Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS214271.roa
File:                     AS214271.roa (raw, json)
Hash identifier:          Ryxr7X7Ltqo6eG8diqWyYYKBcmlEtpuVl7WOq2jpWd4=
Subject key identifier:   EC:9E:BD:80:CE:5B:6E:92:25:98:4E:17:1F:4A:68:6D:B2:F8:D6:8B
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       47FE14D373C9795739BC6C171C19691130929097
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS214271.roa
Signing time:             Tue 30 Sep 2025 10:03:14 +0000
ROA not before:           Tue 30 Sep 2025 09:58:14 +0000
ROA not after:            Tue 29 Sep 2026 10:03:14 +0000
asID:                     214271
IP address blocks:        46.236.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:fe:14:d3:73:c9:79:57:39:bc:6c:17:1c:19:69:11:30:92:90:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep 30 09:58:14 2025 GMT
            Not After : Sep 29 10:03:14 2026 GMT
        Subject: CN=EC9EBD80CE5B6E9225984E171F4A686DB2F8D68B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:e0:68:d6:fd:97:bb:65:d9:98:cc:92:8a:91:
                    92:63:bf:27:88:96:4b:85:f1:40:a9:b3:9f:3a:78:
                    97:0d:72:a6:33:d6:30:e5:01:ac:84:31:bf:3e:56:
                    00:de:d6:e6:2e:1d:dd:43:ac:91:d1:7d:af:81:60:
                    95:84:80:7a:77:b8:30:c6:ac:5d:95:d7:2a:96:ea:
                    63:41:63:b0:a9:ff:37:01:8c:16:29:b2:42:07:4e:
                    a1:69:83:b8:9c:6b:9c:4f:90:9a:f8:37:7c:0a:58:
                    47:a1:2e:fd:7e:3a:59:45:39:62:6f:c2:38:95:a5:
                    83:80:7a:68:4a:0d:91:4e:b2:24:5b:a7:35:53:0c:
                    eb:75:8b:3f:d1:32:96:f0:d8:69:6a:e9:b3:ba:e8:
                    47:ca:42:48:81:62:87:40:33:94:a1:ab:df:ec:00:
                    80:da:61:b1:cb:5e:ab:8b:d0:b8:77:cc:1a:23:5b:
                    bd:3b:7b:52:32:9e:19:0a:01:a7:68:55:94:71:00:
                    74:be:0e:69:35:65:e5:5a:b7:79:21:60:27:89:55:
                    ba:66:d6:6e:d1:0f:29:9e:3b:29:4e:30:00:b3:5b:
                    fc:7d:3f:c0:bf:16:1a:8d:90:21:56:bf:b7:bf:cf:
                    4a:9d:ff:f8:c1:6d:98:22:dd:bb:84:b1:2f:b7:a7:
                    3d:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:9E:BD:80:CE:5B:6E:92:25:98:4E:17:1F:4A:68:6D:B2:F8:D6:8B
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS214271.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:ac:97:3e:d2:5b:d8:62:43:c8:b7:f5:a8:24:d8:19:7e:ea:
         a4:ee:a5:94:df:b6:71:a4:bf:c6:03:b8:f8:ef:5c:c0:98:b9:
         3f:50:9c:a6:5c:c4:dd:b4:c1:b7:40:b6:c9:22:b3:9e:2a:cd:
         92:df:dc:eb:d8:b1:08:02:20:04:2f:b4:31:1f:a1:67:f2:d9:
         a8:49:2b:c7:00:9b:51:90:76:1d:ff:c1:13:90:31:83:41:53:
         22:4e:41:51:e9:72:e1:2b:dc:42:c6:fa:51:2a:94:11:d6:64:
         68:82:c2:de:d6:a3:4e:dc:4f:b9:f0:6b:e5:c5:50:2d:e6:4b:
         50:9f:ab:6d:33:9d:a3:be:12:1d:84:00:42:97:3e:ad:51:12:
         9f:4e:38:20:2b:e5:88:c3:03:e0:e6:5b:91:7d:48:9a:d7:7f:
         e5:ef:03:65:4f:49:d7:ac:2a:7d:c3:93:d4:fe:4a:1d:c2:ec:
         be:b5:6b:7e:66:2e:46:11:e1:e0:b9:04:bd:95:f9:58:6b:71:
         bf:f7:14:e9:13:c1:0c:21:8a:7e:51:5a:16:eb:0c:ac:fa:05:
         81:46:05:19:72:18:2b:a6:41:88:6d:4d:fb:cd:b4:c6:89:ff:
         9a:b8:b0:1b:62:71:ff:d9:9a:62:94:38:09:f7:99:7f:58:98:
         8f:c2:a6:8d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUR/4U03PJeVc5vGwXHBlpETCSkJcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MzAwOTU4MTRaFw0yNjA5MjkxMDAzMTRaMDMxMTAvBgNV
BAMTKEVDOUVCRDgwQ0U1QjZFOTIyNTk4NEUxNzFGNEE2ODZEQjJGOEQ2OEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCq4GjW/Ze7ZdmYzJKKkZJjvyeI
lkuF8UCps586eJcNcqYz1jDlAayEMb8+VgDe1uYuHd1DrJHRfa+BYJWEgHp3uDDG
rF2V1yqW6mNBY7Cp/zcBjBYpskIHTqFpg7ica5xPkJr4N3wKWEehLv1+OllFOWJv
wjiVpYOAemhKDZFOsiRbpzVTDOt1iz/RMpbw2Glq6bO66EfKQkiBYodAM5Shq9/s
AIDaYbHLXquL0Lh3zBojW707e1IynhkKAadoVZRxAHS+Dmk1ZeVat3khYCeJVbpm
1m7RDymeOylOMACzW/x9P8C/FhqNkCFWv7e/z0qd//jBbZgi3buEsS+3pz27AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU7J69gM5bbpIlmE4XH0pobbL41oswHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMjE0MjcxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALuzQ
MA0GCSqGSIb3DQEBCwUAA4IBAQB3rJc+0lvYYkPIt/WoJNgZfuqk7qWU37ZxpL/G
A7j471zAmLk/UJymXMTdtMG3QLbJIrOeKs2S39zr2LEIAiAEL7QxH6Fn8tmoSSvH
AJtRkHYd/8ETkDGDQVMiTkFR6XLhK9xCxvpRKpQR1mRogsLe1qNO3E+58GvlxVAt
5ktQn6ttM52jvhIdhABClz6tURKfTjggK+WIwwPg5luRfUia13/l7wNlT0nXrCp9
w5PU/kodwuy+tWt+Zi5GEeHguQS9lflYa3G/9xTpE8EMIYp+UVoW6wys+gWBRgUZ
chgrpkGIbU37zbTGif+auLAbYnH/2ZpilDgJ95l/WJiPwqaN
-----END CERTIFICATE-----