Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS213650.roa
File:                     AS213650.roa (raw, json)
Hash identifier:          4pJ6phvIO6hzdNGF8MvtUlFm6OHfuxS8WoGZUJ/gsnw=
Subject key identifier:   17:B0:0A:F2:72:71:19:13:14:6C:EE:18:5E:40:5C:9C:90:EE:BB:9E
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       46414EB45E6CEE5BED55EBA482D4B1C03547FBA9
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS213650.roa
Signing time:             Tue 17 Jun 2025 02:57:03 +0000
ROA not before:           Tue 17 Jun 2025 02:52:03 +0000
ROA not after:            Tue 16 Jun 2026 02:57:03 +0000
asID:                     213650
IP address blocks:        2a14:7580:600::/40 maxlen: 48
                          2a14:7581:3200::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 10:55:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:41:4e:b4:5e:6c:ee:5b:ed:55:eb:a4:82:d4:b1:c0:35:47:fb:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Jun 17 02:52:03 2025 GMT
            Not After : Jun 16 02:57:03 2026 GMT
        Subject: CN=17B00AF272711913146CEE185E405C9C90EEBB9E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c0:cb:a1:6f:3d:69:c5:72:49:f9:34:c1:40:
                    3d:df:6c:82:8b:41:bd:81:f7:c2:49:a6:3e:bc:e5:
                    f7:f2:ba:1b:82:e5:49:87:1a:7d:2f:42:89:f7:1f:
                    b7:52:4a:18:b9:53:79:41:dd:88:d4:6f:c1:e8:54:
                    48:97:03:13:f1:37:4b:96:f9:7b:e8:f9:15:4a:b5:
                    80:35:1e:89:92:cb:52:f3:3b:01:b6:d8:d7:77:2d:
                    d0:4b:f0:a6:31:4b:e8:63:4c:95:b9:90:56:7e:d4:
                    a7:9c:cd:a4:f9:bd:b1:73:73:4b:cb:87:a0:08:82:
                    82:d2:6e:4e:40:f8:5d:09:db:10:be:bb:96:14:b5:
                    05:c7:12:c1:e2:67:dc:80:db:c8:4b:3d:1f:04:92:
                    54:60:c0:fb:3e:d9:f2:96:39:7f:98:93:9b:48:9b:
                    ce:be:01:9b:b6:fd:ee:50:83:2c:7d:7a:ad:26:31:
                    81:c9:2b:63:36:8b:ab:2e:51:a5:5e:f0:02:e5:6e:
                    4b:de:cc:c4:aa:54:4f:af:26:5c:d0:e1:0e:e1:a5:
                    2b:f1:22:a5:33:52:06:e1:eb:77:af:01:8f:aa:10:
                    27:5f:e1:85:2b:e4:03:d2:36:84:a4:0b:99:b0:e0:
                    d1:84:6c:e5:fb:77:c7:11:57:4c:45:f2:ab:ea:15:
                    eb:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:B0:0A:F2:72:71:19:13:14:6C:EE:18:5E:40:5C:9C:90:EE:BB:9E
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS213650.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:600::/40
                  2a14:7581:3200::/40

    Signature Algorithm: sha256WithRSAEncryption
         8f:cf:cc:78:48:77:cb:29:46:ca:1d:75:08:ff:9d:3a:61:29:
         94:fa:1e:b4:0a:d9:96:f9:f8:e0:fc:a5:30:ae:a0:73:71:67:
         16:3c:1f:d1:fc:b6:af:09:5f:33:f1:ce:23:0a:ea:d6:ab:d5:
         1c:81:97:59:56:98:71:3c:4c:b0:f7:06:17:15:8d:bc:24:dd:
         60:0e:5c:a0:a7:30:b6:22:11:69:f2:f1:c4:db:82:37:48:54:
         b0:9c:00:52:18:d9:2f:26:23:10:5f:cb:e4:04:bb:81:ae:d4:
         8a:d9:53:70:58:3c:9a:7d:a9:45:58:f8:8e:7d:06:11:5e:41:
         5f:2e:59:c4:b1:05:d5:c5:7a:75:ef:f1:80:e8:06:e1:45:8d:
         8d:84:57:b1:7e:69:f1:3e:e3:e0:41:34:77:95:fc:9c:1d:ea:
         99:2c:2b:ca:eb:aa:55:5a:57:4c:92:ac:2c:03:c6:bb:db:d3:
         cb:62:ec:43:41:50:d2:f5:62:c0:5a:39:00:86:99:a1:c2:cd:
         dc:5e:be:39:c5:fa:05:02:dc:22:da:f3:62:09:25:1b:87:48:
         42:4b:84:ae:61:a3:32:43:54:08:63:2c:11:4f:ff:e3:f9:ec:
         28:f3:98:33:1a:51:64:03:3e:94:fd:63:b7:f0:61:86:a3:c4:
         05:5b:f5:3f
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIURkFOtF5s7lvtVeukgtSxwDVH+6kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTA2MTcwMjUyMDNaFw0yNjA2MTYwMjU3MDNaMDMxMTAvBgNV
BAMTKDE3QjAwQUYyNzI3MTE5MTMxNDZDRUUxODVFNDA1QzlDOTBFRUJCOUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1wMuhbz1pxXJJ+TTBQD3fbIKL
Qb2B98JJpj685ffyuhuC5UmHGn0vQon3H7dSShi5U3lB3YjUb8HoVEiXAxPxN0uW
+Xvo+RVKtYA1HomSy1LzOwG22Nd3LdBL8KYxS+hjTJW5kFZ+1KeczaT5vbFzc0vL
h6AIgoLSbk5A+F0J2xC+u5YUtQXHEsHiZ9yA28hLPR8EklRgwPs+2fKWOX+Yk5tI
m86+AZu2/e5Qgyx9eq0mMYHJK2M2i6suUaVe8ALlbkvezMSqVE+vJlzQ4Q7hpSvx
IqUzUgbh63evAY+qECdf4YUr5APSNoSkC5mw4NGEbOX7d8cRV0xF8qvqFeutAgMB
AAGjggIUMIICEDAdBgNVHQ4EFgQUF7AK8nJxGRMUbO4YXkBcnJDuu54wHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjEzNjUwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYAKhR1
gAYDBgAqFHWBMjANBgkqhkiG9w0BAQsFAAOCAQEAj8/MeEh3yylGyh11CP+dOmEp
lPoetArZlvn44PylMK6gc3FnFjwf0fy2rwlfM/HOIwrq1qvVHIGXWVaYcTxMsPcG
FxWNvCTdYA5coKcwtiIRafLxxNuCN0hUsJwAUhjZLyYjEF/L5AS7ga7UitlTcFg8
mn2pRVj4jn0GEV5BXy5ZxLEF1cV6de/xgOgG4UWNjYRXsX5p8T7j4EE0d5X8nB3q
mSwryuuqVVpXTJKsLAPGu9vTy2LsQ0FQ0vViwFo5AIaZocLN3F6+OcX6BQLcItrz
YgklG4dIQkuErmGjMkNUCGMsEU//4/nsKPOYMxpRZAM+lP1jt/BhhqPEBVv1Pw==
-----END CERTIFICATE-----