Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214179.roa
File:                     AS214179.roa (raw, json)
Hash identifier:          sLst+Rqgq9vKASXDY1N93/xLDn8ql+S9KkuuZGFCcXI=
Subject key identifier:   2F:46:B2:AE:F4:B5:52:1F:A0:49:94:56:AA:B4:52:27:86:5F:D7:C5
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       5B4C786C4E4E50AC45E542253B2199A8407EAAE1
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214179.roa
Signing time:             Wed 17 Sep 2025 03:07:53 +0000
ROA not before:           Wed 17 Sep 2025 03:02:53 +0000
ROA not after:            Wed 16 Sep 2026 03:07:53 +0000
asID:                     214179
IP address blocks:        2a0f:85c1:896::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:4c:78:6c:4e:4e:50:ac:45:e5:42:25:3b:21:99:a8:40:7e:aa:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Sep 17 03:02:53 2025 GMT
            Not After : Sep 16 03:07:53 2026 GMT
        Subject: CN=2F46B2AEF4B5521FA0499456AAB45227865FD7C5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:94:98:1a:e3:42:80:75:94:b0:17:36:e3:c3:
                    9f:9e:0e:60:cf:cd:bc:e9:98:d4:c6:27:d7:52:c7:
                    1b:68:44:01:3b:4e:eb:f3:f0:7f:7b:a6:d0:f9:d4:
                    05:d7:e5:27:41:08:8f:b1:1b:e4:10:d7:3c:9f:6b:
                    5a:ba:bd:d5:fb:0b:3e:40:da:fe:27:1c:a4:7c:5e:
                    15:f2:d7:eb:d4:e8:c8:04:7e:56:51:7a:46:06:59:
                    22:37:c3:2b:f1:a2:6c:8b:b4:16:f1:8d:2f:54:0e:
                    0a:82:35:f2:d2:37:84:9c:cc:ea:aa:87:45:d4:b9:
                    c9:27:9c:ab:2a:4c:f9:67:e8:16:77:68:64:15:78:
                    28:8c:62:44:f1:e8:1c:86:4c:4c:9c:bb:46:6e:e6:
                    95:52:5a:0a:f1:e9:ba:fb:bf:0f:9c:81:f3:5c:0a:
                    76:dc:05:6a:5d:c1:96:11:ad:e4:83:f0:19:69:b6:
                    ab:5a:71:93:3d:df:b7:43:d3:10:c7:2c:33:4a:6b:
                    2b:0e:4a:3e:db:91:03:ad:5f:e3:36:40:85:55:69:
                    2a:b1:c7:02:82:61:e6:08:e2:f1:5b:47:39:4f:74:
                    28:3a:5e:6d:e8:39:9f:4c:48:f2:ff:ca:a9:d6:03:
                    a5:1e:02:41:c1:96:94:b0:c2:dd:c8:cb:0b:6a:62:
                    fd:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:46:B2:AE:F4:B5:52:1F:A0:49:94:56:AA:B4:52:27:86:5F:D7:C5
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214179.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:896::/48

    Signature Algorithm: sha256WithRSAEncryption
         69:b7:27:7f:3a:c1:b7:23:85:86:36:e1:b5:ba:e0:ee:65:1f:
         0b:66:97:5b:87:b2:24:eb:46:f3:8d:bb:46:cb:35:37:63:22:
         91:74:bc:64:d7:04:cc:a4:74:7d:0f:e6:11:b9:5a:b5:62:44:
         c0:9c:fc:1a:38:a9:45:48:5f:c2:1d:3a:af:4f:0a:4e:6c:75:
         48:96:44:d5:75:7c:74:4d:75:88:66:c9:d7:78:7a:e0:e7:89:
         45:ae:58:b9:cf:45:40:6b:05:40:1f:49:b4:e0:c6:4a:56:69:
         3a:6e:79:cb:3f:eb:02:f6:83:5f:26:3d:51:9e:3d:16:ee:0b:
         3e:35:b3:39:70:27:17:5b:0b:ab:18:80:73:19:7e:d7:55:49:
         25:dd:97:69:f5:c4:ae:96:88:c9:97:4b:0b:2d:5e:03:4d:de:
         22:68:2f:0e:b4:ec:55:80:91:70:50:0c:52:11:5f:d3:90:af:
         e5:6a:fa:fc:3d:91:b5:42:aa:52:aa:59:10:4b:af:f1:fc:9c:
         68:02:28:90:d8:40:82:bb:44:29:a7:23:a2:4a:8a:0e:a0:b6:
         8e:c3:06:b8:89:5b:68:0b:bc:5f:3c:7e:c6:4d:45:06:a0:74:
         20:03:d1:4a:c0:3e:69:cc:10:1a:81:1b:fd:a8:37:a6:38:4a:
         75:65:3b:22
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUW0x4bE5OUKxF5UIlOyGZqEB+quEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA5MTcwMzAyNTNaFw0yNjA5MTYwMzA3NTNaMDMxMTAvBgNV
BAMTKDJGNDZCMkFFRjRCNTUyMUZBMDQ5OTQ1NkFBQjQ1MjI3ODY1RkQ3QzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHlJga40KAdZSwFzbjw5+eDmDP
zbzpmNTGJ9dSxxtoRAE7Tuvz8H97ptD51AXX5SdBCI+xG+QQ1zyfa1q6vdX7Cz5A
2v4nHKR8XhXy1+vU6MgEflZRekYGWSI3wyvxomyLtBbxjS9UDgqCNfLSN4SczOqq
h0XUucknnKsqTPln6BZ3aGQVeCiMYkTx6ByGTEycu0Zu5pVSWgrx6br7vw+cgfNc
CnbcBWpdwZYRreSD8BlptqtacZM937dD0xDHLDNKaysOSj7bkQOtX+M2QIVVaSqx
xwKCYeYI4vFbRzlPdCg6Xm3oOZ9MSPL/yqnWA6UeAkHBlpSwwt3IywtqYv3vAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUL0ayrvS1Uh+gSZRWqrRSJ4Zf18UwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0MTc5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQiWMA0GCSqGSIb3DQEBCwUAA4IBAQBptyd/OsG3I4WGNuG1uuDuZR8LZpdbh7Ik
60bzjbtGyzU3YyKRdLxk1wTMpHR9D+YRuVq1YkTAnPwaOKlFSF/CHTqvTwpObHVI
lkTVdXx0TXWIZsnXeHrg54lFrli5z0VAawVAH0m04MZKVmk6bnnLP+sC9oNfJj1R
nj0W7gs+NbM5cCcXWwurGIBzGX7XVUkl3Zdp9cSulojJl0sLLV4DTd4iaC8OtOxV
gJFwUAxSEV/TkK/lavr8PZG1QqpSqlkQS6/x/JxoAiiQ2ECCu0QppyOiSooOoLaO
wwa4iVtoC7xfPH7GTUUGoHQgA9FKwD5pzBAagRv9qDemOEp1ZTsi
-----END CERTIFICATE-----