Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214848.roa
File:                     AS214848.roa (raw, json)
Hash identifier:          t3lKkUoLxjfh+T2Y8QF0eL2gUGuRPSy8Cc25vaEw1QE=
Subject key identifier:   6A:22:6E:2F:68:64:F4:A7:B3:0D:61:02:7A:C5:EE:CA:2B:8A:DF:A2
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       1C27B07098F5CB487F49E99714CC265392B750B8
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214848.roa
Signing time:             Fri 25 Jul 2025 08:07:38 +0000
ROA not before:           Fri 25 Jul 2025 08:02:38 +0000
ROA not after:            Fri 24 Jul 2026 08:07:38 +0000
asID:                     214848
IP address blocks:        2a0f:85c1:3ca::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 08:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:27:b0:70:98:f5:cb:48:7f:49:e9:97:14:cc:26:53:92:b7:50:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:38 2025 GMT
            Not After : Jul 24 08:07:38 2026 GMT
        Subject: CN=6A226E2F6864F4A7B30D61027AC5EECA2B8ADFA2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:37:5f:21:a7:af:2d:91:cf:c6:b7:07:cb:19:
                    c9:69:8b:8c:05:13:2f:bc:69:6f:63:10:53:63:46:
                    4c:76:a6:b9:25:21:ab:e5:60:99:9f:0c:b8:d4:59:
                    11:ce:a9:6c:94:c2:0e:ca:05:86:97:c1:e4:09:32:
                    cc:c9:47:0b:d0:9c:45:b6:75:f7:46:6a:d3:f9:6c:
                    b4:ef:52:b8:aa:56:1c:06:12:86:02:7d:f6:79:e2:
                    15:e3:5d:7c:bc:10:c6:40:19:52:0e:d7:f9:99:af:
                    3c:db:dc:66:a6:d0:68:ef:0d:dd:9a:35:e7:f0:b0:
                    06:5f:f6:49:11:9c:d2:66:05:1d:2c:87:29:23:cc:
                    13:f2:23:52:3d:08:c0:1d:49:14:3a:2f:a6:c8:d9:
                    c9:b2:43:2c:57:78:4a:be:04:d6:0c:4a:97:1c:28:
                    a5:11:88:90:bf:3b:df:d0:a5:bd:bf:33:80:13:21:
                    1f:7d:0b:2d:f2:77:41:34:17:f2:b3:a1:a1:20:9f:
                    7e:e2:52:90:3d:0b:b2:54:f5:4d:fe:57:32:13:2c:
                    27:18:e5:1e:42:53:f1:b4:82:d5:21:06:1f:21:20:
                    b6:3d:7e:e4:4d:de:3e:3a:cc:42:53:58:19:39:9c:
                    c2:e8:e7:77:2d:52:90:4f:bb:10:90:bc:59:cb:5c:
                    af:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:22:6E:2F:68:64:F4:A7:B3:0D:61:02:7A:C5:EE:CA:2B:8A:DF:A2
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214848.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3ca::/48

    Signature Algorithm: sha256WithRSAEncryption
         16:c3:45:da:14:69:70:6c:a3:5b:84:ee:77:68:ba:33:d9:4c:
         43:5c:16:92:88:68:52:c3:16:75:c4:31:be:41:ea:5c:92:65:
         99:cb:87:84:05:c2:1e:2c:53:bf:23:01:c0:17:4d:e7:34:e4:
         ce:a5:d0:2f:a8:11:82:25:93:37:c7:c2:5f:f0:00:02:7b:a3:
         16:e9:15:05:71:ae:82:36:bb:91:33:ec:b8:5a:83:38:54:cf:
         0d:8c:a1:8e:f8:38:bb:cc:00:c7:c1:65:2d:a0:03:ed:11:48:
         32:5a:ca:85:92:85:19:63:4e:53:7a:bf:e6:5d:6b:94:69:0e:
         9f:28:7c:84:56:47:21:ff:5b:8a:9d:90:52:86:4a:30:d0:87:
         07:8b:f2:0a:8a:40:f8:31:39:72:09:c3:4f:9e:a5:f6:d9:1a:
         28:a6:81:7f:a8:28:00:02:86:06:a5:8c:e2:8b:2a:3a:a3:df:
         03:3b:ee:0a:d6:d0:e4:f5:10:aa:ac:f5:57:19:ca:e8:17:c5:
         2b:33:42:8c:fa:83:14:41:44:e7:10:e4:71:c1:75:ed:15:f4:
         88:e8:20:7e:09:96:cb:91:15:55:d5:dc:18:a8:52:33:a9:6a:
         ff:cc:26:8d:43:80:be:78:cf:8a:04:52:3e:ac:5e:d2:b7:67:
         68:99:1d:ce
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUHCewcJj1y0h/SemXFMwmU5K3ULgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyMzhaFw0yNjA3MjQwODA3MzhaMDMxMTAvBgNV
BAMTKDZBMjI2RTJGNjg2NEY0QTdCMzBENjEwMjdBQzVFRUNBMkI4QURGQTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVN18hp68tkc/GtwfLGclpi4wF
Ey+8aW9jEFNjRkx2prklIavlYJmfDLjUWRHOqWyUwg7KBYaXweQJMszJRwvQnEW2
dfdGatP5bLTvUriqVhwGEoYCffZ54hXjXXy8EMZAGVIO1/mZrzzb3Gam0GjvDd2a
NefwsAZf9kkRnNJmBR0shykjzBPyI1I9CMAdSRQ6L6bI2cmyQyxXeEq+BNYMSpcc
KKURiJC/O9/Qpb2/M4ATIR99Cy3yd0E0F/KzoaEgn37iUpA9C7JU9U3+VzITLCcY
5R5CU/G0gtUhBh8hILY9fuRN3j46zEJTWBk5nMLo53ctUpBPuxCQvFnLXK8zAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUaiJuL2hk9KezDWECesXuyiuK36IwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0ODQ4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQPKMA0GCSqGSIb3DQEBCwUAA4IBAQAWw0XaFGlwbKNbhO53aLoz2UxDXBaSiGhS
wxZ1xDG+QepckmWZy4eEBcIeLFO/IwHAF03nNOTOpdAvqBGCJZM3x8Jf8AACe6MW
6RUFca6CNruRM+y4WoM4VM8NjKGO+Di7zADHwWUtoAPtEUgyWsqFkoUZY05Ter/m
XWuUaQ6fKHyEVkch/1uKnZBShkow0IcHi/IKikD4MTlyCcNPnqX22RoopoF/qCgA
AoYGpYziiyo6o98DO+4K1tDk9RCqrPVXGcroF8UrM0KM+oMUQUTnEORxwXXtFfSI
6CB+CZbLkRVV1dwYqFIzqWr/zCaNQ4C+eM+KBFI+rF7St2domR3O
-----END CERTIFICATE-----