Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214025.roa
File:                     AS214025.roa (raw, json)
Hash identifier:          MR+6AA+CKXLoeAb8cDt0L+ocUqEFhvlap+kuITxCNUo=
Subject key identifier:   CF:D0:F5:B3:D7:36:CC:1C:F1:DA:29:A1:15:15:22:55:7F:67:A0:B1
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       057137FA0094C9522A5A1CC56F3556666A55BCD8
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214025.roa
Signing time:             Mon 11 May 2026 16:02:14 +0000
ROA not before:           Mon 11 May 2026 15:57:14 +0000
ROA not after:            Mon 10 May 2027 16:02:14 +0000
asID:                     214025
IP address blocks:        168.222.44.0/24 maxlen: 24
                          168.222.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:71:37:fa:00:94:c9:52:2a:5a:1c:c5:6f:35:56:66:6a:55:bc:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 11 15:57:14 2026 GMT
            Not After : May 10 16:02:14 2027 GMT
        Subject: CN=CFD0F5B3D736CC1CF1DA29A1151522557F67A0B1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:1d:3b:f2:30:56:0e:69:09:08:32:67:62:88:
                    eb:68:6b:40:47:cf:75:b6:8f:c6:f4:d5:e8:dc:1b:
                    87:8f:8e:2e:5e:95:34:39:13:b5:47:eb:10:da:7a:
                    62:d4:36:03:bc:72:e3:6d:b2:44:e3:7a:c8:df:32:
                    4a:6b:b9:be:e8:1a:12:14:ff:53:44:c8:5d:9a:0a:
                    11:14:19:e1:9c:b6:52:e2:c2:05:a4:21:30:3e:de:
                    8e:33:6e:99:25:35:ec:f5:b8:10:10:e6:72:2f:f9:
                    ee:a3:8a:be:3d:92:3c:ad:6c:8a:d6:0c:fe:eb:d7:
                    ac:6f:05:74:d1:29:09:40:33:10:36:b7:d2:5b:36:
                    a9:ba:62:55:fe:cd:e9:74:31:a4:22:41:97:ca:16:
                    ce:4e:60:4b:5a:00:96:2e:14:28:da:01:81:e8:95:
                    60:41:6a:47:37:1d:5b:c0:a7:ef:b9:c8:b5:e2:a0:
                    d2:e3:58:1a:e1:6d:01:cf:18:5a:b1:24:b0:c1:24:
                    fa:11:82:86:80:54:1a:6c:57:8b:75:06:6d:43:f5:
                    cc:64:fb:a3:79:68:64:9c:30:8f:73:8e:f9:64:af:
                    a1:49:cc:78:ef:0c:90:24:e1:d8:d8:23:a1:85:0e:
                    4b:fd:09:e7:f0:89:2a:f2:9f:53:26:3e:02:87:c2:
                    85:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:D0:F5:B3:D7:36:CC:1C:F1:DA:29:A1:15:15:22:55:7F:67:A0:B1
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214025.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.222.44.0/24
                  168.222.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:3e:c1:b4:c7:9d:d7:5b:15:47:3d:94:cc:bb:00:62:bd:d3:
         c4:84:d9:45:bd:be:b5:2b:cf:3f:71:c5:52:05:98:ba:21:9e:
         ef:e1:81:57:63:73:d1:12:0a:61:cd:1f:43:06:09:86:f8:33:
         5f:fe:a3:8b:5f:51:e1:2a:c1:83:f8:67:97:37:6e:ad:b0:81:
         08:e3:97:81:f0:83:c5:9d:16:2f:19:63:fc:60:84:ec:7f:28:
         ff:7b:41:da:91:57:aa:40:21:26:68:7b:99:fa:be:7e:6c:1c:
         ee:44:62:b9:b2:23:d2:cc:d0:ff:8c:e9:fe:b4:bc:36:2c:7a:
         ed:79:46:f2:2f:05:d4:be:39:d6:40:70:0a:f2:88:19:ac:59:
         76:ae:39:f6:b0:da:10:86:48:bd:e6:1f:08:ed:0e:8a:dc:d4:
         72:c5:c4:60:92:dc:23:51:84:5e:c3:4d:a9:77:c7:09:50:a3:
         38:38:00:b7:93:8c:e4:30:6c:b7:d6:b6:30:44:e5:51:07:8c:
         28:98:6b:2a:88:f2:90:e2:ea:f3:5a:b8:fa:4d:84:85:0e:9d:
         16:c9:43:9d:6a:d5:84:18:7d:34:72:ac:15:a1:3f:1b:d7:78:
         9c:d6:0e:c8:02:9c:38:c6:0f:1f:d2:32:c3:30:ff:d9:c2:24:
         1c:b1:5a:69
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUBXE3+gCUyVIqWhzFbzVWZmpVvNgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MTExNTU3MTRaFw0yNzA1MTAxNjAyMTRaMDMxMTAvBgNV
BAMTKENGRDBGNUIzRDczNkNDMUNGMURBMjlBMTE1MTUyMjU1N0Y2N0EwQjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmHTvyMFYOaQkIMmdiiOtoa0BH
z3W2j8b01ejcG4ePji5elTQ5E7VH6xDaemLUNgO8cuNtskTjesjfMkprub7oGhIU
/1NEyF2aChEUGeGctlLiwgWkITA+3o4zbpklNez1uBAQ5nIv+e6jir49kjytbIrW
DP7r16xvBXTRKQlAMxA2t9JbNqm6YlX+zel0MaQiQZfKFs5OYEtaAJYuFCjaAYHo
lWBBakc3HVvAp++5yLXioNLjWBrhbQHPGFqxJLDBJPoRgoaAVBpsV4t1Bm1D9cxk
+6N5aGScMI9zjvlkr6FJzHjvDJAk4djYI6GFDkv9CefwiSryn1MmPgKHwoX5AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUz9D1s9c2zBzx2imhFRUiVX9noLEwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE0MDI1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAqN4s
AwQAqN5QMA0GCSqGSIb3DQEBCwUAA4IBAQBpPsG0x53XWxVHPZTMuwBivdPEhNlF
vb61K88/ccVSBZi6IZ7v4YFXY3PREgphzR9DBgmG+DNf/qOLX1HhKsGD+GeXN26t
sIEI45eB8IPFnRYvGWP8YITsfyj/e0HakVeqQCEmaHuZ+r5+bBzuRGK5siPSzND/
jOn+tLw2LHrteUbyLwXUvjnWQHAK8ogZrFl2rjn2sNoQhki95h8I7Q6K3NRyxcRg
ktwjUYRew02pd8cJUKM4OAC3k4zkMGy31rYwROVRB4womGsqiPKQ4urzWrj6TYSF
Dp0WyUOdatWEGH00cqwVoT8b13ic1g7IApw4xg8f0jLDMP/ZwiQcsVpp
-----END CERTIFICATE-----