Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214677.roa
File:                     AS214677.roa (raw, json)
Hash identifier:          ydHSN+Q+aVoTXTy390d3NvVpmLTQYK8AHJVxymiQNOk=
Subject key identifier:   E9:CE:07:7B:93:71:5E:1C:A6:C4:A5:91:33:ED:BA:CB:42:1C:66:22
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       2EA871A7C11423D2FDB2F3E4162A0BD31A6834C0
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214677.roa
Signing time:             Sun 27 Apr 2025 00:01:59 +0000
ROA not before:           Sat 26 Apr 2025 23:56:59 +0000
ROA not after:            Sun 26 Apr 2026 00:01:59 +0000
asID:                     214677
IP address blocks:        92.112.124.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:18:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:a8:71:a7:c1:14:23:d2:fd:b2:f3:e4:16:2a:0b:d3:1a:68:34:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Apr 26 23:56:59 2025 GMT
            Not After : Apr 26 00:01:59 2026 GMT
        Subject: CN=E9CE077B93715E1CA6C4A59133EDBACB421C6622
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:8e:c1:c0:d8:90:a8:b0:aa:bb:ea:26:b8:c2:
                    ad:99:86:e9:03:93:42:93:96:45:6e:41:45:40:5c:
                    4e:9a:37:03:04:00:40:07:3c:8b:29:30:c7:61:ec:
                    a3:dd:ff:d1:4f:e0:fc:1b:b9:34:2b:30:b7:1f:a2:
                    2e:56:16:e5:f1:2f:66:1e:e3:c6:f8:46:21:ed:93:
                    c4:f2:72:07:32:f3:80:95:ae:53:db:5f:c4:92:eb:
                    40:b7:67:2d:09:1d:56:05:f7:09:7f:06:a6:90:cb:
                    66:e6:fe:a7:e0:50:0b:db:f1:d1:e3:b3:c4:0c:18:
                    af:c0:ff:0e:89:e4:2e:67:eb:32:70:47:43:02:b2:
                    ca:d3:aa:9f:0b:a3:1b:53:82:e8:bf:7d:87:e7:20:
                    2f:80:62:9c:e3:c2:22:fe:59:d7:e1:be:cf:3d:66:
                    ae:04:fa:0f:22:7c:bd:36:89:09:77:1b:5f:b8:d8:
                    9b:7b:c2:67:85:28:47:8f:4f:04:28:f6:24:b6:63:
                    6f:c8:b4:f2:af:f9:c0:fa:fc:ac:ba:49:f8:70:30:
                    84:3b:c5:07:f0:9a:b9:71:07:08:20:7c:8a:f5:85:
                    b1:54:90:17:20:b6:bc:61:2b:b5:cd:b6:3c:a6:89:
                    fe:d9:5b:a7:33:6c:c2:f7:95:3c:1f:ee:9d:13:59:
                    9c:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:CE:07:7B:93:71:5E:1C:A6:C4:A5:91:33:ED:BA:CB:42:1C:66:22
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214677.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.112.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         79:0e:2c:98:0c:fc:59:5e:68:31:3b:33:a4:b7:99:a9:6b:b4:
         ff:5d:4a:c1:97:95:16:ab:16:b3:68:b1:c9:ac:eb:58:3c:4e:
         a9:2a:78:6d:23:ee:e1:74:fd:2b:de:e7:f9:b6:39:e0:b0:db:
         49:26:04:bf:f1:94:e0:4b:e4:90:5d:f8:c7:50:4f:5c:22:9b:
         e2:b9:f4:24:f9:e7:0b:e5:77:e5:6e:46:02:49:ae:43:2a:b5:
         a1:42:53:14:03:d6:b0:89:7c:57:6c:4d:d4:ab:88:a9:ce:0d:
         e2:4d:d1:49:41:79:09:ed:a2:46:67:52:5b:c3:de:2d:b8:de:
         5a:01:8c:58:79:15:2f:37:88:57:09:fb:37:01:cd:c1:46:96:
         37:7c:59:b7:99:98:12:3a:03:e0:df:e8:38:4a:04:ed:78:37:
         44:0d:57:c9:0b:4b:cc:06:20:e6:a2:35:ef:1c:4c:a0:33:73:
         d2:ab:4c:76:c7:95:f0:4d:b6:f2:93:f2:5a:2b:07:a3:53:33:
         91:45:8f:ea:34:f2:15:87:f9:fe:c7:0e:73:79:1f:4e:60:11:
         94:1f:1b:20:13:6c:0b:6f:d1:dc:48:69:19:33:8e:81:93:83:
         6b:44:e5:85:5f:86:57:b1:cd:4d:c7:a7:33:86:7f:7d:a2:5c:
         31:3f:eb:c3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIULqhxp8EUI9L9svPkFioL0xpoNMAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA0MjYyMzU2NTlaFw0yNjA0MjYwMDAxNTlaMDMxMTAvBgNV
BAMTKEU5Q0UwNzdCOTM3MTVFMUNBNkM0QTU5MTMzRURCQUNCNDIxQzY2MjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxjsHA2JCosKq76ia4wq2ZhukD
k0KTlkVuQUVAXE6aNwMEAEAHPIspMMdh7KPd/9FP4PwbuTQrMLcfoi5WFuXxL2Ye
48b4RiHtk8Tycgcy84CVrlPbX8SS60C3Zy0JHVYF9wl/BqaQy2bm/qfgUAvb8dHj
s8QMGK/A/w6J5C5n6zJwR0MCssrTqp8LoxtTgui/fYfnIC+AYpzjwiL+Wdfhvs89
Zq4E+g8ifL02iQl3G1+42Jt7wmeFKEePTwQo9iS2Y2/ItPKv+cD6/Ky6SfhwMIQ7
xQfwmrlxBwggfIr1hbFUkBcgtrxhK7XNtjymif7ZW6czbML3lTwf7p0TWZxHAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU6c4He5NxXhymxKWRM+26y0IcZiIwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE0Njc3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXHB8
MA0GCSqGSIb3DQEBCwUAA4IBAQB5DiyYDPxZXmgxOzOkt5mpa7T/XUrBl5UWqxaz
aLHJrOtYPE6pKnhtI+7hdP0r3uf5tjngsNtJJgS/8ZTgS+SQXfjHUE9cIpviufQk
+ecL5XflbkYCSa5DKrWhQlMUA9awiXxXbE3Uq4ipzg3iTdFJQXkJ7aJGZ1Jbw94t
uN5aAYxYeRUvN4hXCfs3Ac3BRpY3fFm3mZgSOgPg3+g4SgTteDdEDVfJC0vMBiDm
ojXvHEygM3PSq0x2x5XwTbbyk/JaKwejUzORRY/qNPIVh/n+xw5zeR9OYBGUHxsg
E2wLb9HcSGkZM46Bk4NrROWFX4ZXsc1Nx6czhn99olwxP+vD
-----END CERTIFICATE-----