Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS213200.roa
File:                     AS213200.roa (raw, json)
Hash identifier:          i+ortOluL+FxJCTcTBd2mW+4R3NNpVhAhK11E3JjFYY=
Subject key identifier:   89:26:DC:3A:1E:78:62:1F:65:4F:B5:17:54:A9:A3:60:FB:3C:3A:1F
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       6496AF1DC9D57528151B5C391F29BDCF2AF31A4F
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS213200.roa
Signing time:             Sun 10 Aug 2025 16:57:37 +0000
ROA not before:           Sun 10 Aug 2025 16:52:37 +0000
ROA not after:            Sun 09 Aug 2026 16:57:37 +0000
asID:                     213200
IP address blocks:        143.14.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:96:af:1d:c9:d5:75:28:15:1b:5c:39:1f:29:bd:cf:2a:f3:1a:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Aug 10 16:52:37 2025 GMT
            Not After : Aug  9 16:57:37 2026 GMT
        Subject: CN=8926DC3A1E78621F654FB51754A9A360FB3C3A1F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:61:1c:c9:06:50:7c:68:ed:10:d1:2b:35:e3:
                    b0:2d:43:3b:43:3b:ec:c4:8c:8e:5e:bd:28:07:28:
                    be:3f:0b:14:c2:c3:44:ce:58:6b:94:2e:26:50:09:
                    6b:f7:dc:18:be:3f:70:97:0a:b3:ce:82:71:ff:c1:
                    c3:17:e4:47:1b:97:72:d6:12:65:31:38:c5:5b:c2:
                    c7:29:1f:82:c2:12:8b:8c:80:34:c5:ae:21:23:40:
                    86:70:02:c0:87:7d:34:31:36:1e:56:6f:cf:16:f2:
                    1f:a9:ac:b6:17:3f:90:39:29:c5:aa:c4:c3:f7:53:
                    bb:36:e6:e2:10:d1:89:b2:9a:47:4a:61:a9:d5:ab:
                    92:0a:29:2e:4b:83:c7:73:aa:ec:99:e1:84:0c:46:
                    90:21:52:68:06:17:2e:cd:3b:a5:d0:89:53:e1:4a:
                    76:61:87:7b:0e:ce:cb:85:f3:7d:f9:95:02:50:8d:
                    c7:9a:05:bc:87:53:9f:02:3f:88:50:f3:71:2b:85:
                    1b:f2:d7:9e:a3:f9:62:d2:06:2d:30:33:20:74:f0:
                    9a:4a:8e:25:24:79:f1:5c:4c:f5:80:2f:7a:30:37:
                    1c:f3:6b:42:dd:2a:cc:c7:55:52:cf:78:c0:f2:38:
                    37:7b:0f:66:3f:9e:2b:39:9a:3d:a9:2d:a9:51:6f:
                    51:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:26:DC:3A:1E:78:62:1F:65:4F:B5:17:54:A9:A3:60:FB:3C:3A:1F
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS213200.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:e6:a9:cf:08:1e:af:65:6a:15:1b:63:8e:e8:cd:ad:bb:7d:
         bd:cd:8d:cb:84:9e:03:01:c6:7d:15:b1:7b:45:d9:5e:ef:c4:
         be:da:76:6f:c5:14:fa:bd:4b:0c:61:57:5d:2d:95:26:e8:65:
         c2:d0:54:21:b8:3f:8e:1a:8b:7c:9c:33:b2:cf:7a:21:d9:2b:
         69:b0:a8:a2:7c:fa:47:cb:15:d6:a4:d9:cf:61:b6:2d:c8:a5:
         ea:75:47:24:41:11:67:86:d8:8c:e8:64:5b:de:b0:77:44:9a:
         d1:7c:9a:76:1a:eb:c5:fa:64:35:ff:d9:e3:b5:6b:7c:d5:50:
         3e:b2:83:fb:95:cd:26:2b:80:69:0b:68:d3:d9:35:e2:51:bc:
         13:32:ce:22:58:08:a7:79:39:c8:82:2e:ef:22:90:90:a5:f5:
         3b:c5:b5:3f:33:d7:e9:f5:cb:c8:cc:61:f5:7b:ac:c5:90:d5:
         3b:52:3d:53:b4:a7:f9:b6:fc:11:a8:bc:79:7b:56:fa:92:28:
         ce:74:8b:88:fc:25:76:5c:15:52:bb:57:22:1e:0d:76:db:37:
         bf:5a:7f:1f:58:35:74:25:d3:83:2d:47:9b:b1:4a:b3:c5:64:
         3b:25:f0:10:1b:bc:a1:45:55:b0:fd:f8:df:bf:96:f7:9c:5d:
         e4:32:26:25
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUZJavHcnVdSgVG1w5Hym9zyrzGk8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA4MTAxNjUyMzdaFw0yNjA4MDkxNjU3MzdaMDMxMTAvBgNV
BAMTKDg5MjZEQzNBMUU3ODYyMUY2NTRGQjUxNzU0QTlBMzYwRkIzQzNBMUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXYRzJBlB8aO0Q0Ss147AtQztD
O+zEjI5evSgHKL4/CxTCw0TOWGuULiZQCWv33Bi+P3CXCrPOgnH/wcMX5Ecbl3LW
EmUxOMVbwscpH4LCEouMgDTFriEjQIZwAsCHfTQxNh5Wb88W8h+prLYXP5A5KcWq
xMP3U7s25uIQ0YmymkdKYanVq5IKKS5Lg8dzquyZ4YQMRpAhUmgGFy7NO6XQiVPh
SnZhh3sOzsuF8335lQJQjceaBbyHU58CP4hQ83ErhRvy156j+WLSBi0wMyB08JpK
jiUkefFcTPWAL3owNxzza0LdKszHVVLPeMDyODd7D2Y/nis5mj2pLalRb1EdAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUiSbcOh54Yh9lT7UXVKmjYPs8Oh8wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjEzMjAwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjw4s
MA0GCSqGSIb3DQEBCwUAA4IBAQAn5qnPCB6vZWoVG2OO6M2tu329zY3LhJ4DAcZ9
FbF7Rdle78S+2nZvxRT6vUsMYVddLZUm6GXC0FQhuD+OGot8nDOyz3oh2StpsKii
fPpHyxXWpNnPYbYtyKXqdUckQRFnhtiM6GRb3rB3RJrRfJp2GuvF+mQ1/9njtWt8
1VA+soP7lc0mK4BpC2jT2TXiUbwTMs4iWAineTnIgi7vIpCQpfU7xbU/M9fp9cvI
zGH1e6zFkNU7Uj1TtKf5tvwRqLx5e1b6kijOdIuI/CV2XBVSu1ciHg122ze/Wn8f
WDV0JdODLUebsUqzxWQ7JfAQG7yhRVWw/fjfv5b3nF3kMiYl
-----END CERTIFICATE-----