Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS214025.roa
File:                     AS214025.roa (raw, json)
Hash identifier:          S+Y7ACmnPyLFx3wUM5GQmFaaoiI/cGnBmul8wsZLMZQ=
Subject key identifier:   16:70:96:5B:29:22:19:AB:D4:49:17:D0:E3:E7:94:42:9F:77:35:E6
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       3A8273E3FC694C045E8095F3EE1656A27DF53F4D
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS214025.roa
Signing time:             Tue 30 Sep 2025 10:03:15 +0000
ROA not before:           Tue 30 Sep 2025 09:58:15 +0000
ROA not after:            Tue 29 Sep 2026 10:03:15 +0000
asID:                     214025
IP address blocks:        82.139.219.0/24 maxlen: 24
                          82.139.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:82:73:e3:fc:69:4c:04:5e:80:95:f3:ee:16:56:a2:7d:f5:3f:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep 30 09:58:15 2025 GMT
            Not After : Sep 29 10:03:15 2026 GMT
        Subject: CN=1670965B292219ABD44917D0E3E794429F7735E6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:e9:4b:c3:dd:3d:51:07:ed:9e:f6:96:45:e4:
                    29:0d:00:72:f2:22:d5:2d:e4:29:64:5c:26:77:0a:
                    17:29:12:16:e2:57:0f:aa:fa:71:3b:c2:cf:63:7c:
                    aa:b2:cf:39:11:84:05:cb:3e:aa:eb:45:31:5e:b8:
                    d8:af:df:d7:7b:ed:b5:9e:1c:43:92:47:08:42:88:
                    11:17:20:42:31:aa:0e:85:c5:d7:78:7d:53:3a:9d:
                    f3:46:a6:44:27:1f:46:71:b1:35:12:a7:42:c9:c8:
                    66:52:3d:a1:1c:49:97:52:ae:28:75:1d:fa:45:49:
                    8a:68:e8:e3:c4:93:07:83:60:41:87:85:a8:8f:08:
                    b9:b8:fb:69:67:2c:8a:69:e3:28:f2:d1:28:d0:92:
                    84:95:fa:e3:64:d9:82:32:f4:f2:e0:a8:88:84:fd:
                    eb:1e:b0:ca:39:3b:f4:51:8e:82:5c:56:a1:8f:03:
                    00:ef:1b:5c:91:0f:34:41:dc:22:d9:7e:1c:35:78:
                    4f:29:3f:03:1b:0b:9e:61:7c:0e:38:16:32:a3:45:
                    96:4a:fc:25:28:9e:fc:1a:40:c4:d1:1c:b3:fb:7b:
                    1a:bf:12:ea:cb:8e:7c:c5:30:03:80:43:fe:68:55:
                    5b:8d:7a:5a:bf:d6:41:32:79:3b:e7:d0:e4:2c:30:
                    22:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:70:96:5B:29:22:19:AB:D4:49:17:D0:E3:E7:94:42:9F:77:35:E6
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS214025.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.139.219.0/24
                  82.139.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:2e:ef:85:d5:76:a4:35:72:24:67:52:6d:68:60:5d:03:57:
         12:4f:6e:04:05:3a:70:4c:5d:6c:85:06:5e:f1:d0:53:bc:20:
         7f:6e:a8:5c:7f:e0:c5:51:47:fe:0b:b3:43:98:fc:3e:1d:ae:
         35:69:6e:89:de:43:12:32:05:45:e4:89:95:4b:b5:ca:40:79:
         01:d9:f2:be:5e:48:b0:bd:73:1f:a2:ba:9f:36:ac:d1:71:3c:
         83:12:76:8c:49:76:41:df:d3:39:21:04:5e:23:b4:b7:61:a5:
         28:c1:4c:96:2d:86:53:7f:2e:ca:80:21:21:ea:6c:df:7a:75:
         9a:1e:88:6e:bf:f8:0b:8f:42:26:b2:cf:6c:50:ca:f1:da:73:
         bf:81:89:a8:cd:a2:94:7f:d6:bb:6b:09:56:df:d3:8c:88:69:
         58:18:99:64:1f:0b:3b:da:e6:0e:3c:4b:2d:37:b5:91:ce:79:
         1e:60:de:c3:bd:fa:88:1b:05:9c:e0:4d:e5:77:dc:a5:2d:24:
         15:10:d7:38:7e:3c:82:eb:c6:3d:0c:79:cd:d3:d7:57:8e:00:
         a8:74:6c:9b:c0:6e:ae:a3:7b:f4:b1:7e:38:e9:dc:0c:14:e5:
         9f:1b:33:fc:b4:d2:cf:4c:3f:58:3f:59:de:ad:dd:d1:30:29:
         fa:cd:34:a4
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUOoJz4/xpTARegJXz7hZWon31P00wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MzAwOTU4MTVaFw0yNjA5MjkxMDAzMTVaMDMxMTAvBgNV
BAMTKDE2NzA5NjVCMjkyMjE5QUJENDQ5MTdEMEUzRTc5NDQyOUY3NzM1RTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo6UvD3T1RB+2e9pZF5CkNAHLy
ItUt5ClkXCZ3ChcpEhbiVw+q+nE7ws9jfKqyzzkRhAXLPqrrRTFeuNiv39d77bWe
HEOSRwhCiBEXIEIxqg6Fxdd4fVM6nfNGpkQnH0ZxsTUSp0LJyGZSPaEcSZdSrih1
HfpFSYpo6OPEkweDYEGHhaiPCLm4+2lnLIpp4yjy0SjQkoSV+uNk2YIy9PLgqIiE
/esesMo5O/RRjoJcVqGPAwDvG1yRDzRB3CLZfhw1eE8pPwMbC55hfA44FjKjRZZK
/CUonvwaQMTRHLP7exq/EurLjnzFMAOAQ/5oVVuNelq/1kEyeTvn0OQsMCLPAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUFnCWWykiGavUSRfQ4+eUQp93NeYwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMjE0MDI1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUovb
AwQAUov3MA0GCSqGSIb3DQEBCwUAA4IBAQAQLu+F1XakNXIkZ1JtaGBdA1cST24E
BTpwTF1shQZe8dBTvCB/bqhcf+DFUUf+C7NDmPw+Ha41aW6J3kMSMgVF5ImVS7XK
QHkB2fK+XkiwvXMforqfNqzRcTyDEnaMSXZB39M5IQReI7S3YaUowUyWLYZTfy7K
gCEh6mzfenWaHohuv/gLj0Imss9sUMrx2nO/gYmozaKUf9a7awlW39OMiGlYGJlk
Hws72uYOPEstN7WRznkeYN7DvfqIGwWc4E3ld9ylLSQVENc4fjyC68Y9DHnN09dX
jgCodGybwG6uo3v0sX446dwMFOWfGzP8tNLPTD9YP1nerd3RMCn6zTSk
-----END CERTIFICATE-----