Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214372.roa
File:                     AS214372.roa (raw, json)
Hash identifier:          nr15eM1WGwVAdUOBEY0GmeIakpJYSYEyBbSbpko2gww=
Subject key identifier:   43:01:BC:FF:F2:F2:85:DB:D8:EB:22:2F:9F:FA:47:F1:39:3A:B3:CD
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       44AFE702D9EE11FEB1405B0CC8845BA5AA3D463C
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214372.roa
Signing time:             Tue 19 Aug 2025 05:07:49 +0000
ROA not before:           Tue 19 Aug 2025 05:02:49 +0000
ROA not after:            Tue 18 Aug 2026 05:07:49 +0000
asID:                     214372
IP address blocks:        2a0f:85c1:884::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:af:e7:02:d9:ee:11:fe:b1:40:5b:0c:c8:84:5b:a5:aa:3d:46:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 19 05:02:49 2025 GMT
            Not After : Aug 18 05:07:49 2026 GMT
        Subject: CN=4301BCFFF2F285DBD8EB222F9FFA47F1393AB3CD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:93:51:72:1c:72:45:9d:f1:5a:e7:8a:29:c8:
                    02:ea:62:6e:38:cd:0f:2c:d9:04:4e:6e:0f:cc:43:
                    c7:da:99:d6:ee:56:73:e1:85:7e:b8:f8:ff:32:7f:
                    5d:c9:82:d0:c9:20:93:74:40:19:c5:27:d1:2a:ff:
                    6b:2c:20:fd:80:3c:66:f6:fe:ac:4d:e3:86:a6:f5:
                    ba:46:32:a1:26:6b:59:ed:4c:77:df:9a:e7:fa:66:
                    72:ab:67:2a:d6:a0:4a:e6:6c:a2:88:f4:6b:92:79:
                    88:81:62:55:f6:1a:50:cf:65:df:54:f1:17:45:d0:
                    1e:55:61:3a:08:26:de:c4:af:67:52:ed:68:00:89:
                    61:ca:69:9e:42:4c:da:43:9a:fb:92:da:66:79:62:
                    f1:a3:db:50:c3:38:03:11:bc:5e:a1:8e:73:0d:71:
                    06:6d:23:ef:74:3e:1a:fa:32:6a:e6:58:f1:90:91:
                    eb:53:cd:c5:1d:d4:e9:00:79:f5:0a:5b:a7:a7:0e:
                    91:43:c2:5f:39:e3:92:bb:9c:88:e4:43:7b:29:46:
                    f2:44:b2:cc:51:88:b6:92:1f:48:8b:14:59:24:e9:
                    34:fc:0c:b1:14:89:dd:34:6e:8a:7a:30:d4:ad:39:
                    89:bf:9a:4e:4c:23:de:dc:2e:e8:80:72:e3:b6:77:
                    37:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:01:BC:FF:F2:F2:85:DB:D8:EB:22:2F:9F:FA:47:F1:39:3A:B3:CD
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214372.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:884::/48

    Signature Algorithm: sha256WithRSAEncryption
         5a:4f:a4:da:93:8e:42:e7:4d:6b:48:85:f3:3c:74:1d:ce:d2:
         d4:47:8c:96:8e:b9:63:7d:f0:19:01:d7:e0:67:7f:f6:68:da:
         c5:93:02:52:53:55:89:07:f5:b1:d5:5b:9f:47:15:f4:4b:71:
         d2:b4:89:41:60:5b:cc:95:fe:be:a3:3e:59:d6:4a:f6:7b:fe:
         ad:5e:51:73:41:bb:b6:e4:65:c3:dc:e3:50:96:98:a9:8d:a4:
         96:c6:17:39:c7:85:78:b5:61:aa:e0:b1:f6:7e:24:75:df:ca:
         53:2c:ce:a1:45:2e:41:ef:b6:fe:fd:56:47:4b:dc:70:a1:73:
         64:cd:e9:03:66:e0:0e:00:d3:26:cf:bc:7a:f6:b1:ea:4d:e1:
         91:34:de:a9:c8:4e:a0:12:c7:e6:b8:6e:07:4f:1f:d1:6a:10:
         dd:df:d8:21:a9:97:b9:9b:80:db:49:e7:a0:48:82:44:bd:2c:
         9c:0a:41:4f:fc:ff:64:00:92:33:09:1d:1b:2c:35:07:6c:9c:
         2c:c3:44:a0:d7:f5:cd:20:c8:75:94:cc:e1:38:9a:36:64:24:
         47:23:1a:dc:ae:ca:43:9c:e1:be:97:f1:0d:4a:42:ce:04:13:
         50:6c:2f:ef:96:31:da:4f:b8:54:0c:20:bd:20:0c:ea:e9:a4:
         78:e2:8a:11
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIURK/nAtnuEf6xQFsMyIRbpao9RjwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA4MTkwNTAyNDlaFw0yNjA4MTgwNTA3NDlaMDMxMTAvBgNV
BAMTKDQzMDFCQ0ZGRjJGMjg1REJEOEVCMjIyRjlGRkE0N0YxMzkzQUIzQ0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGk1FyHHJFnfFa54opyALqYm44
zQ8s2QRObg/MQ8famdbuVnPhhX64+P8yf13JgtDJIJN0QBnFJ9Eq/2ssIP2APGb2
/qxN44am9bpGMqEma1ntTHffmuf6ZnKrZyrWoErmbKKI9GuSeYiBYlX2GlDPZd9U
8RdF0B5VYToIJt7Er2dS7WgAiWHKaZ5CTNpDmvuS2mZ5YvGj21DDOAMRvF6hjnMN
cQZtI+90Phr6MmrmWPGQketTzcUd1OkAefUKW6enDpFDwl8545K7nIjkQ3spRvJE
ssxRiLaSH0iLFFkk6TT8DLEUid00bop6MNStOYm/mk5MI97cLuiAcuO2dzehAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUQwG8//LyhdvY6yIvn/pH8Tk6s80wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0MzcyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQiEMA0GCSqGSIb3DQEBCwUAA4IBAQBaT6Tak45C501rSIXzPHQdztLUR4yWjrlj
ffAZAdfgZ3/2aNrFkwJSU1WJB/Wx1VufRxX0S3HStIlBYFvMlf6+oz5Z1kr2e/6t
XlFzQbu25GXD3ONQlpipjaSWxhc5x4V4tWGq4LH2fiR138pTLM6hRS5B77b+/VZH
S9xwoXNkzekDZuAOANMmz7x69rHqTeGRNN6pyE6gEsfmuG4HTx/RahDd39ghqZe5
m4DbSeegSIJEvSycCkFP/P9kAJIzCR0bLDUHbJwsw0Sg1/XNIMh1lMzhOJo2ZCRH
IxrcrspDnOG+l/ENSkLOBBNQbC/vljHaT7hUDCC9IAzq6aR44ooR
-----END CERTIFICATE-----
Generated at Sat Aug 23 15:57:05 2025 by rpki-client