Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214984.roa
File:                     AS214984.roa (raw, json)
Hash identifier:          SssX1xUMgV3U7/nTiNovlcnBTw7POPMclXOtQm49UtY=
Subject key identifier:   0E:4A:C0:67:81:97:48:DC:47:5F:02:AD:57:34:70:18:EA:53:45:72
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       2EACB02FE535EB74D27CA3DB74D58FA64317DC0B
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214984.roa
Signing time:             Fri 25 Jul 2025 08:07:41 +0000
ROA not before:           Fri 25 Jul 2025 08:02:41 +0000
ROA not after:            Fri 24 Jul 2026 08:07:41 +0000
asID:                     214984
IP address blocks:        2a0f:85c1:3d2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 08:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:ac:b0:2f:e5:35:eb:74:d2:7c:a3:db:74:d5:8f:a6:43:17:dc:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:41 2025 GMT
            Not After : Jul 24 08:07:41 2026 GMT
        Subject: CN=0E4AC067819748DC475F02AD57347018EA534572
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:4c:9e:0e:0b:58:1a:a1:fd:bf:39:da:02:b4:
                    ca:ba:33:c0:fc:88:33:a5:2e:7f:64:33:6c:63:1c:
                    3a:ca:42:32:1e:7e:32:52:53:62:27:8c:f6:ee:26:
                    01:88:b1:c6:2f:37:09:65:ed:88:c6:af:c0:69:9a:
                    40:bd:38:c6:98:69:f7:7d:43:3f:72:d4:30:bd:77:
                    ca:c9:99:d9:48:e0:5f:84:c4:38:fe:5e:66:5d:3b:
                    ac:89:af:58:67:df:00:08:a6:a5:23:a4:12:c8:60:
                    6c:1d:4d:f1:bf:bf:b3:80:d3:27:b9:bf:0a:cf:26:
                    e4:ae:a8:95:93:b3:17:67:f9:f6:e4:e4:20:4b:5a:
                    0f:2c:db:53:92:64:52:0f:99:9e:c5:57:74:08:0b:
                    64:00:7f:e9:fc:8d:6e:60:fb:78:96:3b:4a:84:9e:
                    3b:e1:9c:1a:2c:07:14:80:17:b9:8b:76:9b:b7:99:
                    29:29:e8:86:68:3a:4d:68:36:c3:d5:c2:66:fe:8e:
                    d2:37:65:82:46:28:83:ff:96:cb:5c:79:59:21:96:
                    d4:ce:2f:6e:4e:e6:86:ed:b0:8a:48:11:5b:4a:ee:
                    f5:19:7d:4d:c2:79:9a:20:fb:44:fb:02:79:3a:31:
                    c5:eb:15:ae:c6:8e:23:58:77:f7:0e:dd:1a:04:59:
                    2c:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:4A:C0:67:81:97:48:DC:47:5F:02:AD:57:34:70:18:EA:53:45:72
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214984.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3d2::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:70:19:f1:61:8d:c4:05:bb:85:d5:71:5a:01:7b:38:35:93:
         46:ad:ac:c8:dc:7a:4c:7c:bf:ca:14:d7:b6:94:df:04:da:5d:
         39:55:ef:a2:a5:68:0d:a0:09:d4:48:75:81:e2:9e:77:c5:79:
         fb:82:0f:7b:5d:6d:f4:73:f9:00:f9:23:73:05:7c:1f:a2:c5:
         85:1d:49:af:5e:d9:49:03:9a:d2:32:30:89:10:aa:4b:e6:e5:
         4b:e4:b9:7b:10:92:65:f4:81:7e:52:6e:9c:39:d4:82:d5:12:
         92:16:21:29:e3:04:4d:8f:6a:de:d2:3b:17:13:bd:01:45:9a:
         54:b6:c3:36:50:11:4b:bd:b5:42:f7:b7:86:27:2c:ce:eb:e5:
         3e:5c:3b:7c:a0:f4:4e:3b:4e:7a:49:e5:4e:72:4e:75:c1:f8:
         54:d3:d5:74:11:31:17:b8:9c:37:1d:3f:79:38:de:f3:3c:9c:
         93:2f:18:a1:15:88:1c:78:c3:b8:07:46:79:53:5d:45:6b:ac:
         e6:a1:12:3b:c6:65:64:ae:0f:55:28:45:34:41:5c:26:24:a2:
         ec:a4:ab:27:22:b0:4b:d3:c6:91:bb:0b:31:57:86:ff:c3:80:
         da:96:da:01:ec:9f:a6:b9:6c:33:18:d9:7e:ec:38:dd:aa:ef:
         1b:f1:69:52
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIULqywL+U163TSfKPbdNWPpkMX3AswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyNDFaFw0yNjA3MjQwODA3NDFaMDMxMTAvBgNV
BAMTKDBFNEFDMDY3ODE5NzQ4REM0NzVGMDJBRDU3MzQ3MDE4RUE1MzQ1NzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcTJ4OC1gaof2/OdoCtMq6M8D8
iDOlLn9kM2xjHDrKQjIefjJSU2InjPbuJgGIscYvNwll7YjGr8BpmkC9OMaYafd9
Qz9y1DC9d8rJmdlI4F+ExDj+XmZdO6yJr1hn3wAIpqUjpBLIYGwdTfG/v7OA0ye5
vwrPJuSuqJWTsxdn+fbk5CBLWg8s21OSZFIPmZ7FV3QIC2QAf+n8jW5g+3iWO0qE
njvhnBosBxSAF7mLdpu3mSkp6IZoOk1oNsPVwmb+jtI3ZYJGKIP/lstceVkhltTO
L25O5obtsIpIEVtK7vUZfU3CeZog+0T7Ank6McXrFa7GjiNYd/cO3RoEWSzXAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUDkrAZ4GXSNxHXwKtVzRwGOpTRXIwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0OTg0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQPSMA0GCSqGSIb3DQEBCwUAA4IBAQB6cBnxYY3EBbuF1XFaAXs4NZNGrazI3HpM
fL/KFNe2lN8E2l05Ve+ipWgNoAnUSHWB4p53xXn7gg97XW30c/kA+SNzBXwfosWF
HUmvXtlJA5rSMjCJEKpL5uVL5Ll7EJJl9IF+Um6cOdSC1RKSFiEp4wRNj2re0jsX
E70BRZpUtsM2UBFLvbVC97eGJyzO6+U+XDt8oPROO056SeVOck51wfhU09V0ETEX
uJw3HT95ON7zPJyTLxihFYgceMO4B0Z5U11Fa6zmoRI7xmVkrg9VKEU0QVwmJKLs
pKsnIrBL08aRuwsxV4b/w4DaltoB7J+muWwzGNl+7Djdqu8b8WlS
-----END CERTIFICATE-----