Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214143.roa
File:                     AS214143.roa (raw, json)
Hash identifier:          YpO8M8e/c+74UU5kTufCbsbl9zyRKPnLG4eAzMHCQqc=
Subject key identifier:   80:99:D4:C9:96:B4:79:74:D1:E3:06:00:1E:B4:A7:79:27:C1:5D:05
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       2A3A79706957988EDC9FF74DDC7047622667479C
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214143.roa
Signing time:             Tue 29 Apr 2025 10:58:23 +0000
ROA not before:           Tue 29 Apr 2025 10:53:23 +0000
ROA not after:            Tue 28 Apr 2026 10:58:23 +0000
asID:                     214143
IP address blocks:        143.14.32.0/24 maxlen: 24
                          143.14.228.0/24 maxlen: 24
                          143.14.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:3a:79:70:69:57:98:8e:dc:9f:f7:4d:dc:70:47:62:26:67:47:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 29 10:53:23 2025 GMT
            Not After : Apr 28 10:58:23 2026 GMT
        Subject: CN=8099D4C996B47974D1E306001EB4A77927C15D05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:75:bb:f6:0f:b4:58:1c:a7:7c:d0:cd:fe:a6:
                    8e:15:e8:c3:63:45:a2:14:f3:f3:72:7d:3e:98:12:
                    15:ee:4a:60:ef:29:db:22:d2:02:fd:29:61:ea:06:
                    7b:24:d8:89:c6:36:0f:72:18:1c:e9:69:c9:4c:70:
                    50:67:8d:f0:41:ff:f9:a6:b4:32:03:48:eb:f9:a8:
                    26:ca:2d:5e:9c:21:62:13:7c:62:93:90:43:f6:6b:
                    c7:3a:cb:7f:47:75:81:dd:5f:35:4d:65:12:ac:22:
                    92:f0:59:0b:fa:3e:4b:3d:b7:8c:a2:c0:a2:44:2a:
                    13:72:50:43:b2:8c:d8:d7:06:9a:ad:9a:1e:cb:0e:
                    0f:40:5a:3a:47:7d:01:33:ed:19:00:2e:f4:19:82:
                    90:b5:e3:de:d5:37:7c:d5:45:a2:20:23:7a:05:db:
                    e5:31:7b:65:06:15:28:72:36:ac:65:79:b6:ae:52:
                    07:3a:7b:4d:d5:4c:8d:af:ad:a7:63:4f:ef:8f:95:
                    cb:2f:94:fe:df:e4:7e:42:6e:73:62:cd:1d:ea:d4:
                    e0:8f:d3:ba:fc:88:b2:05:44:e4:19:18:ad:70:4c:
                    99:86:9b:97:4d:4f:03:5f:e1:5f:85:c3:5b:8b:f0:
                    49:b8:c9:91:73:0c:bf:03:c2:8b:9e:e0:9a:a2:db:
                    b4:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:99:D4:C9:96:B4:79:74:D1:E3:06:00:1E:B4:A7:79:27:C1:5D:05
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214143.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.32.0/24
                  143.14.228.0/24
                  143.14.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:b1:7b:e6:67:93:8b:b5:91:f0:c6:fc:7a:6f:90:9d:89:63:
         3a:8f:5b:43:d5:bf:da:8d:17:3c:b3:79:49:2b:fa:83:81:b7:
         7d:d8:68:24:3c:6d:fe:37:63:af:cd:96:da:2f:62:c7:bc:c4:
         ef:c9:6d:a8:2e:ab:a9:17:24:93:72:90:fd:22:fd:61:e0:c0:
         98:fa:91:df:3a:62:03:44:ad:8c:b0:7c:15:ee:10:4d:3b:c0:
         66:c9:3d:bd:08:04:e6:89:c6:f0:c1:9f:9d:46:bb:4b:f6:62:
         8d:a9:c5:fc:a8:27:bb:f1:d7:3f:49:96:fc:83:a0:ae:91:39:
         af:55:48:94:7d:29:cd:96:2f:61:3e:31:1a:70:6c:e9:4d:e6:
         04:89:86:26:2c:1e:b8:c2:79:20:02:49:78:98:79:21:3f:81:
         55:a9:4f:92:0a:43:29:c8:72:63:dd:73:a0:f9:97:b0:49:13:
         35:d6:41:a7:64:a3:32:58:4e:5e:82:53:b2:56:43:dd:5a:85:
         6e:8b:b6:de:29:42:bd:92:84:11:01:8f:54:02:11:2a:11:86:
         eb:84:3e:1e:55:93:bd:b9:bc:d2:2c:d8:20:f5:57:35:6c:41:
         53:11:fc:83:72:ed:19:c9:05:ef:2c:04:7b:03:ac:b7:a7:ad:
         c6:a6:20:62
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUKjp5cGlXmI7cn/dN3HBHYiZnR5wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA0MjkxMDUzMjNaFw0yNjA0MjgxMDU4MjNaMDMxMTAvBgNV
BAMTKDgwOTlENEM5OTZCNDc5NzREMUUzMDYwMDFFQjRBNzc5MjdDMTVEMDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSdbv2D7RYHKd80M3+po4V6MNj
RaIU8/NyfT6YEhXuSmDvKdsi0gL9KWHqBnsk2InGNg9yGBzpaclMcFBnjfBB//mm
tDIDSOv5qCbKLV6cIWITfGKTkEP2a8c6y39HdYHdXzVNZRKsIpLwWQv6Pks9t4yi
wKJEKhNyUEOyjNjXBpqtmh7LDg9AWjpHfQEz7RkALvQZgpC1497VN3zVRaIgI3oF
2+Uxe2UGFShyNqxlebauUgc6e03VTI2vradjT++PlcsvlP7f5H5CbnNizR3q1OCP
07r8iLIFROQZGK1wTJmGm5dNTwNf4V+Fw1uL8Em4yZFzDL8Dwoue4Jqi27RXAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUgJnUyZa0eXTR4wYAHrSneSfBXQUwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE0MTQzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjw4g
AwQAjw7kAwQAjw7wMA0GCSqGSIb3DQEBCwUAA4IBAQBesXvmZ5OLtZHwxvx6b5Cd
iWM6j1tD1b/ajRc8s3lJK/qDgbd92GgkPG3+N2OvzZbaL2LHvMTvyW2oLqupFyST
cpD9Iv1h4MCY+pHfOmIDRK2MsHwV7hBNO8BmyT29CATmicbwwZ+dRrtL9mKNqcX8
qCe78dc/SZb8g6CukTmvVUiUfSnNli9hPjEacGzpTeYEiYYmLB64wnkgAkl4mHkh
P4FVqU+SCkMpyHJj3XOg+ZewSRM11kGnZKMyWE5eglOyVkPdWoVui7beKUK9koQR
AY9UAhEqEYbrhD4eVZO9ubzSLNgg9Vc1bEFTEfyDcu0ZyQXvLAR7A6y3p63GpiBi
-----END CERTIFICATE-----