Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214510.roa
File:                     AS214510.roa (raw, json)
Hash identifier:          X51c9N2m/49T85r/oAteTg2e+PNOOJTG6riveJaHYO8=
Subject key identifier:   5C:23:E7:CF:C7:7C:44:B8:8C:8D:A7:58:6B:32:DD:33:B6:F7:99:52
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       12AFFF2D0A61F9675B3D39F35270F9A2A451564B
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214510.roa
Signing time:             Tue 19 Aug 2025 05:07:49 +0000
ROA not before:           Tue 19 Aug 2025 05:02:49 +0000
ROA not after:            Tue 18 Aug 2026 05:07:49 +0000
asID:                     214510
IP address blocks:        2a0f:85c1:3f9::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:af:ff:2d:0a:61:f9:67:5b:3d:39:f3:52:70:f9:a2:a4:51:56:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 19 05:02:49 2025 GMT
            Not After : Aug 18 05:07:49 2026 GMT
        Subject: CN=5C23E7CFC77C44B88C8DA7586B32DD33B6F79952
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:15:95:84:e1:e3:17:8d:ef:9b:54:e2:aa:55:
                    7f:4a:49:f2:5e:d0:f4:e2:f1:d1:9a:3c:ce:84:b8:
                    4e:de:d5:ab:9f:d7:e5:d1:11:66:94:c3:af:2a:01:
                    d7:9e:2a:2a:56:d7:ba:d7:f7:88:07:0e:da:82:4f:
                    99:94:40:c3:22:26:94:37:c3:ff:7e:98:e8:a3:9e:
                    84:12:17:91:b9:29:d0:ce:60:88:74:9d:b1:b6:4e:
                    70:bd:05:1b:04:1d:a1:8f:cb:13:30:be:76:ba:08:
                    f4:cb:c2:ef:9e:10:30:c4:82:fb:45:11:1a:c3:39:
                    1d:b8:f9:ee:2a:89:93:ca:1a:5a:82:2b:e5:e1:9b:
                    46:61:7d:c5:37:d5:ad:0b:fe:3e:c2:ff:7e:a1:2d:
                    5b:a0:3c:9a:9c:6b:17:8f:f2:18:01:64:3f:4f:d7:
                    ca:03:ab:8e:c9:56:1e:c8:68:48:1c:f9:4f:81:ed:
                    23:d0:e1:ed:a4:1b:42:7f:75:5b:98:7d:c4:2f:e6:
                    64:08:d2:e1:17:d3:81:54:97:76:03:4e:2a:85:73:
                    2d:61:f8:d9:f6:1f:1f:f4:f1:37:a2:d0:c6:7f:28:
                    bc:0e:ad:eb:36:f4:3d:3c:ce:53:8a:04:e4:8b:97:
                    77:84:38:47:3e:b0:cf:da:f7:45:f3:0d:af:02:02:
                    be:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:23:E7:CF:C7:7C:44:B8:8C:8D:A7:58:6B:32:DD:33:B6:F7:99:52
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214510.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3f9::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:20:c4:e3:51:d8:1e:a3:84:98:97:91:71:6b:af:11:25:d8:
         9a:6d:95:41:9a:b0:bf:80:e9:25:45:f3:97:b5:4a:b2:22:40:
         9b:b5:dd:35:06:33:8a:2d:c0:c4:e0:33:22:db:52:26:78:c8:
         de:bb:db:0c:cd:a2:49:21:8b:79:0a:3a:95:0c:3e:a4:ae:d9:
         b6:6a:b5:69:30:9a:2f:7a:04:06:0a:49:ac:cb:23:1d:e2:42:
         e6:a1:ba:69:37:41:10:99:76:69:d2:c7:b5:e2:e8:0a:25:0c:
         9e:d3:01:7c:f4:13:38:ba:94:e8:d0:4c:c3:0f:65:8c:e5:9f:
         8f:5a:d4:e8:94:59:6b:5e:a9:08:c3:53:6b:6b:da:c1:52:70:
         f1:fa:03:ce:ab:9f:eb:6f:1b:c3:3f:fe:25:a8:43:f1:ac:03:
         93:f3:72:e1:c3:dd:7c:db:68:b9:fd:3a:a6:83:21:b3:f8:ab:
         56:3f:30:fd:4d:01:b8:f3:e0:bb:78:fe:44:f9:8e:eb:96:71:
         18:a4:34:ad:14:b3:31:6e:72:86:bf:03:6d:8d:3f:1d:1a:09:
         cc:22:8e:0c:d6:54:f8:1e:b1:82:3f:d1:2a:41:47:a7:3e:9b:
         42:2b:ff:11:a2:13:5f:8a:8e:0f:bb:d4:78:e9:8d:b2:19:d5:
         bc:66:09:a9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUEq//LQph+WdbPTnzUnD5oqRRVkswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA4MTkwNTAyNDlaFw0yNjA4MTgwNTA3NDlaMDMxMTAvBgNV
BAMTKDVDMjNFN0NGQzc3QzQ0Qjg4QzhEQTc1ODZCMzJERDMzQjZGNzk5NTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOFZWE4eMXje+bVOKqVX9KSfJe
0PTi8dGaPM6EuE7e1auf1+XREWaUw68qAdeeKipW17rX94gHDtqCT5mUQMMiJpQ3
w/9+mOijnoQSF5G5KdDOYIh0nbG2TnC9BRsEHaGPyxMwvna6CPTLwu+eEDDEgvtF
ERrDOR24+e4qiZPKGlqCK+Xhm0ZhfcU31a0L/j7C/36hLVugPJqcaxeP8hgBZD9P
18oDq47JVh7IaEgc+U+B7SPQ4e2kG0J/dVuYfcQv5mQI0uEX04FUl3YDTiqFcy1h
+Nn2Hx/08Tei0MZ/KLwOres29D08zlOKBOSLl3eEOEc+sM/a90XzDa8CAr5bAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUXCPnz8d8RLiMjadYazLdM7b3mVIwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NTEwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQP5MA0GCSqGSIb3DQEBCwUAA4IBAQAZIMTjUdgeo4SYl5Fxa68RJdiabZVBmrC/
gOklRfOXtUqyIkCbtd01BjOKLcDE4DMi21ImeMjeu9sMzaJJIYt5CjqVDD6krtm2
arVpMJovegQGCkmsyyMd4kLmobppN0EQmXZp0se14ugKJQye0wF89BM4upTo0EzD
D2WM5Z+PWtTolFlrXqkIw1Nra9rBUnDx+gPOq5/rbxvDP/4lqEPxrAOT83Lhw918
22i5/TqmgyGz+KtWPzD9TQG48+C7eP5E+Y7rlnEYpDStFLMxbnKGvwNtjT8dGgnM
Io4M1lT4HrGCP9EqQUenPptCK/8RohNfio4Pu9R46Y2yGdW8Zgmp
-----END CERTIFICATE-----