Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214654.roa
File:                     AS214654.roa (raw, json)
Hash identifier:          RrgIEU7tbOLrM+QcqO4/r/KPodr+YCI8JiBRi3lwm3E=
Subject key identifier:   32:C2:01:75:5B:3C:F0:FD:E6:A5:47:2C:A1:8B:F7:B2:15:A2:62:97
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       02319196F0FAE0D714DB305A1BCE61B24E5CF0A5
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214654.roa
Signing time:             Tue 29 Apr 2025 13:42:19 +0000
ROA not before:           Tue 29 Apr 2025 13:37:19 +0000
ROA not after:            Tue 28 Apr 2026 13:42:19 +0000
asID:                     214654
IP address blocks:        148.135.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 May 2025 16:09:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:31:91:96:f0:fa:e0:d7:14:db:30:5a:1b:ce:61:b2:4e:5c:f0:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 29 13:37:19 2025 GMT
            Not After : Apr 28 13:42:19 2026 GMT
        Subject: CN=32C201755B3CF0FDE6A5472CA18BF7B215A26297
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:2c:db:b3:86:37:f7:9a:26:44:ae:62:ba:67:
                    5f:bb:95:02:55:14:15:44:7a:a8:6e:b0:e9:00:00:
                    75:06:ff:bf:f8:07:ce:12:12:af:22:5f:76:4c:a2:
                    91:e8:a0:a6:ff:07:79:09:f2:d6:34:32:df:59:3e:
                    57:da:a2:20:f6:1d:e0:e8:b1:d2:3f:a6:57:b8:6c:
                    eb:30:8d:7d:a9:da:0e:c0:87:45:73:4f:29:15:f6:
                    44:a7:8d:c2:db:ce:af:9c:d2:43:3c:a2:0d:a1:81:
                    1a:9d:a7:8c:00:c5:66:7d:47:7c:e1:4f:a2:f8:04:
                    5a:b7:b0:ae:ea:24:93:96:39:02:d3:57:45:a6:d2:
                    c3:94:98:99:61:92:79:7f:b7:93:e5:55:7a:35:17:
                    cc:f1:bc:83:90:4a:cf:45:3f:c0:5c:07:5b:13:7a:
                    ee:5a:6b:52:60:80:5a:68:9b:dd:01:de:88:f0:fc:
                    d2:45:bc:9f:7a:71:ce:8c:7d:33:2f:51:44:4e:8e:
                    4c:22:bc:a0:8c:f9:59:b8:7c:0f:e1:9b:67:fd:4c:
                    f1:a0:4e:4e:80:06:be:e2:f1:82:eb:7d:aa:56:f9:
                    19:8a:a9:33:4e:cd:f4:91:33:f4:3b:35:27:3e:9c:
                    71:c0:70:d9:35:97:53:37:ff:e3:1e:95:a5:a8:ad:
                    8e:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:C2:01:75:5B:3C:F0:FD:E6:A5:47:2C:A1:8B:F7:B2:15:A2:62:97
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214654.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.135.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:78:ca:0f:8f:a3:45:91:3d:61:19:f8:93:c8:b2:f1:d6:ea:
         33:90:3c:73:38:c1:f3:0c:7e:8b:27:2e:94:75:d0:60:68:2e:
         0a:85:bd:ee:eb:8f:c9:7f:fe:d6:33:4a:b0:80:77:0c:b4:7f:
         5d:51:53:c2:c5:f5:df:e8:4f:59:53:fa:5a:21:a3:36:b0:f4:
         13:03:45:94:51:dd:bd:e4:d4:09:6d:79:d4:ff:32:5a:4f:56:
         4e:a6:cb:01:31:47:f3:63:14:75:84:a8:3a:82:31:d5:26:47:
         8e:90:a5:98:83:ab:fd:e2:40:e0:fa:32:ba:d3:5f:0a:91:6a:
         11:b3:95:d6:66:49:a4:70:79:81:7b:3a:6f:c0:07:54:d5:ed:
         71:0c:21:50:39:69:b3:05:fb:d9:53:95:56:30:51:c0:46:45:
         b9:df:32:15:4e:8e:02:e5:c0:d8:4e:e2:0e:d4:a3:e7:2a:fc:
         c0:86:6a:a6:8c:85:d1:c9:68:d6:f6:bf:5e:20:42:55:4b:79:
         c0:f6:6e:4d:55:a5:0d:c8:3b:dd:03:20:38:19:cd:e5:aa:84:
         92:b8:5a:8b:6f:db:b7:87:a5:f1:16:49:87:e6:dc:48:61:f1:
         36:ee:4d:28:4f:d9:59:08:5f:bb:aa:61:be:7d:17:59:66:86:
         15:61:e5:6e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUAjGRlvD64NcU2zBaG85hsk5c8KUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA0MjkxMzM3MTlaFw0yNjA0MjgxMzQyMTlaMDMxMTAvBgNV
BAMTKDMyQzIwMTc1NUIzQ0YwRkRFNkE1NDcyQ0ExOEJGN0IyMTVBMjYyOTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpLNuzhjf3miZErmK6Z1+7lQJV
FBVEeqhusOkAAHUG/7/4B84SEq8iX3ZMopHooKb/B3kJ8tY0Mt9ZPlfaoiD2HeDo
sdI/ple4bOswjX2p2g7Ah0VzTykV9kSnjcLbzq+c0kM8og2hgRqdp4wAxWZ9R3zh
T6L4BFq3sK7qJJOWOQLTV0Wm0sOUmJlhknl/t5PlVXo1F8zxvIOQSs9FP8BcB1sT
eu5aa1JggFpom90B3ojw/NJFvJ96cc6MfTMvUUROjkwivKCM+Vm4fA/hm2f9TPGg
Tk6ABr7i8YLrfapW+RmKqTNOzfSRM/Q7NSc+nHHAcNk1l1M3/+MelaWorY7pAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUMsIBdVs88P3mpUcsoYv3shWiYpcwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE0NjU0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlIea
MA0GCSqGSIb3DQEBCwUAA4IBAQCOeMoPj6NFkT1hGfiTyLLx1uozkDxzOMHzDH6L
Jy6UddBgaC4Khb3u64/Jf/7WM0qwgHcMtH9dUVPCxfXf6E9ZU/paIaM2sPQTA0WU
Ud295NQJbXnU/zJaT1ZOpssBMUfzYxR1hKg6gjHVJkeOkKWYg6v94kDg+jK6018K
kWoRs5XWZkmkcHmBezpvwAdU1e1xDCFQOWmzBfvZU5VWMFHARkW53zIVTo4C5cDY
TuIO1KPnKvzAhmqmjIXRyWjW9r9eIEJVS3nA9m5NVaUNyDvdAyA4Gc3lqoSSuFqL
b9u3h6XxFkmH5txIYfE27k0oT9lZCF+7qmG+fRdZZoYVYeVu
-----END CERTIFICATE-----