Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214310.roa
File:                     AS214310.roa (raw, json)
Hash identifier:          oVlZAVRfKJsTHciMBMboCnD5W2TIjU9/0cvuehdSwNk=
Subject key identifier:   9E:1A:3C:D5:EE:B7:84:4B:B0:7B:68:FE:66:AE:79:F1:22:5F:7A:67
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       231F8E42ADEA48CCCE68F938A94FE43CE18A35B2
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214310.roa
Signing time:             Thu 09 Oct 2025 19:07:56 +0000
ROA not before:           Thu 09 Oct 2025 19:02:56 +0000
ROA not after:            Thu 08 Oct 2026 19:07:56 +0000
asID:                     214310
IP address blocks:        2a0f:85c1:891::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:1f:8e:42:ad:ea:48:cc:ce:68:f9:38:a9:4f:e4:3c:e1:8a:35:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Oct  9 19:02:56 2025 GMT
            Not After : Oct  8 19:07:56 2026 GMT
        Subject: CN=9E1A3CD5EEB7844BB07B68FE66AE79F1225F7A67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:f8:bf:41:f9:d7:1a:cf:ab:98:6a:b7:5d:04:
                    2d:16:4f:44:86:35:e1:26:14:ee:c1:9a:80:e5:24:
                    88:e9:66:fe:0a:7a:ad:91:1e:f3:c4:e2:19:27:6c:
                    41:ef:10:17:bc:bf:e0:00:bc:ad:a0:f1:8a:7c:8c:
                    98:b3:96:ba:db:09:1e:29:e4:ef:f6:73:d4:b9:d9:
                    8d:7a:15:94:b6:58:23:fc:60:8a:30:9c:ba:9c:9e:
                    10:68:75:6b:fd:df:03:d8:df:35:fd:0d:c9:da:d7:
                    db:f5:77:8a:47:d5:f0:fa:bd:c4:3e:19:ea:23:07:
                    ed:9d:b8:2e:88:e1:c7:eb:f9:80:d9:4c:48:6b:29:
                    13:9d:fe:23:89:1a:65:a7:c0:23:a4:3a:37:ad:a7:
                    37:3f:22:ea:10:1e:4f:4e:90:95:b3:09:db:5b:5b:
                    79:7a:7e:62:d0:8b:79:7a:4e:9e:58:42:b6:8f:41:
                    14:96:c9:14:6c:f5:02:ae:97:94:68:8b:c2:58:a3:
                    d9:e3:7b:af:54:62:2a:21:44:cd:5c:f2:f8:bd:61:
                    1a:7b:15:ff:75:e9:58:5e:ee:db:90:2e:37:16:71:
                    d2:05:e7:7a:77:9e:0f:d4:eb:33:b0:ac:42:a5:b7:
                    12:25:1e:79:78:e8:19:fc:03:44:9f:95:df:99:d0:
                    ba:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:1A:3C:D5:EE:B7:84:4B:B0:7B:68:FE:66:AE:79:F1:22:5F:7A:67
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214310.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:891::/48

    Signature Algorithm: sha256WithRSAEncryption
         d6:bc:3a:12:e7:c5:fd:e7:3c:de:6a:17:03:e5:5e:f0:f4:4b:
         5a:75:47:bf:65:19:05:57:c7:74:9d:90:20:11:25:3c:36:17:
         4c:06:f2:34:16:a1:f3:e1:cb:51:a2:13:a5:b9:c2:21:b1:8b:
         04:c2:24:44:63:47:6d:9f:b8:97:ea:c8:15:25:48:48:b5:3e:
         c7:5e:61:50:15:84:53:16:54:9f:73:35:4f:01:f5:cf:82:1c:
         0f:f3:ef:aa:89:54:cf:03:65:5d:ae:7f:35:4e:33:60:1b:f1:
         34:6b:2e:9b:0a:8d:0c:97:47:7d:e0:9b:46:3b:c9:d2:20:cc:
         51:1d:89:a6:ca:aa:2b:c9:0a:da:42:9a:07:bd:5a:d1:c8:08:
         9d:28:d2:1e:e8:77:5c:ce:f3:47:3c:3d:1a:30:bd:cd:fa:a1:
         b2:5e:12:99:32:32:31:0c:22:70:57:29:e6:cd:de:d1:1e:56:
         77:8b:ec:2a:a8:ef:8e:fe:a0:c5:f4:d0:07:68:22:49:25:59:
         d6:8b:58:64:4c:54:77:1f:d6:2f:51:1c:86:55:eb:bc:18:45:
         3d:ab:07:77:a6:d4:58:4f:43:57:7e:48:4c:fa:e5:d7:61:03:
         02:d2:a4:71:0e:77:36:ab:b7:d5:2b:65:3e:8b:96:6e:9e:c2:
         64:06:7d:7a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUIx+OQq3qSMzOaPk4qU/kPOGKNbIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTEwMDkxOTAyNTZaFw0yNjEwMDgxOTA3NTZaMDMxMTAvBgNV
BAMTKDlFMUEzQ0Q1RUVCNzg0NEJCMDdCNjhGRTY2QUU3OUYxMjI1RjdBNjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDj+L9B+dcaz6uYarddBC0WT0SG
NeEmFO7BmoDlJIjpZv4Keq2RHvPE4hknbEHvEBe8v+AAvK2g8Yp8jJizlrrbCR4p
5O/2c9S52Y16FZS2WCP8YIownLqcnhBodWv93wPY3zX9Dcna19v1d4pH1fD6vcQ+
GeojB+2duC6I4cfr+YDZTEhrKROd/iOJGmWnwCOkOjetpzc/IuoQHk9OkJWzCdtb
W3l6fmLQi3l6Tp5YQraPQRSWyRRs9QKul5Roi8JYo9nje69UYiohRM1c8vi9YRp7
Ff916Vhe7tuQLjcWcdIF53p3ng/U6zOwrEKltxIlHnl46Bn8A0Sfld+Z0LoDAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUnho81e63hEuwe2j+Zq558SJfemcwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0MzEwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQiRMA0GCSqGSIb3DQEBCwUAA4IBAQDWvDoS58X95zzeahcD5V7w9EtadUe/ZRkF
V8d0nZAgESU8NhdMBvI0FqHz4ctRohOlucIhsYsEwiREY0dtn7iX6sgVJUhItT7H
XmFQFYRTFlSfczVPAfXPghwP8++qiVTPA2Vdrn81TjNgG/E0ay6bCo0Ml0d94JtG
O8nSIMxRHYmmyqoryQraQpoHvVrRyAidKNIe6HdczvNHPD0aML3N+qGyXhKZMjIx
DCJwVynmzd7RHlZ3i+wqqO+O/qDF9NAHaCJJJVnWi1hkTFR3H9YvURyGVeu8GEU9
qwd3ptRYT0NXfkhM+uXXYQMC0qRxDnc2q7fVK2U+i5ZunsJkBn16
-----END CERTIFICATE-----