Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214618.roa
File:                     AS214618.roa (raw, json)
Hash identifier:          cz2JE39QDjrh0Q13ifd8wu9TNqRgioEiwtl5f9UTna8=
Subject key identifier:   85:94:1B:0D:86:77:7F:AE:40:1C:CB:7E:20:10:1C:0B:E5:EE:80:0A
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       5C9C625886D91D87F1033A170D34971CF5B948E8
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214618.roa
Signing time:             Mon 04 May 2026 11:47:07 +0000
ROA not before:           Mon 04 May 2026 11:42:07 +0000
ROA not after:            Mon 03 May 2027 11:47:07 +0000
asID:                     214618
IP address blocks:        146.103.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:9c:62:58:86:d9:1d:87:f1:03:3a:17:0d:34:97:1c:f5:b9:48:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May  4 11:42:07 2026 GMT
            Not After : May  3 11:47:07 2027 GMT
        Subject: CN=85941B0D86777FAE401CCB7E20101C0BE5EE800A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:3d:22:1a:9d:e0:69:e4:6c:a7:00:e3:dd:b7:
                    a0:e2:20:a9:0f:ac:d2:11:14:af:fa:5c:ad:f0:16:
                    3f:12:07:47:b3:b6:67:de:dd:f8:66:b6:b5:e7:40:
                    d5:91:1e:ba:c0:ed:a3:e4:27:2c:01:52:29:61:5b:
                    70:39:70:c9:57:b7:11:3b:15:7e:65:a5:03:d7:ee:
                    00:89:d9:22:93:14:3b:28:61:6e:bf:0d:df:91:d3:
                    ed:c3:c0:b6:d5:0a:71:02:6d:a4:c0:37:42:40:9f:
                    47:af:40:f5:6d:92:14:86:47:d6:02:bb:21:10:cc:
                    d2:8b:ce:35:d7:29:cb:ce:1a:38:9f:54:77:b6:15:
                    89:14:bf:9f:89:1d:cf:a8:e0:9c:c1:95:6c:5c:3d:
                    46:0b:11:32:f2:ed:c0:74:7f:f1:cb:d6:9e:33:67:
                    a2:be:a7:46:73:73:c9:13:ed:cd:5c:f8:be:08:76:
                    98:86:27:07:a2:21:d3:de:77:62:73:d3:5e:b1:0b:
                    cc:69:5a:35:c7:fa:33:ab:e6:58:73:30:33:53:a5:
                    ed:d2:45:8e:51:71:7d:49:97:96:92:c8:f3:f9:6c:
                    4d:a0:e7:d0:0e:d3:34:54:06:2e:a8:60:b1:3a:c4:
                    c6:b4:d5:4f:21:2f:b9:bf:4a:24:73:99:48:c0:03:
                    f9:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:94:1B:0D:86:77:7F:AE:40:1C:CB:7E:20:10:1C:0B:E5:EE:80:0A
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214618.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:11:fb:16:7d:03:9a:48:02:e1:ab:5a:65:5e:ba:53:88:07:
         58:59:c8:41:12:73:48:4d:57:80:1c:a0:3d:07:28:2e:43:10:
         f7:7e:24:ee:a4:5a:f2:f1:68:f2:bd:f3:87:a1:19:a9:45:0c:
         38:f2:fa:d4:38:7c:4d:88:a7:ad:52:c5:9f:a5:a2:af:04:52:
         a5:19:01:11:cb:88:1b:09:df:13:b2:f3:bf:8b:8d:6a:fb:3b:
         68:8c:c4:cf:77:bd:93:81:7b:2a:a7:8d:a0:2d:ec:c8:98:45:
         00:72:b6:8b:8e:38:49:5b:12:06:96:63:7b:6f:7d:af:a8:45:
         5c:0b:41:15:ed:b5:07:21:78:bb:23:f3:e1:b9:d6:ce:33:4f:
         09:68:84:5b:d2:00:84:cf:12:21:66:4c:ae:49:ce:83:3c:63:
         7c:62:2a:15:d3:f7:5d:fa:57:2b:15:1e:0e:79:d6:c5:2f:bd:
         54:cd:91:b2:e2:e4:65:bf:d9:6b:49:17:be:7f:71:c1:9f:0a:
         27:9f:bf:bd:f4:27:93:29:63:b5:8e:ef:5a:c4:6d:51:71:e2:
         3c:6c:6f:53:3b:e6:a1:bf:71:71:61:9b:51:8d:e9:99:f8:68:
         73:b8:5d:55:5a:24:12:74:cf:bf:89:fc:c8:b3:d0:b8:b9:12:
         aa:38:2c:c4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUXJxiWIbZHYfxAzoXDTSXHPW5SOgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MDQxMTQyMDdaFw0yNzA1MDMxMTQ3MDdaMDMxMTAvBgNV
BAMTKDg1OTQxQjBEODY3NzdGQUU0MDFDQ0I3RTIwMTAxQzBCRTVFRTgwMEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSPSIaneBp5GynAOPdt6DiIKkP
rNIRFK/6XK3wFj8SB0eztmfe3fhmtrXnQNWRHrrA7aPkJywBUilhW3A5cMlXtxE7
FX5lpQPX7gCJ2SKTFDsoYW6/Dd+R0+3DwLbVCnECbaTAN0JAn0evQPVtkhSGR9YC
uyEQzNKLzjXXKcvOGjifVHe2FYkUv5+JHc+o4JzBlWxcPUYLETLy7cB0f/HL1p4z
Z6K+p0Zzc8kT7c1c+L4IdpiGJweiIdPed2Jz016xC8xpWjXH+jOr5lhzMDNTpe3S
RY5RcX1Jl5aSyPP5bE2g59AO0zRUBi6oYLE6xMa01U8hL7m/SiRzmUjAA/k3AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUhZQbDYZ3f65AHMt+IBAcC+XugAowHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE0NjE4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkmc8
MA0GCSqGSIb3DQEBCwUAA4IBAQCaEfsWfQOaSALhq1plXrpTiAdYWchBEnNITVeA
HKA9ByguQxD3fiTupFry8WjyvfOHoRmpRQw48vrUOHxNiKetUsWfpaKvBFKlGQER
y4gbCd8TsvO/i41q+ztojMTPd72TgXsqp42gLezImEUAcraLjjhJWxIGlmN7b32v
qEVcC0EV7bUHIXi7I/PhudbOM08JaIRb0gCEzxIhZkyuSc6DPGN8YioV0/dd+lcr
FR4OedbFL71UzZGy4uRlv9lrSRe+f3HBnwonn7+99CeTKWO1ju9axG1RceI8bG9T
O+ahv3FxYZtRjemZ+GhzuF1VWiQSdM+/ifzIs9C4uRKqOCzE
-----END CERTIFICATE-----