Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214882.roa
File:                     AS214882.roa (raw, json)
Hash identifier:          aN/RBvFWZPgXnaAP5gLV2dgo3ATegcv/9bxI8cv1iH8=
Subject key identifier:   D5:B5:4C:CB:A1:03:B3:BA:01:3C:A6:3E:8D:82:E3:8F:2B:92:19:59
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       5F7B0A00FB28C39EC6658B310967E3B369207434
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214882.roa
Signing time:             Fri 25 Jul 2025 08:07:36 +0000
ROA not before:           Fri 25 Jul 2025 08:02:36 +0000
ROA not after:            Fri 24 Jul 2026 08:07:36 +0000
asID:                     214882
IP address blocks:        2a0f:85c1:3da::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 08:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:7b:0a:00:fb:28:c3:9e:c6:65:8b:31:09:67:e3:b3:69:20:74:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:36 2025 GMT
            Not After : Jul 24 08:07:36 2026 GMT
        Subject: CN=D5B54CCBA103B3BA013CA63E8D82E38F2B921959
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:91:ba:ef:4d:61:95:3d:58:40:ee:09:cb:9b:
                    35:ef:cf:bd:99:38:a4:aa:ac:ca:9f:b6:d6:d9:25:
                    18:22:f7:af:a1:87:97:14:d1:44:39:c1:20:43:1c:
                    0f:e7:6f:c5:1b:00:29:0d:e6:60:86:fd:4c:86:70:
                    8a:ac:ae:1f:a5:8a:dd:be:5d:a6:0c:e3:e4:42:4b:
                    ca:59:5f:89:e1:8c:19:4e:4b:8a:ed:02:dc:be:28:
                    13:72:d5:16:79:e4:24:29:c6:10:f4:2f:34:e8:65:
                    5d:9e:5f:22:c0:d8:3e:0b:8d:52:70:97:5b:85:c4:
                    25:d2:09:16:1f:2a:a7:44:20:db:6e:97:dc:fe:5f:
                    f5:aa:8b:e9:fb:3e:42:46:6b:0c:95:ea:9e:85:f9:
                    f3:af:63:fe:68:7c:f9:7a:b7:83:3b:61:2d:7b:23:
                    c3:e3:52:18:b7:df:39:69:73:61:aa:30:4d:f2:9a:
                    57:d3:49:8a:d3:57:f3:87:2c:89:9a:b8:58:76:22:
                    1a:b8:58:e0:4c:10:e8:57:95:91:9c:3b:ae:17:e4:
                    9b:14:5a:bc:c9:b7:75:f1:95:0b:5b:88:71:a5:6a:
                    33:5b:f7:83:84:ae:7d:b1:49:98:d6:b1:e7:5c:19:
                    76:02:29:09:cd:b2:64:14:e7:7c:47:14:b0:4e:47:
                    52:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:B5:4C:CB:A1:03:B3:BA:01:3C:A6:3E:8D:82:E3:8F:2B:92:19:59
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214882.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3da::/48

    Signature Algorithm: sha256WithRSAEncryption
         79:a0:59:fd:95:63:cd:be:1a:95:0f:10:bf:b3:0b:5c:78:e9:
         69:69:d9:db:f4:5d:d3:d2:c6:0a:9d:d7:e3:a3:9c:7f:e4:91:
         61:a6:74:de:86:c1:e0:15:24:9b:dd:f0:53:82:06:77:4f:ee:
         8e:f8:6a:6e:08:30:fe:db:c5:d7:f1:4d:c3:9c:4d:1c:fa:7b:
         69:a2:70:25:05:6a:99:72:ea:e1:d4:73:33:53:ef:d5:1c:be:
         03:3a:f3:ea:98:f7:6b:04:cb:84:b0:a3:e7:97:e9:49:f8:6c:
         51:31:bc:36:10:93:79:1a:65:c6:00:16:f3:e7:1e:f5:e9:b4:
         73:c5:1d:9f:d8:da:83:f7:a1:40:47:74:a7:d8:d8:31:99:c9:
         cc:0b:0c:93:5b:87:c7:35:c8:bf:da:f7:29:ac:88:7a:7d:aa:
         6c:6c:67:5e:ce:93:ba:fa:f5:c0:b3:fa:4a:3e:f7:c0:95:bf:
         5e:0d:2c:f5:bb:8c:75:f9:67:a2:5f:25:28:f2:f3:f4:fd:b5:
         ce:03:ce:31:e1:20:30:21:44:d7:39:59:3d:3f:de:82:b6:d4:
         8a:8f:0e:fc:9e:3a:32:76:cc:4a:30:12:90:89:e1:a5:af:3f:
         ad:70:d0:c1:ad:86:59:6c:f9:28:01:93:ab:38:b1:95:d3:9e:
         67:4d:ad:b4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUX3sKAPsow57GZYsxCWfjs2kgdDQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyMzZaFw0yNjA3MjQwODA3MzZaMDMxMTAvBgNV
BAMTKEQ1QjU0Q0NCQTEwM0IzQkEwMTNDQTYzRThEODJFMzhGMkI5MjE5NTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+kbrvTWGVPVhA7gnLmzXvz72Z
OKSqrMqfttbZJRgi96+hh5cU0UQ5wSBDHA/nb8UbACkN5mCG/UyGcIqsrh+lit2+
XaYM4+RCS8pZX4nhjBlOS4rtAty+KBNy1RZ55CQpxhD0LzToZV2eXyLA2D4LjVJw
l1uFxCXSCRYfKqdEINtul9z+X/Wqi+n7PkJGawyV6p6F+fOvY/5ofPl6t4M7YS17
I8PjUhi33zlpc2GqME3ymlfTSYrTV/OHLImauFh2Ihq4WOBMEOhXlZGcO64X5JsU
WrzJt3XxlQtbiHGlajNb94OErn2xSZjWsedcGXYCKQnNsmQU53xHFLBOR1KbAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU1bVMy6EDs7oBPKY+jYLjjyuSGVkwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0ODgyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQPaMA0GCSqGSIb3DQEBCwUAA4IBAQB5oFn9lWPNvhqVDxC/swtceOlpadnb9F3T
0sYKndfjo5x/5JFhpnTehsHgFSSb3fBTggZ3T+6O+GpuCDD+28XX8U3DnE0c+ntp
onAlBWqZcurh1HMzU+/VHL4DOvPqmPdrBMuEsKPnl+lJ+GxRMbw2EJN5GmXGABbz
5x716bRzxR2f2NqD96FAR3Sn2NgxmcnMCwyTW4fHNci/2vcprIh6fapsbGdezpO6
+vXAs/pKPvfAlb9eDSz1u4x1+WeiXyUo8vP0/bXOA84x4SAwIUTXOVk9P96CttSK
jw78njoydsxKMBKQieGlrz+tcNDBrYZZbPkoAZOrOLGV055nTa20
-----END CERTIFICATE-----