Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS216072.roa
File:                     AS216072.roa (raw, json)
Hash identifier:          n47g1zWXjF12B2X0MZnPgp/wzi1P1O3iHZQIXTwtgQ4=
Subject key identifier:   E5:10:E9:F7:C6:E7:FE:B3:3C:4C:2C:51:DE:18:14:CC:9D:27:02:32
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       42A0FBD6AB94DCB135C281ACD122C19B731495D8
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS216072.roa
Signing time:             Sat 26 Apr 2025 02:27:32 +0000
ROA not before:           Sat 26 Apr 2025 02:22:32 +0000
ROA not after:            Sat 25 Apr 2026 02:27:32 +0000
asID:                     216072
IP address blocks:        2a14:7580:fd00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 13:10:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:a0:fb:d6:ab:94:dc:b1:35:c2:81:ac:d1:22:c1:9b:73:14:95:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Apr 26 02:22:32 2025 GMT
            Not After : Apr 25 02:27:32 2026 GMT
        Subject: CN=E510E9F7C6E7FEB33C4C2C51DE1814CC9D270232
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:aa:3d:76:e8:57:72:3c:06:fb:cb:cc:90:38:
                    00:7c:43:87:19:7f:40:16:40:3b:b3:0e:be:dc:e4:
                    2c:1d:d2:5b:1f:48:e4:5f:4a:ae:4b:86:c3:e1:6f:
                    66:06:bf:6b:35:23:29:ff:51:a0:db:1b:12:86:30:
                    1a:66:c7:70:20:05:bd:25:65:b4:e4:bc:27:4c:0a:
                    f5:7c:ce:34:bd:a6:46:ae:3e:60:59:33:bc:5a:3d:
                    d6:20:31:3d:3e:f5:6a:62:8f:8e:d8:53:7c:b2:05:
                    f1:03:d8:59:78:6c:b5:1b:37:80:a9:07:af:8a:2e:
                    92:57:da:44:7e:04:20:e0:bb:b5:73:f2:22:45:d6:
                    ed:28:1c:af:0a:ef:22:8d:c9:fd:44:66:d1:90:c9:
                    a5:70:80:f8:cd:a6:9c:02:59:23:ff:e5:c3:02:b6:
                    32:af:8a:5f:5d:19:86:2e:4a:bc:d4:e4:52:5f:2c:
                    ff:ae:4b:f7:b5:11:40:d6:5a:85:2d:c6:92:b8:f0:
                    a3:7d:3d:f1:07:34:2d:ce:77:aa:c1:84:cd:cf:b0:
                    4d:c0:15:f4:9f:7a:21:86:88:ea:54:7d:9d:e9:64:
                    3b:23:aa:ac:1d:6d:ea:46:47:78:4c:29:50:8e:41:
                    17:f0:12:bf:4e:75:88:c1:73:06:0f:e3:ad:d0:e0:
                    77:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:10:E9:F7:C6:E7:FE:B3:3C:4C:2C:51:DE:18:14:CC:9D:27:02:32
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS216072.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:fd00::/40

    Signature Algorithm: sha256WithRSAEncryption
         7b:62:d1:33:0d:f7:ba:2e:80:0d:2c:f6:60:01:4e:aa:85:bd:
         44:ac:dd:35:98:f7:5c:8c:dc:8d:b8:43:ac:d7:ca:04:c7:7d:
         2a:59:18:ad:32:b6:b8:ee:59:54:cf:f7:ff:cb:9a:f0:5d:f4:
         9f:bc:76:59:a9:58:45:15:46:f9:71:36:b2:68:37:0f:23:7f:
         67:96:ff:e2:24:ce:11:16:53:ae:bc:76:f5:dc:21:db:c7:16:
         93:e7:8b:af:21:60:c5:d8:97:01:9f:64:91:1d:22:ad:cc:2e:
         1e:77:14:d8:a5:3b:04:5f:6a:47:18:22:77:ed:9f:54:04:48:
         70:f6:c4:c5:e3:ac:70:43:b1:6f:92:c8:2d:4f:f6:71:d8:12:
         a1:15:f2:e2:d2:7f:7d:7c:c7:5c:99:55:e3:c8:a2:3c:16:73:
         50:19:7c:bf:b5:4c:c4:fb:bb:33:fc:99:26:cc:7e:12:6a:bd:
         b9:7f:5a:85:aa:dc:c6:0b:07:5b:ae:98:a1:47:1e:41:9d:25:
         cc:99:61:30:09:13:69:03:14:90:f7:31:48:a9:ec:ef:8c:b4:
         e5:09:5a:92:1a:0f:ff:90:0c:d2:ab:65:08:7e:d9:9d:a3:ec:
         41:e1:7a:0c:b0:f2:88:6a:15:7f:59:33:ec:72:d2:16:02:23:
         0a:6a:b9:aa
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUQqD71quU3LE1woGs0SLBm3MUldgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTA0MjYwMjIyMzJaFw0yNjA0MjUwMjI3MzJaMDMxMTAvBgNV
BAMTKEU1MTBFOUY3QzZFN0ZFQjMzQzRDMkM1MURFMTgxNENDOUQyNzAyMzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnqj126FdyPAb7y8yQOAB8Q4cZ
f0AWQDuzDr7c5Cwd0lsfSORfSq5LhsPhb2YGv2s1Iyn/UaDbGxKGMBpmx3AgBb0l
ZbTkvCdMCvV8zjS9pkauPmBZM7xaPdYgMT0+9Wpij47YU3yyBfED2Fl4bLUbN4Cp
B6+KLpJX2kR+BCDgu7Vz8iJF1u0oHK8K7yKNyf1EZtGQyaVwgPjNppwCWSP/5cMC
tjKvil9dGYYuSrzU5FJfLP+uS/e1EUDWWoUtxpK48KN9PfEHNC3Od6rBhM3PsE3A
FfSfeiGGiOpUfZ3pZDsjqqwdbepGR3hMKVCOQRfwEr9OdYjBcwYP463Q4HdbAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQU5RDp98bn/rM8TCxR3hgUzJ0nAjIwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjE2MDcyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhR1
gP0wDQYJKoZIhvcNAQELBQADggEBAHti0TMN97ougA0s9mABTqqFvUSs3TWY91yM
3I24Q6zXygTHfSpZGK0ytrjuWVTP9//LmvBd9J+8dlmpWEUVRvlxNrJoNw8jf2eW
/+IkzhEWU668dvXcIdvHFpPni68hYMXYlwGfZJEdIq3MLh53FNilOwRfakcYInft
n1QESHD2xMXjrHBDsW+SyC1P9nHYEqEV8uLSf318x1yZVePIojwWc1AZfL+1TMT7
uzP8mSbMfhJqvbl/WoWq3MYLB1uumKFHHkGdJcyZYTAJE2kDFJD3MUip7O+MtOUJ
WpIaD/+QDNKrZQh+2Z2j7EHhegyw8ohqFX9ZM+xy0hYCIwpquao=
-----END CERTIFICATE-----