Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214936.roa
File:                     AS214936.roa (raw, json)
Hash identifier:          ljyDRB+FHL87nOndp0ZX5msW1PwoWKRkA1cxb4mcXaw=
Subject key identifier:   58:6C:43:91:6B:49:18:B9:9E:77:01:DE:82:3E:B9:45:0B:E2:A5:EC
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       24076C937D9841D4AF40FD834E91CC3B7F399469
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214936.roa
Signing time:             Fri 25 Jul 2025 08:07:39 +0000
ROA not before:           Fri 25 Jul 2025 08:02:39 +0000
ROA not after:            Fri 24 Jul 2026 08:07:39 +0000
asID:                     214936
IP address blocks:        2a0f:85c1:3dc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 08:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:07:6c:93:7d:98:41:d4:af:40:fd:83:4e:91:cc:3b:7f:39:94:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:39 2025 GMT
            Not After : Jul 24 08:07:39 2026 GMT
        Subject: CN=586C43916B4918B99E7701DE823EB9450BE2A5EC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:c7:81:22:d1:54:f3:1d:89:09:a2:94:44:f2:
                    2a:08:0e:c2:f8:37:0c:40:4e:a9:4c:ae:a4:f2:93:
                    4d:34:5b:95:07:6b:b4:bc:62:76:e3:a0:6e:4c:67:
                    27:b5:d5:a5:a6:db:07:f1:1e:09:db:6f:69:cf:f1:
                    35:fa:c6:18:fa:d9:4e:39:45:8b:4b:e1:24:b0:dd:
                    2a:c6:6e:a5:7e:53:e4:ac:7e:21:12:e4:a7:b2:b6:
                    e3:d7:75:5c:f9:9e:08:d8:ed:76:dc:7a:d7:81:5f:
                    93:4a:15:53:c4:ec:f7:71:97:d2:c6:a8:08:d6:98:
                    4c:9b:d0:77:24:ea:10:f8:25:33:e4:a2:ff:fc:b5:
                    0d:c8:26:84:96:e2:ec:29:ff:d8:9f:9b:9f:40:43:
                    18:77:5a:9f:e1:68:d6:0f:c1:eb:1f:ea:c6:39:6c:
                    33:ce:d5:54:c0:b7:f7:36:b0:f3:43:b2:9a:cf:f5:
                    e4:18:44:5a:fb:a8:f7:76:45:2b:5a:ca:4a:4f:15:
                    47:04:a9:c2:3f:ce:3b:f5:c2:c2:f7:73:60:46:66:
                    a7:30:a8:a4:8b:95:cf:10:98:8b:7c:b2:67:20:21:
                    cc:b5:e6:52:dc:5a:4a:c4:d8:fb:15:a3:6e:da:ca:
                    7f:ac:df:5d:74:43:89:ab:f4:23:9b:0d:4e:6c:f9:
                    78:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:6C:43:91:6B:49:18:B9:9E:77:01:DE:82:3E:B9:45:0B:E2:A5:EC
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214936.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3dc::/48

    Signature Algorithm: sha256WithRSAEncryption
         92:18:89:65:78:80:78:27:c2:a9:03:da:dc:03:e5:96:5f:c8:
         b7:47:a5:0c:7b:ae:fa:94:6f:ff:7a:fd:1e:c9:a4:5e:21:d3:
         71:6f:78:ea:db:11:72:c2:b7:c4:15:52:72:7b:aa:03:f0:08:
         34:48:3a:01:ac:0d:5b:d2:b6:0f:ea:e0:0c:b7:9f:28:7c:17:
         93:7f:62:64:e5:c5:e1:2d:0b:a3:40:fc:09:a7:c9:87:e4:3a:
         93:5e:ba:39:0c:2e:12:d5:1e:03:16:11:ef:f8:d0:a8:c6:bd:
         b4:b1:01:9b:e8:fa:86:8d:e5:ed:50:96:01:61:e3:f9:84:03:
         d4:c1:77:91:9a:82:77:fc:9c:d2:60:75:33:70:f8:2b:74:4a:
         d9:e1:7b:e4:ba:78:42:55:89:73:6b:fb:72:bd:41:d5:ba:44:
         45:2b:72:d0:c0:79:66:fd:b8:7e:8a:65:88:ba:e9:0f:29:3c:
         9b:4b:7c:6e:6b:64:61:8a:88:e4:15:1f:d7:d9:a8:66:38:2c:
         16:16:5f:94:f2:a1:df:56:7f:fc:ec:00:fb:5e:a8:9e:89:36:
         a2:86:fc:e2:34:7f:f9:1a:96:39:4c:9b:f1:c4:cc:f6:dd:9f:
         3e:68:65:b8:72:3b:29:45:c7:d9:50:4a:fd:74:e9:a3:7b:b1:
         62:69:9e:80
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUJAdsk32YQdSvQP2DTpHMO385lGkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyMzlaFw0yNjA3MjQwODA3MzlaMDMxMTAvBgNV
BAMTKDU4NkM0MzkxNkI0OTE4Qjk5RTc3MDFERTgyM0VCOTQ1MEJFMkE1RUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvx4Ei0VTzHYkJopRE8ioIDsL4
NwxATqlMrqTyk000W5UHa7S8YnbjoG5MZye11aWm2wfxHgnbb2nP8TX6xhj62U45
RYtL4SSw3SrGbqV+U+SsfiES5KeytuPXdVz5ngjY7XbceteBX5NKFVPE7Pdxl9LG
qAjWmEyb0Hck6hD4JTPkov/8tQ3IJoSW4uwp/9ifm59AQxh3Wp/haNYPwesf6sY5
bDPO1VTAt/c2sPNDsprP9eQYRFr7qPd2RStaykpPFUcEqcI/zjv1wsL3c2BGZqcw
qKSLlc8QmIt8smcgIcy15lLcWkrE2PsVo27ayn+s3110Q4mr9CObDU5s+Xj3AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUWGxDkWtJGLmedwHegj65RQvipewwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0OTM2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQPcMA0GCSqGSIb3DQEBCwUAA4IBAQCSGIlleIB4J8KpA9rcA+WWX8i3R6UMe676
lG//ev0eyaReIdNxb3jq2xFywrfEFVJye6oD8Ag0SDoBrA1b0rYP6uAMt58ofBeT
f2Jk5cXhLQujQPwJp8mH5DqTXro5DC4S1R4DFhHv+NCoxr20sQGb6PqGjeXtUJYB
YeP5hAPUwXeRmoJ3/JzSYHUzcPgrdErZ4XvkunhCVYlza/tyvUHVukRFK3LQwHlm
/bh+imWIuukPKTybS3xua2RhiojkFR/X2ahmOCwWFl+U8qHfVn/87AD7XqieiTai
hvziNH/5GpY5TJvxxMz23Z8+aGW4cjspRcfZUEr9dOmje7FiaZ6A
-----END CERTIFICATE-----