Route Origin Authorization

$ rpki-client -vvf rrdp.as214749.net/repo/as214749-paw/4/323030313a3637383a313230633a3a2f34382d3438203d3e20323134373439.roa
File:                     323030313a3637383a313230633a3a2f34382d3438203d3e20323134373439.roa (raw, json)
Hash identifier:          qD58tjRXh1Sgzaanz8hHs0X4Bt+9XwLVW6v6y8GKf0Q=
Subject key identifier:   F0:B4:D0:EB:FD:D7:EF:89:91:0F:FB:58:3D:39:11:0D:FD:3D:7F:F3
Certificate issuer:       /CN=354e0070adbd32a2e4f8d9e22db60e5dec664585
Certificate serial:       3E491D07A3AB7E1D5B6153E3D918E4D0C7DDEBCA
Authority key identifier: 35:4E:00:70:AD:BD:32:A2:E4:F8:D9:E2:2D:B6:0E:5D:EC:66:45:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NU4AcK29MqLk-NniLbYOXexmRYU.cer
Subject info access:      rsync://rrdp.as214749.net/repo/as214749-paw/4/323030313a3637383a313230633a3a2f34382d3438203d3e20323134373439.roa
Signing time:             Thu 19 Mar 2026 09:11:23 +0000
ROA not before:           Thu 19 Mar 2026 09:06:23 +0000
ROA not after:            Thu 18 Mar 2027 09:11:23 +0000
asID:                     214749
IP address blocks:        2001:678:120c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rrdp.as214749.net/repo/as214749-paw/4/354E0070ADBD32A2E4F8D9E22DB60E5DEC664585.crl
                          rsync://rrdp.as214749.net/repo/as214749-paw/4/354E0070ADBD32A2E4F8D9E22DB60E5DEC664585.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NU4AcK29MqLk-NniLbYOXexmRYU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 09:25:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:49:1d:07:a3:ab:7e:1d:5b:61:53:e3:d9:18:e4:d0:c7:dd:eb:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=354e0070adbd32a2e4f8d9e22db60e5dec664585
        Validity
            Not Before: Mar 19 09:06:23 2026 GMT
            Not After : Mar 18 09:11:23 2027 GMT
        Subject: CN=F0B4D0EBFDD7EF89910FFB583D39110DFD3D7FF3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d7:8e:bc:b5:a0:cb:ba:f5:7d:ed:84:59:49:
                    19:ab:af:0f:09:2f:cf:93:81:b6:2d:67:ea:7c:f4:
                    57:8a:e0:3b:8b:26:de:4c:ae:34:dd:4c:7e:e3:32:
                    86:93:3e:a9:32:85:d4:6c:a6:9c:c2:10:25:2e:d8:
                    f0:2f:6e:d9:a4:cb:82:05:de:8a:6e:c5:1e:c2:e6:
                    99:b4:da:1d:a1:69:27:19:9a:2f:e5:04:a3:18:9a:
                    71:01:b7:93:52:0c:55:9f:52:73:2e:6c:4e:54:6e:
                    50:ad:15:39:5c:60:9a:bd:77:95:d4:3e:4b:a7:10:
                    c8:2a:5e:54:8d:51:87:f2:f6:34:5f:1d:39:10:9e:
                    d3:8c:41:39:04:b9:ba:85:49:3d:3d:31:99:e1:f1:
                    40:44:ee:65:65:ac:6c:3f:4f:3f:4c:f5:08:43:30:
                    d6:2b:27:2b:78:1a:de:c2:95:1f:43:c6:a7:21:7a:
                    74:5c:5e:b2:09:6c:9e:83:ff:4a:a6:c1:6e:02:cd:
                    89:30:02:34:74:26:f7:b8:49:5a:30:d9:29:69:2e:
                    f0:af:68:da:f6:b9:23:c4:d6:0f:1f:5d:b5:5d:c1:
                    30:97:32:34:87:f3:08:aa:71:30:68:4a:3c:ea:3e:
                    54:d3:44:1f:3a:f8:ef:2b:3e:6d:88:10:c1:9f:1a:
                    da:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:B4:D0:EB:FD:D7:EF:89:91:0F:FB:58:3D:39:11:0D:FD:3D:7F:F3
            X509v3 Authority Key Identifier:
                keyid:35:4E:00:70:AD:BD:32:A2:E4:F8:D9:E2:2D:B6:0E:5D:EC:66:45:85

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rrdp.as214749.net/repo/as214749-paw/4/354E0070ADBD32A2E4F8D9E22DB60E5DEC664585.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NU4AcK29MqLk-NniLbYOXexmRYU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rrdp.as214749.net/repo/as214749-paw/4/323030313a3637383a313230633a3a2f34382d3438203d3e20323134373439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:120c::/48

    Signature Algorithm: sha256WithRSAEncryption
         5f:fc:a2:f5:59:7f:e8:64:36:f2:58:78:44:ab:40:a1:9d:a9:
         10:5c:e8:f3:cf:33:0c:9e:85:ce:eb:e4:b9:c5:88:62:bf:bd:
         90:fd:fe:6c:1f:1e:8e:c4:81:88:87:ca:09:5a:5b:5f:34:b0:
         39:7a:2e:c3:5c:7f:c3:20:5d:3d:99:e8:06:7b:3c:95:c6:8e:
         f2:b1:83:a4:0a:a2:50:68:44:fc:5d:3e:bc:f1:30:af:2c:6a:
         a0:f9:91:36:0d:03:8f:2f:aa:8a:0a:a1:e4:25:90:91:43:f9:
         99:92:9b:0d:a1:51:34:94:14:84:50:e1:0f:48:67:ce:a9:e9:
         97:e7:7b:c1:e8:62:c0:68:f8:6b:5d:a9:54:85:ef:04:5a:58:
         55:15:46:49:64:49:72:b6:93:85:6c:b5:c3:3d:c7:a9:ae:2c:
         0e:74:46:91:f4:91:f6:50:28:49:c9:45:53:53:7d:06:26:12:
         44:d0:59:77:b9:e7:81:97:35:35:cc:d7:7a:f4:a1:9a:5f:be:
         60:4b:79:67:a3:2b:c5:32:14:a7:cf:48:ac:92:e5:bc:93:13:
         5a:81:9f:0a:e4:30:06:c6:34:f9:ea:bb:7b:5c:ad:df:01:14:
         1f:20:48:6f:4d:4f:5d:c8:78:c0:1b:fc:c2:9f:59:eb:6b:38:
         21:b2:33:fc
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUPkkdB6Orfh1bYVPj2Rjk0Mfd68owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzU0ZTAwNzBhZGJkMzJhMmU0ZjhkOWUyMmRiNjBlNWRl
YzY2NDU4NTAeFw0yNjAzMTkwOTA2MjNaFw0yNzAzMTgwOTExMjNaMDMxMTAvBgNV
BAMTKEYwQjREMEVCRkREN0VGODk5MTBGRkI1ODNEMzkxMTBERkQzRDdGRjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCz1468taDLuvV97YRZSRmrrw8J
L8+TgbYtZ+p89FeK4DuLJt5MrjTdTH7jMoaTPqkyhdRsppzCECUu2PAvbtmky4IF
3opuxR7C5pm02h2haScZmi/lBKMYmnEBt5NSDFWfUnMubE5UblCtFTlcYJq9d5XU
PkunEMgqXlSNUYfy9jRfHTkQntOMQTkEubqFST09MZnh8UBE7mVlrGw/Tz9M9QhD
MNYrJyt4Gt7ClR9DxqchenRcXrIJbJ6D/0qmwW4CzYkwAjR0Jve4SVow2SlpLvCv
aNr2uSPE1g8fXbVdwTCXMjSH8wiqcTBoSjzqPlTTRB86+O8rPm2IEMGfGtrdAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQU8LTQ6/3X74mRD/tYPTkRDf09f/MwHwYDVR0j
BBgwFoAUNU4AcK29MqLk+NniLbYOXexmRYUwDgYDVR0PAQH/BAQDAgeAMGsGA1Ud
HwRkMGIwYKBeoFyGWnJzeW5jOi8vcnJkcC5hczIxNDc0OS5uZXQvcmVwby9hczIx
NDc0OS1wYXcvNC8zNTRFMDA3MEFEQkQzMkEyRTRGOEQ5RTIyREI2MEU1REVDNjY0
NTg1LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvTlU0QWNLMjlNcUxrLU5uaUxi
WU9YZXhtUllVLmNlcjCBjQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5
bmM6Ly9ycmRwLmFzMjE0NzQ5Lm5ldC9yZXBvL2FzMjE0NzQ5LXBhdy80LzMyMzAz
MDMxM2EzNjM3MzgzYTMxMzIzMDYzM2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzIz
MTM0MzczNDM5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBIMMA0GCSqGSIb3DQEBCwUAA4IBAQBf
/KL1WX/oZDbyWHhEq0ChnakQXOjzzzMMnoXO6+S5xYhiv72Q/f5sHx6OxIGIh8oJ
WltfNLA5ei7DXH/DIF09megGezyVxo7ysYOkCqJQaET8XT688TCvLGqg+ZE2DQOP
L6qKCqHkJZCRQ/mZkpsNoVE0lBSEUOEPSGfOqemX53vB6GLAaPhrXalUhe8EWlhV
FUZJZElytpOFbLXDPcepriwOdEaR9JH2UChJyUVTU30GJhJE0Fl3ueeBlzU1zNd6
9KGaX75gS3lnoyvFMhSnz0iskuW8kxNagZ8K5DAGxjT56rt7XK3fARQfIEhvTU9d
yHjAG/zCn1nrazghsjP8
-----END CERTIFICATE-----