Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214610.roa
File:                     AS214610.roa (raw, json)
Hash identifier:          TcwGT8vBLT/ou5rBHi5ba9OGPwki/9zxpJYWVHoVazo=
Subject key identifier:   FE:70:86:6D:B3:08:D6:68:AF:F4:DB:6D:60:41:EC:BA:B0:DC:9F:CA
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       6253088FA82107828D23092D42B8A8CF0498AED5
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214610.roa
Signing time:             Mon 18 Aug 2025 20:55:37 +0000
ROA not before:           Mon 18 Aug 2025 20:50:37 +0000
ROA not after:            Mon 17 Aug 2026 20:55:37 +0000
asID:                     214610
IP address blocks:        2a0f:85c1:ca0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:53:08:8f:a8:21:07:82:8d:23:09:2d:42:b8:a8:cf:04:98:ae:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 18 20:50:37 2025 GMT
            Not After : Aug 17 20:55:37 2026 GMT
        Subject: CN=FE70866DB308D668AFF4DB6D6041ECBAB0DC9FCA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:86:5c:fb:d2:4e:5f:60:30:0e:7c:03:03:81:
                    54:a3:a7:74:fd:6f:ab:79:af:cf:06:82:02:57:b8:
                    d9:6a:7c:a0:99:0a:d9:1e:54:91:04:55:17:bd:b5:
                    9c:e7:9d:9e:f6:95:6a:32:f5:fd:0f:6b:73:f1:2a:
                    a4:45:6e:78:f1:9e:25:87:ed:2f:57:2d:a8:b7:26:
                    4b:84:6e:12:78:af:d6:7d:8b:a6:75:0e:51:d2:2e:
                    8f:38:7e:60:cd:16:b5:22:ef:19:c2:d4:d3:ae:6d:
                    b1:8c:87:a7:1e:d7:12:c8:7c:c8:03:54:80:55:29:
                    51:18:a5:40:6f:1e:aa:4f:c5:ab:eb:f3:8f:e9:ec:
                    06:93:7b:ad:bf:d5:51:08:d8:d2:25:a8:48:82:a9:
                    a0:5c:f4:b5:07:11:b1:b6:0b:fe:b1:cf:e2:d2:16:
                    4e:99:fc:fe:17:3c:40:3f:01:41:b5:af:b4:b8:49:
                    c8:42:60:c9:a6:9e:d9:d8:98:16:09:9c:c7:28:3c:
                    21:a5:29:3b:5d:30:1f:5f:e9:3c:5e:df:5c:c2:c1:
                    d5:6c:69:22:56:04:f2:44:ad:3d:d8:81:c7:5b:6b:
                    87:05:c3:46:ba:bb:a4:71:c5:b7:5b:50:1a:b4:68:
                    fc:31:8d:6e:27:21:fd:2b:a1:d0:87:c0:c4:81:d3:
                    a3:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:70:86:6D:B3:08:D6:68:AF:F4:DB:6D:60:41:EC:BA:B0:DC:9F:CA
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214610.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:ca0::/44

    Signature Algorithm: sha256WithRSAEncryption
         da:53:6e:4a:b4:0d:65:9e:ec:65:28:26:97:b7:0e:f7:a8:5d:
         1f:22:b6:ce:7a:7b:13:7f:08:d4:ee:6c:ce:0e:41:f2:cd:a0:
         52:e4:a8:ba:20:b3:84:25:dd:f8:85:42:f5:32:50:8f:28:26:
         14:0f:d4:0f:d1:a1:3c:d3:48:37:de:14:04:05:0b:f4:c9:c5:
         a8:36:2f:ba:b6:63:0c:38:93:ec:93:3a:93:77:da:e9:93:6e:
         1e:38:54:c7:f9:a7:c0:03:a5:af:1f:f5:d1:59:a7:e7:bd:8d:
         3a:dd:d4:29:1e:2e:5e:7c:ec:bd:2f:9c:fb:ca:64:1d:06:ba:
         e1:60:f2:ca:3a:f9:6a:9e:71:3e:ad:49:5d:42:45:27:59:d3:
         00:1f:fd:c9:e8:26:27:96:4a:7b:c0:14:71:62:a2:c3:bf:db:
         62:65:6d:0d:e2:46:71:7b:26:dc:2c:59:6c:95:2c:d0:bd:3e:
         32:ae:a2:32:e2:7c:e5:78:ec:bf:74:06:30:75:08:27:0f:4d:
         06:a0:62:6c:a1:82:3b:d7:0b:49:b5:73:e5:cd:be:69:d1:58:
         36:bc:03:12:a5:bf:8f:15:e8:73:b4:58:78:a9:23:aa:46:8b:
         fd:d7:ed:03:2c:fc:aa:a9:4e:f1:96:d6:df:ba:65:4e:4f:d4:
         aa:bf:7a:de
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUYlMIj6ghB4KNIwktQriozwSYrtUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA4MTgyMDUwMzdaFw0yNjA4MTcyMDU1MzdaMDMxMTAvBgNV
BAMTKEZFNzA4NjZEQjMwOEQ2NjhBRkY0REI2RDYwNDFFQ0JBQjBEQzlGQ0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2hlz70k5fYDAOfAMDgVSjp3T9
b6t5r88GggJXuNlqfKCZCtkeVJEEVRe9tZznnZ72lWoy9f0Pa3PxKqRFbnjxniWH
7S9XLai3JkuEbhJ4r9Z9i6Z1DlHSLo84fmDNFrUi7xnC1NOubbGMh6ce1xLIfMgD
VIBVKVEYpUBvHqpPxavr84/p7AaTe62/1VEI2NIlqEiCqaBc9LUHEbG2C/6xz+LS
Fk6Z/P4XPEA/AUG1r7S4SchCYMmmntnYmBYJnMcoPCGlKTtdMB9f6Txe31zCwdVs
aSJWBPJErT3Ygcdba4cFw0a6u6RxxbdbUBq0aPwxjW4nIf0rodCHwMSB06M1AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU/nCGbbMI1miv9NttYEHsurDcn8owHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NjEwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg+F
wQygMA0GCSqGSIb3DQEBCwUAA4IBAQDaU25KtA1lnuxlKCaXtw73qF0fIrbOensT
fwjU7mzODkHyzaBS5Ki6ILOEJd34hUL1MlCPKCYUD9QP0aE800g33hQEBQv0ycWo
Ni+6tmMMOJPskzqTd9rpk24eOFTH+afAA6WvH/XRWafnvY063dQpHi5efOy9L5z7
ymQdBrrhYPLKOvlqnnE+rUldQkUnWdMAH/3J6CYnlkp7wBRxYqLDv9tiZW0N4kZx
eybcLFlslSzQvT4yrqIy4nzleOy/dAYwdQgnD00GoGJsoYI71wtJtXPlzb5p0Vg2
vAMSpb+PFehztFh4qSOqRov91+0DLPyqqU7xltbfumVOT9Sqv3re
-----END CERTIFICATE-----