Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214533.roa
File:                     AS214533.roa (raw, json)
Hash identifier:          vDd+D9Q2xDzglj5ZQ3+REJQzC6qxs2svyl+kAgp3IUc=
Subject key identifier:   2A:58:4F:89:0C:09:FC:94:96:1E:9F:E4:5D:F2:24:AB:03:0D:D7:5C
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       011854FD96574A52B4E4B736CBB8A40E97694FF3
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214533.roa
Signing time:             Tue 19 Aug 2025 05:07:49 +0000
ROA not before:           Tue 19 Aug 2025 05:02:49 +0000
ROA not after:            Tue 18 Aug 2026 05:07:49 +0000
asID:                     214533
IP address blocks:        2a0f:85c1:836::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:18:54:fd:96:57:4a:52:b4:e4:b7:36:cb:b8:a4:0e:97:69:4f:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 19 05:02:49 2025 GMT
            Not After : Aug 18 05:07:49 2026 GMT
        Subject: CN=2A584F890C09FC94961E9FE45DF224AB030DD75C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:e7:aa:94:7e:f1:36:67:b2:5c:51:25:a1:d6:
                    36:7c:02:6b:45:55:be:8b:d7:cb:4d:51:ec:03:aa:
                    f9:b2:eb:23:25:4c:f4:70:33:ea:a2:4a:01:cb:22:
                    3f:88:da:01:a8:24:e0:51:f3:d4:fd:8e:98:e9:eb:
                    a7:0b:8e:99:cc:5d:48:9f:12:d8:5c:cf:e9:45:1e:
                    34:5c:ae:04:f3:10:a0:2b:dc:23:91:da:41:af:0e:
                    ca:0f:2d:03:20:f4:24:8e:c6:40:17:3e:fc:25:ea:
                    46:46:7a:50:06:1f:c5:a3:38:b4:b8:5a:40:29:ee:
                    0a:5a:d7:66:9b:b6:ef:4d:44:3c:74:b8:d5:03:7f:
                    c2:fd:0e:d0:64:97:5e:59:8f:9b:ff:b5:ee:6f:9f:
                    88:0c:e7:31:7d:d8:74:fa:11:07:77:e1:ba:2c:15:
                    78:4e:22:8f:64:6d:9f:d7:4e:16:98:ec:32:69:65:
                    13:1c:e6:ab:ee:25:b3:94:73:ae:ac:c5:16:a9:36:
                    d3:9e:a8:ab:14:63:ad:22:aa:65:42:11:96:e9:a4:
                    48:6e:5f:1c:78:a2:4d:5c:0f:55:45:23:83:f4:cd:
                    7a:60:ca:3f:bb:ee:ff:12:4c:a0:60:4b:55:30:5c:
                    ed:33:2f:a5:e2:8e:df:79:64:67:12:06:94:a4:69:
                    7e:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:58:4F:89:0C:09:FC:94:96:1E:9F:E4:5D:F2:24:AB:03:0D:D7:5C
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214533.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:836::/48

    Signature Algorithm: sha256WithRSAEncryption
         72:9f:e2:d6:83:1f:a8:8c:e0:25:25:33:82:00:7b:be:a3:ca:
         fe:d5:43:2e:33:fa:5e:23:6c:ee:96:70:8b:7c:cd:ea:ad:fe:
         08:37:db:e9:67:75:75:93:45:81:82:ca:a8:57:9d:d7:5a:13:
         b7:78:a0:01:3e:d9:2e:a3:e3:b6:fe:0b:67:be:a3:fe:73:8c:
         ec:01:1a:75:64:39:11:bf:00:fc:f2:92:3f:a0:14:eb:e0:c3:
         28:80:50:9c:a0:3e:ee:e4:ac:8b:83:27:14:7c:93:5b:f3:7d:
         ee:c4:af:d4:4b:c4:83:9d:72:3c:5b:23:6b:e8:3b:75:9f:54:
         4b:0b:cf:00:f9:bf:11:0a:af:dd:c9:d1:d4:95:2e:f8:72:62:
         72:46:78:ba:bc:79:6b:bb:79:8f:47:ef:61:38:32:c6:11:08:
         35:8d:95:2f:db:6c:d0:72:17:36:cd:35:e0:22:a9:0c:b7:29:
         9a:07:fd:6a:5b:ed:be:46:38:a3:12:d8:f1:98:b2:ae:13:73:
         6f:61:84:cc:fe:9e:fe:18:8a:10:89:c6:95:b9:cd:d1:6f:c5:
         f8:42:c2:e5:1b:0e:1b:87:af:63:01:16:be:30:4a:13:a7:6a:
         a1:48:a8:73:28:85:04:d4:1a:9f:cc:07:5e:7d:63:09:e9:a6:
         b7:d9:3b:fb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUARhU/ZZXSlK05Lc2y7ikDpdpT/MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA4MTkwNTAyNDlaFw0yNjA4MTgwNTA3NDlaMDMxMTAvBgNV
BAMTKDJBNTg0Rjg5MEMwOUZDOTQ5NjFFOUZFNDVERjIyNEFCMDMwREQ3NUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ56qUfvE2Z7JcUSWh1jZ8AmtF
Vb6L18tNUewDqvmy6yMlTPRwM+qiSgHLIj+I2gGoJOBR89T9jpjp66cLjpnMXUif
Ethcz+lFHjRcrgTzEKAr3COR2kGvDsoPLQMg9CSOxkAXPvwl6kZGelAGH8WjOLS4
WkAp7gpa12abtu9NRDx0uNUDf8L9DtBkl15Zj5v/te5vn4gM5zF92HT6EQd34bos
FXhOIo9kbZ/XThaY7DJpZRMc5qvuJbOUc66sxRapNtOeqKsUY60iqmVCEZbppEhu
Xxx4ok1cD1VFI4P0zXpgyj+77v8STKBgS1UwXO0zL6Xijt95ZGcSBpSkaX5bAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUKlhPiQwJ/JSWHp/kXfIkqwMN11wwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NTMzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQg2MA0GCSqGSIb3DQEBCwUAA4IBAQByn+LWgx+ojOAlJTOCAHu+o8r+1UMuM/pe
I2zulnCLfM3qrf4IN9vpZ3V1k0WBgsqoV53XWhO3eKABPtkuo+O2/gtnvqP+c4zs
ARp1ZDkRvwD88pI/oBTr4MMogFCcoD7u5KyLgycUfJNb833uxK/US8SDnXI8WyNr
6Dt1n1RLC88A+b8RCq/dydHUlS74cmJyRni6vHlru3mPR+9hODLGEQg1jZUv22zQ
chc2zTXgIqkMtymaB/1qW+2+RjijEtjxmLKuE3NvYYTM/p7+GIoQicaVuc3Rb8X4
QsLlGw4bh69jARa+MEoTp2qhSKhzKIUE1BqfzAdefWMJ6aa32Tv7
-----END CERTIFICATE-----