Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214832.roa
File:                     AS214832.roa (raw, json)
Hash identifier:          HVx4YnP+v0XBNwGEktY0pSHbnvQG+Puk8WlQb4py8LM=
Subject key identifier:   A7:25:5E:AB:F5:90:29:92:3F:8D:0A:51:73:0D:96:40:42:D5:A6:C1
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       0269287E11C864DF11C729124D0672F1F8806971
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214832.roa
Signing time:             Fri 25 Jul 2025 08:07:44 +0000
ROA not before:           Fri 25 Jul 2025 08:02:44 +0000
ROA not after:            Fri 24 Jul 2026 08:07:44 +0000
asID:                     214832
IP address blocks:        2a0f:85c1:805::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 08:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:69:28:7e:11:c8:64:df:11:c7:29:12:4d:06:72:f1:f8:80:69:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:44 2025 GMT
            Not After : Jul 24 08:07:44 2026 GMT
        Subject: CN=A7255EABF59029923F8D0A51730D964042D5A6C1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:25:bc:b2:19:3f:e3:18:84:0f:72:b5:d6:de:
                    f0:ff:1a:77:86:95:02:e4:ea:20:22:c5:8d:40:1c:
                    05:1e:5d:13:6a:1b:63:62:0e:d5:2d:8f:5c:ba:f1:
                    d4:21:60:72:55:81:1f:24:82:f6:13:1c:ae:61:b3:
                    da:85:02:e5:31:20:f9:35:fc:15:96:56:68:14:53:
                    36:3b:f6:16:a8:f0:1d:69:6d:6b:bc:76:e2:5d:f6:
                    cd:11:9a:00:86:5a:01:2a:da:30:8d:a5:f3:d3:fa:
                    11:03:91:02:74:d7:15:43:43:30:58:7f:b0:3b:31:
                    8c:af:68:41:ed:99:3a:15:12:d0:61:ca:32:24:bd:
                    a6:af:46:bd:2c:6d:6b:b5:51:22:0c:67:f4:b0:9e:
                    a0:56:fd:d6:f7:e7:b5:33:2c:33:df:8e:cb:dd:36:
                    0b:20:81:c7:11:9a:b3:8c:f3:de:74:52:39:2d:9e:
                    a0:84:f4:fc:2a:4e:42:64:e7:a5:86:0b:70:74:28:
                    df:3a:2f:6a:c3:37:0f:9a:35:53:4a:2d:00:77:d3:
                    c2:82:d7:10:22:86:2f:a6:ef:b5:d5:84:00:72:69:
                    d8:de:fc:79:87:86:c9:cd:2f:f5:ce:ea:1d:f8:4b:
                    1f:71:09:db:a4:44:ee:ca:cb:38:80:f0:d5:11:c2:
                    47:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:25:5E:AB:F5:90:29:92:3F:8D:0A:51:73:0D:96:40:42:D5:A6:C1
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214832.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:805::/48

    Signature Algorithm: sha256WithRSAEncryption
         94:78:aa:61:19:9d:e4:54:81:34:f2:b2:04:ac:17:23:b4:31:
         c5:04:c3:2d:dd:b6:b7:ca:b7:39:db:b6:1b:87:73:49:22:b4:
         7f:9b:33:76:85:b2:fa:b0:07:73:29:70:10:a1:67:25:54:b3:
         e0:4f:67:f1:0e:70:95:8b:a3:7f:41:9d:c2:2f:36:f7:eb:e1:
         67:65:d9:1c:5b:3b:6e:6e:56:7d:cf:4c:66:21:b7:c8:59:60:
         61:67:b1:79:40:01:7e:f2:98:0c:60:57:d0:92:72:64:58:ef:
         84:74:7a:63:62:51:d5:fb:78:d9:83:5b:ce:a3:91:30:ac:e8:
         c3:df:aa:d8:10:76:67:57:4a:ff:f1:81:d5:db:7f:24:1d:4c:
         97:d6:8c:ba:12:f6:23:db:56:42:2c:27:0f:3a:16:85:11:b4:
         73:d0:94:e9:f3:85:a6:58:87:5b:db:93:7a:3b:0d:60:f7:96:
         f8:65:50:37:4f:c9:68:7e:ee:9d:7d:0f:e2:b5:d8:d1:23:cd:
         ae:5c:82:f2:86:ab:e6:99:29:0b:9d:b5:c9:99:2b:e2:0d:dd:
         3b:32:c9:89:09:f5:c4:99:80:85:96:e7:c6:29:bf:37:0c:d2:
         e3:7b:3f:20:53:11:69:4d:69:04:3a:78:4a:38:45:7b:40:b4:
         07:f3:ff:ba
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUAmkofhHIZN8RxykSTQZy8fiAaXEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyNDRaFw0yNjA3MjQwODA3NDRaMDMxMTAvBgNV
BAMTKEE3MjU1RUFCRjU5MDI5OTIzRjhEMEE1MTczMEQ5NjQwNDJENUE2QzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrJbyyGT/jGIQPcrXW3vD/GneG
lQLk6iAixY1AHAUeXRNqG2NiDtUtj1y68dQhYHJVgR8kgvYTHK5hs9qFAuUxIPk1
/BWWVmgUUzY79hao8B1pbWu8duJd9s0RmgCGWgEq2jCNpfPT+hEDkQJ01xVDQzBY
f7A7MYyvaEHtmToVEtBhyjIkvaavRr0sbWu1USIMZ/SwnqBW/db357UzLDPfjsvd
NgsggccRmrOM8950UjktnqCE9PwqTkJk56WGC3B0KN86L2rDNw+aNVNKLQB308KC
1xAihi+m77XVhAByadje/HmHhsnNL/XO6h34Sx9xCdukRO7KyziA8NURwkeBAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUpyVeq/WQKZI/jQpRcw2WQELVpsEwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0ODMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQgFMA0GCSqGSIb3DQEBCwUAA4IBAQCUeKphGZ3kVIE08rIErBcjtDHFBMMt3ba3
yrc527Ybh3NJIrR/mzN2hbL6sAdzKXAQoWclVLPgT2fxDnCVi6N/QZ3CLzb36+Fn
ZdkcWztublZ9z0xmIbfIWWBhZ7F5QAF+8pgMYFfQknJkWO+EdHpjYlHV+3jZg1vO
o5EwrOjD36rYEHZnV0r/8YHV238kHUyX1oy6EvYj21ZCLCcPOhaFEbRz0JTp84Wm
WIdb25N6Ow1g95b4ZVA3T8lofu6dfQ/itdjRI82uXILyhqvmmSkLnbXJmSviDd07
MsmJCfXEmYCFlufGKb83DNLjez8gUxFpTWkEOnhKOEV7QLQH8/+6
-----END CERTIFICATE-----