Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS214528.roa
File:                     AS214528.roa (raw, json)
Hash identifier:          3giT04V1LKX1yS3iMctrVaUlektKZNdCWI0IevTjEaI=
Subject key identifier:   09:05:91:43:4D:1A:16:48:60:8F:F0:71:B3:A4:9B:AF:D6:DE:CF:9C
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       71B57482369A6DC48FC96E5D3709236726A5AA10
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS214528.roa
Signing time:             Tue 10 Jun 2025 06:15:44 +0000
ROA not before:           Tue 10 Jun 2025 06:10:44 +0000
ROA not after:            Tue 09 Jun 2026 06:15:44 +0000
asID:                     214528
IP address blocks:        92.249.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:b5:74:82:36:9a:6d:c4:8f:c9:6e:5d:37:09:23:67:26:a5:aa:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Jun 10 06:10:44 2025 GMT
            Not After : Jun  9 06:15:44 2026 GMT
        Subject: CN=090591434D1A1648608FF071B3A49BAFD6DECF9C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:f1:9b:9c:35:d5:35:80:ba:fb:d9:6f:c9:41:
                    f3:8a:81:72:1c:4a:59:85:ef:cf:bf:cf:ba:0a:07:
                    02:35:b0:95:34:2b:b5:6e:a2:e3:af:5b:5e:5c:88:
                    ab:5d:50:54:6f:07:71:50:eb:bf:c1:4f:e5:e2:81:
                    59:e8:9b:5a:88:b5:e1:75:91:c5:ce:67:df:5c:a7:
                    54:64:9e:9d:90:a1:3d:71:0a:d5:9b:23:2b:c4:1a:
                    61:09:2f:ad:79:60:fd:84:70:8b:b5:bf:5f:5c:4b:
                    63:cf:da:30:52:61:f1:6e:b6:3e:51:43:bd:d3:8d:
                    07:e6:c4:5c:7a:89:b5:69:42:aa:21:1a:36:a5:eb:
                    bf:74:4a:1d:5e:a8:c8:75:77:71:fd:0d:e9:94:ff:
                    aa:46:d6:b7:ce:e5:e4:69:3a:ed:70:f3:97:0a:ed:
                    eb:21:70:2e:e7:99:7c:68:dc:f0:3e:7c:8b:00:6b:
                    eb:a6:a7:cd:92:52:45:26:cf:18:be:9d:b9:d4:1c:
                    ed:18:23:0d:90:5f:43:8c:db:c1:b8:de:b2:91:11:
                    5b:55:30:0c:65:3d:d3:0f:f2:6f:f9:98:63:4e:97:
                    31:24:e4:e4:09:3b:d6:a7:f2:0b:ac:d4:87:e0:02:
                    d4:01:68:32:8d:ff:c8:34:48:fd:e1:b6:83:1b:cf:
                    bd:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:05:91:43:4D:1A:16:48:60:8F:F0:71:B3:A4:9B:AF:D6:DE:CF:9C
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS214528.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.249.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:24:be:5a:b3:05:a5:ef:9c:fd:9d:f4:1b:4c:1c:02:10:1b:
         35:0c:bb:d5:8d:71:f2:a4:a4:aa:88:01:da:35:80:79:bd:3c:
         f2:0f:79:05:22:a6:02:ff:f7:4b:e9:be:fc:9c:59:68:6f:f9:
         dc:62:ec:1f:e1:ff:16:f4:1b:ce:48:87:d0:df:6b:9a:6c:c4:
         2a:50:26:a2:1f:14:94:c4:b3:8f:f1:51:bc:38:3b:ea:9b:d5:
         c4:52:a5:9d:5e:07:c1:b1:21:65:18:39:b6:9a:73:ba:93:30:
         6d:b5:1d:b1:7b:98:0b:e6:ce:cc:e8:d1:89:7c:42:89:72:de:
         04:77:d1:98:8f:dd:14:af:7b:d6:25:03:b3:c7:e4:67:19:c0:
         fe:89:a4:63:a4:e0:d7:3b:ff:50:7f:2d:31:37:98:ff:71:c2:
         34:c8:f6:86:eb:3a:eb:70:00:19:59:b9:2e:5d:8b:df:95:ef:
         2d:cd:b3:6b:86:7e:36:ae:2e:12:c0:67:62:b5:f1:9f:8f:36:
         f0:ac:42:50:c1:20:18:7a:61:fa:3d:40:b0:1e:d3:7e:a1:10:
         d2:76:85:f0:33:ae:c8:ee:10:a4:48:a6:b8:dc:f2:9f:92:bc:
         c0:8f:dc:df:c7:0c:1f:13:5c:82:a4:9f:8b:2d:81:99:bf:91:
         91:cb:b4:4d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUcbV0gjaabcSPyW5dNwkjZyalqhAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTA2MTAwNjEwNDRaFw0yNjA2MDkwNjE1NDRaMDMxMTAvBgNV
BAMTKDA5MDU5MTQzNEQxQTE2NDg2MDhGRjA3MUIzQTQ5QkFGRDZERUNGOUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCb8ZucNdU1gLr72W/JQfOKgXIc
SlmF78+/z7oKBwI1sJU0K7VuouOvW15ciKtdUFRvB3FQ67/BT+XigVnom1qIteF1
kcXOZ99cp1Rknp2QoT1xCtWbIyvEGmEJL615YP2EcIu1v19cS2PP2jBSYfFutj5R
Q73TjQfmxFx6ibVpQqohGjal6790Sh1eqMh1d3H9DemU/6pG1rfO5eRpOu1w85cK
7eshcC7nmXxo3PA+fIsAa+ump82SUkUmzxi+nbnUHO0YIw2QX0OM28G43rKREVtV
MAxlPdMP8m/5mGNOlzEk5OQJO9an8gus1IfgAtQBaDKN/8g0SP3htoMbz72BAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUCQWRQ00aFkhgj/Bxs6Sbr9bez5wwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjE0NTI4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXPk8
MA0GCSqGSIb3DQEBCwUAA4IBAQCLJL5aswWl75z9nfQbTBwCEBs1DLvVjXHypKSq
iAHaNYB5vTzyD3kFIqYC//dL6b78nFlob/ncYuwf4f8W9BvOSIfQ32uabMQqUCai
HxSUxLOP8VG8ODvqm9XEUqWdXgfBsSFlGDm2mnO6kzBttR2xe5gL5s7M6NGJfEKJ
ct4Ed9GYj90Ur3vWJQOzx+RnGcD+iaRjpODXO/9Qfy0xN5j/ccI0yPaG6zrrcAAZ
WbkuXYvfle8tzbNrhn42ri4SwGditfGfjzbwrEJQwSAYemH6PUCwHtN+oRDSdoXw
M67I7hCkSKa43PKfkrzAj9zfxwwfE1yCpJ+LLYGZv5GRy7RN
-----END CERTIFICATE-----