e8:06:
         bc:a3:0c:af:52:62:86:4f:d4:21:7f:bf:60:11:7f:2c:f0:0d:
         75:ca:0c:35:ce:96:37:d8:8a:9b:24:f9:cf:85:4d:ef:1c:b5:
         a6:ff:0a:c7:ba:99:b4:f8:47:cf:2b:db:34:a6:a7:e9:ff:a4:
         f0:37:57:ca:cd:4a:a5:a7:1c:d6:5f:dc:e6:33:58:76:0a:1f:
         7b:0b:40:f0:52:12:d5:ab:ea:a9:3a:c8:a9:66:a1:29:31:92:
         48:44:84:2a:63:8c:75:58:de:7e:0f:80:e0:7a:8e:10:ce:4e:
         f5:1e:96:99:c8:73:31:ef:78:aa:22:d8:1e:a6:d6:75:64:e3:
         ce:d1:ad:14:b3:66:2d:5d:f1:84:7f:43:f9:17:24:23:48:67:
         8e:53:33:8b:eb:65:29:27:3a:91:32:35:e9:e6:e4:62:22:e0:
         78:ef:cd:ec:dd:72:f3:d7:6a:0f:f0:ee:d2:46:28:e7:88:5b:
         61:e8:b3:e0:d4:0d:e4:68:1b:92:b3:0a:d6:22:09:e7:fe:a3:
         bd:57:77:31:b5:87:9f:f1:93:6e:a6:50:8b:31:8e:02:b7:4f:
         d0:94:ce:d4:c1:fd:42:12:26:03:67:05:c7:67:86:b0:fb:4e:
         c3:1c:14:dc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUfs+3c3hYXW1H+3fmMIMu/OOzoQcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyNDBaFw0yNjA3MjQwODA3NDBaMDMxMTAvBgNV
BAMTKDU0NTMyNTU5OERBMkREMDM0QjdBM0Y2NkMwQzM5NTMyQTlGQzM1NTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDY7Yy0zF8IqT9s9W8HLi1gYtVy
brcJRxsTAd0g8YXXujD7j7SNt800MHLQgjPsQh//qWkwXx/fQYb2o0NQMGz0RT2q
h4tsCG4W+GVG4wBw1+1Xk4/WSiq+BO58ALgrZoOxnR4c+gfmWTdJDoOhhr3tb+me
vcpMKQYE2qQ5WYSc915hhd3BEcEdcd6lfeaRaplwLcfqwdHYBsu4OjuqEaTyu9n4
dblNpdIYzHlZWvxQESqtiBTCD83OgLBVg2U4y6XS3o0FJuXPndqhhjx/upjzt/zI
J7tD8AX2zZV2xUCrjpIZde3S3KsTgKrzGdXVrKHApJ2WanYVuuNu1LF7qGpLAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUVFMlWY2i3QNLej9mwMOVMqn8NVcwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0ODAyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQgKMA0GCSqGSIb3DQEBCwUAA4IBAQCAqUiAeyv9CCJiVYb89II+6Aa8owyvUmKG
T9Qhf79gEX8s8A11ygw1zpY32IqbJPnPhU3vHLWm/wrHupm0+EfPK9s0pqfp/6Tw
N1fKzUqlpxzWX9zmM1h2Ch97C0DwUhLVq+qpOsipZqEpMZJIRIQqY4x1WN5+D4Dg
eo4Qzk71HpaZyHMx73iqItgeptZ1ZOPO0a0Us2YtXfGEf0P5FyQjSGeOUzOL62Up
JzqRMjXp5uRiIuB4783s3XLz12oP8O7SRijniFth6LPg1A3kaBuSswrWIgnn/qO9
V3cxtYef8ZNuplCLMY4Ct0/QlM7Uwf1CEiYDZwXHZ4aw+07DHBTc
-----END CERTIFICATE-----