Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS214432.roa
File:                     AS214432.roa (raw, json)
Hash identifier:          BQxrTBE0A/cDkLfmkbSxeUneswUMu8VUv4klEIsDgtw=
Subject key identifier:   D4:78:15:F3:53:82:3C:3B:45:58:FB:18:4C:6D:1F:8D:B9:9D:3D:4A
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       065F856C3C821C9AEF3D78158068D23692786AE0
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS214432.roa
Signing time:             Tue 30 Sep 2025 10:03:14 +0000
ROA not before:           Tue 30 Sep 2025 09:58:14 +0000
ROA not after:            Tue 29 Sep 2026 10:03:14 +0000
asID:                     214432
IP address blocks:        46.236.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:5f:85:6c:3c:82:1c:9a:ef:3d:78:15:80:68:d2:36:92:78:6a:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep 30 09:58:14 2025 GMT
            Not After : Sep 29 10:03:14 2026 GMT
        Subject: CN=D47815F353823C3B4558FB184C6D1F8DB99D3D4A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:b1:e5:d7:9a:50:06:84:b9:4c:87:3f:16:8c:
                    7c:ed:0d:14:70:de:62:82:3a:9d:fa:9a:8b:fd:40:
                    af:2e:ac:f8:7c:e3:4b:5f:30:40:28:bc:fc:a0:97:
                    59:17:d4:f1:db:b9:94:6e:85:19:17:87:d6:14:7d:
                    aa:4f:d4:4d:5a:15:51:da:11:8b:5f:a9:7f:d6:94:
                    e7:6b:f4:32:a9:0e:54:7f:db:6c:d9:d7:e1:c2:d3:
                    1c:93:c7:e5:9a:df:bb:72:14:38:07:70:fd:7f:82:
                    00:22:85:c0:db:4e:4b:24:17:12:a0:0d:23:ba:59:
                    bc:f0:2c:aa:67:b0:7e:49:d0:cb:90:5a:f7:51:df:
                    f1:2c:6e:52:6c:b4:1f:a0:ce:0c:99:b2:e9:4c:e8:
                    59:f7:c3:e0:3e:90:03:73:ee:a3:f3:ff:b4:8f:87:
                    71:47:7d:0a:1d:ff:1f:f1:af:96:75:1d:1b:2d:6d:
                    73:28:2a:89:02:8f:23:fb:2e:28:af:63:4d:37:3b:
                    1a:82:fb:ed:e1:b2:c4:e9:1f:24:15:ad:47:2e:ef:
                    71:6b:cf:a2:40:93:93:f8:7f:6c:b3:98:51:e7:2a:
                    4e:99:fe:34:c1:26:cd:c5:3e:5d:ec:31:f7:26:73:
                    de:9b:c9:ed:5f:c3:56:8b:8d:f6:25:fd:4a:e2:21:
                    92:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:78:15:F3:53:82:3C:3B:45:58:FB:18:4C:6D:1F:8D:B9:9D:3D:4A
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS214432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:c4:ca:2c:45:84:7a:58:77:25:2e:04:fa:f9:5e:87:df:a2:
         31:3e:c5:fb:36:2a:4a:de:7b:52:a5:56:b3:da:8d:83:93:e0:
         4c:59:6a:2b:a9:0f:80:0f:2c:47:f6:a1:89:b5:a4:c5:81:41:
         2e:33:77:13:d5:6c:52:86:1f:e5:18:55:0e:13:37:56:90:aa:
         5a:ad:86:1e:38:b6:33:2e:00:53:e6:77:45:8e:1c:17:91:61:
         4a:e4:ec:41:b5:d6:8d:fe:ee:a2:a9:71:29:f3:0c:15:38:93:
         3f:cd:76:a9:c1:9d:e8:13:c1:65:8c:a0:9c:97:f0:16:1b:1f:
         3b:4d:77:ce:7c:61:5a:c1:83:3b:a1:4c:62:40:14:27:7b:da:
         89:fa:48:4f:0e:d5:73:32:41:24:5e:dd:40:fa:58:26:2b:be:
         29:87:7d:4c:72:a8:36:a6:d1:22:03:da:45:68:7c:0a:28:9d:
         3a:88:68:98:f2:ac:4c:e4:74:80:4c:f2:b1:67:d3:13:a1:fa:
         9a:0e:57:ba:a3:cc:26:df:43:67:04:60:3e:85:11:75:37:6e:
         47:55:14:a2:e9:11:84:a7:ed:8d:bd:4f:37:03:2f:56:10:39:
         85:58:d7:82:ca:04:42:43:34:a0:00:21:90:f8:46:b4:ff:8e:
         0a:70:bc:38
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUBl+FbDyCHJrvPXgVgGjSNpJ4auAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MzAwOTU4MTRaFw0yNjA5MjkxMDAzMTRaMDMxMTAvBgNV
BAMTKEQ0NzgxNUYzNTM4MjNDM0I0NTU4RkIxODRDNkQxRjhEQjk5RDNENEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD1seXXmlAGhLlMhz8WjHztDRRw
3mKCOp36mov9QK8urPh840tfMEAovPygl1kX1PHbuZRuhRkXh9YUfapP1E1aFVHa
EYtfqX/WlOdr9DKpDlR/22zZ1+HC0xyTx+Wa37tyFDgHcP1/ggAihcDbTkskFxKg
DSO6WbzwLKpnsH5J0MuQWvdR3/EsblJstB+gzgyZsulM6Fn3w+A+kANz7qPz/7SP
h3FHfQod/x/xr5Z1HRstbXMoKokCjyP7LiivY003OxqC++3hssTpHyQVrUcu73Fr
z6JAk5P4f2yzmFHnKk6Z/jTBJs3FPl3sMfcmc96bye1fw1aLjfYl/UriIZKRAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU1HgV81OCPDtFWPsYTG0fjbmdPUowHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMjE0NDMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALuzA
MA0GCSqGSIb3DQEBCwUAA4IBAQBCxMosRYR6WHclLgT6+V6H36IxPsX7NipK3ntS
pVaz2o2Dk+BMWWorqQ+ADyxH9qGJtaTFgUEuM3cT1WxShh/lGFUOEzdWkKparYYe
OLYzLgBT5ndFjhwXkWFK5OxBtdaN/u6iqXEp8wwVOJM/zXapwZ3oE8FljKCcl/AW
Gx87TXfOfGFawYM7oUxiQBQne9qJ+khPDtVzMkEkXt1A+lgmK74ph31Mcqg2ptEi
A9pFaHwKKJ06iGiY8qxM5HSATPKxZ9MTofqaDle6o8wm30NnBGA+hRF1N25HVRSi
6RGEp+2NvU83Ay9WEDmFWNeCygRCQzSgACGQ+Ea0/44KcLw4
-----END CERTIFICATE-----