Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214841.roa
File:                     AS214841.roa (raw, json)
Hash identifier:          MbqAK1JjSUr5YqQRCnr5j4xaSVWzCLFjAxyTeyQVgvk=
Subject key identifier:   E7:68:C0:8F:2A:4B:55:D1:B5:02:89:7C:79:E9:A1:6E:69:DF:EF:9F
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       5A0A6C98B00E3E0824817AF938BD7B14C4F1B1D0
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214841.roa
Signing time:             Fri 25 Jul 2025 08:07:42 +0000
ROA not before:           Fri 25 Jul 2025 08:02:42 +0000
ROA not after:            Fri 24 Jul 2026 08:07:42 +0000
asID:                     214841
IP address blocks:        2a0f:85c1:801::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 23:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:0a:6c:98:b0:0e:3e:08:24:81:7a:f9:38:bd:7b:14:c4:f1:b1:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:42 2025 GMT
            Not After : Jul 24 08:07:42 2026 GMT
        Subject: CN=E768C08F2A4B55D1B502897C79E9A16E69DFEF9F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:22:88:c1:30:33:86:cd:c4:91:9e:10:f7:64:
                    87:da:21:ec:fb:8d:fe:e9:ee:fe:9b:b0:be:cc:13:
                    a3:4c:a6:24:57:7f:38:e8:4c:70:cf:08:ec:5d:b6:
                    0f:f9:18:64:88:11:8d:08:ce:a3:c7:7d:23:25:fe:
                    72:19:6f:aa:9d:79:e1:d0:ad:2c:bd:a8:85:cc:3d:
                    cd:58:28:9f:d1:fc:17:87:57:9a:04:4d:59:8b:1c:
                    6d:25:5d:7d:5a:7d:59:8e:e6:11:b0:70:b2:a1:3d:
                    ca:94:81:c9:82:01:f5:d3:c2:73:d7:a5:c6:bf:bd:
                    09:61:2d:c3:f9:80:cc:75:56:5c:48:00:51:44:a7:
                    45:a8:b3:78:9c:89:9f:3d:b2:5a:66:df:3a:76:a9:
                    7d:cd:22:66:31:5a:4e:52:fb:12:7a:eb:3e:87:b3:
                    b2:f3:a2:a8:7a:a5:ca:7c:32:ae:5e:bc:1e:12:53:
                    67:45:97:38:11:5c:c8:05:5f:ae:6d:59:60:76:eb:
                    6c:f4:58:c6:d0:df:2d:78:86:2c:49:ca:88:84:f7:
                    ad:a7:d3:83:74:19:42:c5:89:d6:64:f1:0b:61:5c:
                    dc:29:af:3f:f9:62:90:f4:84:73:96:cc:a7:03:da:
                    c2:ca:14:65:bb:10:93:91:ae:88:c9:a4:80:86:4e:
                    22:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:68:C0:8F:2A:4B:55:D1:B5:02:89:7C:79:E9:A1:6E:69:DF:EF:9F
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214841.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:801::/48

    Signature Algorithm: sha256WithRSAEncryption
         81:ac:58:ad:90:0b:cc:d2:eb:34:5d:25:f7:76:8d:7a:79:71:
         2c:4a:9c:f8:10:f8:17:85:2b:e4:c0:b8:ce:a5:50:72:f3:61:
         1c:30:2f:95:6c:29:66:d9:78:5b:f6:fc:4e:50:1b:43:b7:eb:
         2b:23:eb:17:22:90:14:fb:2c:62:23:77:55:7c:a2:db:c0:fc:
         1b:df:18:92:9d:13:be:9d:00:ff:39:fa:e1:e9:c5:d2:a4:8b:
         f6:85:0f:7a:d5:63:05:34:32:99:9b:f3:f2:cf:45:c1:71:b7:
         90:3a:a3:f9:a9:21:53:61:e2:92:5b:52:a6:32:96:72:30:47:
         db:17:dc:dd:db:14:f9:26:62:c0:d4:f4:12:b9:fd:de:37:fb:
         2a:6b:b2:d1:8d:e3:d0:cd:57:a9:b7:34:dc:09:19:29:35:cd:
         18:8b:25:47:6d:77:58:46:da:17:f4:7c:41:8c:9b:f3:00:17:
         4c:e5:5d:b1:b0:97:a5:a8:a6:3e:00:ae:85:3d:68:58:5d:d9:
         3a:bd:a3:06:85:be:86:82:b7:94:e7:80:7e:54:df:07:05:64:
         8a:35:28:0f:f8:86:f7:7e:3e:e3:a1:00:db:5d:79:82:78:d2:
         e2:59:34:00:5d:cc:2d:6e:66:f8:c9:dd:53:39:6a:a6:77:a6:
         b6:28:3d:b5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUWgpsmLAOPggkgXr5OL17FMTxsdAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyNDJaFw0yNjA3MjQwODA3NDJaMDMxMTAvBgNV
BAMTKEU3NjhDMDhGMkE0QjU1RDFCNTAyODk3Qzc5RTlBMTZFNjlERkVGOUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdIojBMDOGzcSRnhD3ZIfaIez7
jf7p7v6bsL7ME6NMpiRXfzjoTHDPCOxdtg/5GGSIEY0IzqPHfSMl/nIZb6qdeeHQ
rSy9qIXMPc1YKJ/R/BeHV5oETVmLHG0lXX1afVmO5hGwcLKhPcqUgcmCAfXTwnPX
pca/vQlhLcP5gMx1VlxIAFFEp0Wos3iciZ89slpm3zp2qX3NImYxWk5S+xJ66z6H
s7Lzoqh6pcp8Mq5evB4SU2dFlzgRXMgFX65tWWB262z0WMbQ3y14hixJyoiE962n
04N0GULFidZk8QthXNwprz/5YpD0hHOWzKcD2sLKFGW7EJORrojJpICGTiJ/AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU52jAjypLVdG1Aol8eemhbmnf758wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0ODQxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQgBMA0GCSqGSIb3DQEBCwUAA4IBAQCBrFitkAvM0us0XSX3do16eXEsSpz4EPgX
hSvkwLjOpVBy82EcMC+VbClm2Xhb9vxOUBtDt+srI+sXIpAU+yxiI3dVfKLbwPwb
3xiSnRO+nQD/Ofrh6cXSpIv2hQ961WMFNDKZm/Pyz0XBcbeQOqP5qSFTYeKSW1Km
MpZyMEfbF9zd2xT5JmLA1PQSuf3eN/sqa7LRjePQzVeptzTcCRkpNc0YiyVHbXdY
RtoX9HxBjJvzABdM5V2xsJelqKY+AK6FPWhYXdk6vaMGhb6GgreU54B+VN8HBWSK
NSgP+Ib3fj7joQDbXXmCeNLiWTQAXcwtbmb4yd1TOWqmd6a2KD21
-----END CERTIFICATE-----