Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS210940.roa
File:                     AS210940.roa (raw, json)
Hash identifier:          bimQZVIYT+gy5QdPIZsmUP9zUI9Kiqu9RfoZGh55N44=
Subject key identifier:   1B:E2:91:64:9B:A5:2A:A0:96:75:3C:6A:12:38:9D:4D:58:E3:51:79
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       7664C772C8F183AABF5D7119C89A3E45E6A5BF41
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS210940.roa
Signing time:             Wed 30 Apr 2025 22:38:06 +0000
ROA not before:           Wed 30 Apr 2025 22:33:06 +0000
ROA not after:            Wed 29 Apr 2026 22:38:06 +0000
asID:                     210940
IP address blocks:        2a14:7580:ff10::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 03:56:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:64:c7:72:c8:f1:83:aa:bf:5d:71:19:c8:9a:3e:45:e6:a5:bf:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Apr 30 22:33:06 2025 GMT
            Not After : Apr 29 22:38:06 2026 GMT
        Subject: CN=1BE291649BA52AA096753C6A12389D4D58E35179
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:6b:ed:f9:10:3a:43:2c:f5:83:6a:0a:1e:c2:
                    a4:0c:18:eb:56:72:ad:32:2a:fa:26:1e:db:a8:b3:
                    6d:c9:3c:d2:10:67:a6:80:50:2c:4b:61:33:10:d6:
                    71:53:5c:95:c7:aa:82:55:5d:26:f6:4f:de:f2:69:
                    f3:13:bf:03:30:90:01:33:a9:8c:f9:e1:17:a6:b5:
                    eb:67:ee:16:3b:e6:0f:80:4b:e2:11:42:de:d2:a3:
                    6e:3e:bd:ff:d4:ba:40:8e:f3:fe:c1:aa:0e:de:e7:
                    09:b3:9c:96:3a:1a:57:a8:82:dd:c5:16:9f:66:f9:
                    22:dd:0c:7c:80:8d:99:d7:aa:24:43:32:7b:a7:43:
                    4f:1a:e4:d8:50:d8:9d:a1:57:38:9a:90:b4:5e:00:
                    77:cb:22:09:22:58:0b:eb:0d:de:10:81:ce:cf:2c:
                    97:66:f9:87:5e:6f:ac:e7:87:b0:0b:3e:37:97:65:
                    19:bd:15:73:34:ac:24:1e:a2:80:9f:0f:50:e2:6d:
                    58:4a:3b:2a:fc:c5:ce:66:21:6a:51:dc:79:15:f1:
                    82:95:d7:34:26:95:59:72:b4:2d:d1:20:75:3f:6b:
                    ec:31:eb:0f:fa:18:a1:8f:56:da:92:ef:09:a0:a7:
                    a7:bc:b0:4b:46:54:03:b4:e1:81:93:0d:95:e5:a8:
                    4a:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:E2:91:64:9B:A5:2A:A0:96:75:3C:6A:12:38:9D:4D:58:E3:51:79
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS210940.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:ff10::/44

    Signature Algorithm: sha256WithRSAEncryption
         31:3f:8d:9c:02:80:7d:79:54:65:ea:8f:6b:96:26:5b:c2:7d:
         ca:e1:0d:7c:de:2f:04:20:01:06:7e:8d:60:44:1b:20:60:40:
         e8:40:77:ff:93:49:af:df:66:16:35:65:d2:6b:54:60:e4:5a:
         44:a5:3e:8e:b9:7e:ec:d1:f2:76:ad:ad:34:39:05:b0:01:17:
         af:71:af:03:2c:68:91:47:0d:25:24:00:8e:fc:14:3f:dd:66:
         a0:06:d9:3e:76:df:10:fd:78:b2:ad:38:f5:9f:86:c3:b8:cc:
         a6:23:84:ef:03:9b:4f:af:ec:16:d8:0e:6a:ea:fe:96:90:95:
         64:86:a6:9d:eb:6e:54:46:b6:89:66:f6:7b:00:6c:ff:c8:5d:
         08:ab:f0:7b:51:ea:03:f5:07:07:59:d7:87:ce:ed:74:2d:37:
         72:95:45:09:98:a4:86:42:64:e5:0a:29:bf:06:96:8c:83:0d:
         20:79:47:78:2f:8c:39:1c:71:16:2b:4b:49:74:5b:da:5f:cf:
         f3:8d:14:26:c8:af:1a:44:d1:85:52:1f:3d:ed:04:d0:7c:11:
         df:08:5f:22:f4:ce:8b:3d:62:f9:d3:82:76:9a:0e:0e:48:52:
         47:40:96:2a:9f:ae:30:02:a5:6e:89:42:60:b9:3c:fc:c3:4e:
         94:03:d7:8b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUdmTHcsjxg6q/XXEZyJo+Realv0EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTA0MzAyMjMzMDZaFw0yNjA0MjkyMjM4MDZaMDMxMTAvBgNV
BAMTKDFCRTI5MTY0OUJBNTJBQTA5Njc1M0M2QTEyMzg5RDRENThFMzUxNzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWa+35EDpDLPWDagoewqQMGOtW
cq0yKvomHtuos23JPNIQZ6aAUCxLYTMQ1nFTXJXHqoJVXSb2T97yafMTvwMwkAEz
qYz54Remtetn7hY75g+AS+IRQt7So24+vf/UukCO8/7Bqg7e5wmznJY6Gleogt3F
Fp9m+SLdDHyAjZnXqiRDMnunQ08a5NhQ2J2hVziakLReAHfLIgkiWAvrDd4Qgc7P
LJdm+Ydeb6znh7ALPjeXZRm9FXM0rCQeooCfD1DibVhKOyr8xc5mIWpR3HkV8YKV
1zQmlVlytC3RIHU/a+wx6w/6GKGPVtqS7wmgp6e8sEtGVAO04YGTDZXlqEo9AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUG+KRZJulKqCWdTxqEjidTVjjUXkwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjEwOTQwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhR1
gP8QMA0GCSqGSIb3DQEBCwUAA4IBAQAxP42cAoB9eVRl6o9rliZbwn3K4Q183i8E
IAEGfo1gRBsgYEDoQHf/k0mv32YWNWXSa1Rg5FpEpT6OuX7s0fJ2ra00OQWwARev
ca8DLGiRRw0lJACO/BQ/3WagBtk+dt8Q/XiyrTj1n4bDuMymI4TvA5tPr+wW2A5q
6v6WkJVkhqad625URraJZvZ7AGz/yF0Iq/B7UeoD9QcHWdeHzu10LTdylUUJmKSG
QmTlCim/BpaMgw0geUd4L4w5HHEWK0tJdFvaX8/zjRQmyK8aRNGFUh897QTQfBHf
CF8i9M6LPWL504J2mg4OSFJHQJYqn64wAqVuiUJguTz8w06UA9eL
-----END CERTIFICATE-----