Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS214483.roa
File:                     AS214483.roa (raw, json)
Hash identifier:          6RqqmAQfiH5vxDsevnysTOwpoPe3+DXp3DMdAvOkobQ=
Subject key identifier:   26:20:A4:43:32:B7:16:CA:14:69:09:D1:CF:2C:8D:CC:AF:03:25:A1
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       23210F40EFE0D965CCD8C6057083251D07408C94
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS214483.roa
Signing time:             Tue 30 Sep 2025 10:03:15 +0000
ROA not before:           Tue 30 Sep 2025 09:58:15 +0000
ROA not after:            Tue 29 Sep 2026 10:03:15 +0000
asID:                     214483
IP address blocks:        46.236.196.0/23 maxlen: 24
                          46.236.204.0/23 maxlen: 24
                          46.236.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:21:0f:40:ef:e0:d9:65:cc:d8:c6:05:70:83:25:1d:07:40:8c:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep 30 09:58:15 2025 GMT
            Not After : Sep 29 10:03:15 2026 GMT
        Subject: CN=2620A44332B716CA146909D1CF2C8DCCAF0325A1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:25:a8:27:f1:a7:e5:13:76:17:f9:bb:0f:ce:
                    cb:05:47:91:a5:2e:cf:b7:d0:41:58:1e:f7:05:f5:
                    ac:a6:77:75:bd:f5:4e:4c:5e:7d:10:e1:55:d6:35:
                    78:17:33:3b:8b:79:f4:6e:ad:aa:27:6b:5e:1e:84:
                    fd:42:cd:d3:8c:68:44:08:6a:54:f6:5b:c5:c4:3f:
                    c1:e4:78:cd:50:42:f9:e5:a9:56:d8:a6:f9:7c:ff:
                    b2:af:f6:7a:67:8e:25:42:e8:6c:78:3d:65:c6:06:
                    e9:68:d7:e8:c6:c5:63:46:23:6f:79:20:85:49:c2:
                    10:d7:46:ba:89:8a:ce:7e:2c:44:ce:3c:f6:51:83:
                    92:00:fb:bf:2d:dd:36:bc:36:ee:1d:2a:37:ea:4f:
                    fe:4b:6e:5d:8e:15:74:19:d6:17:28:58:3d:9f:d7:
                    0f:f6:7e:cb:f6:9d:30:57:ad:85:c8:21:fe:81:09:
                    65:67:0d:ca:61:53:cd:78:8b:27:bf:e2:66:91:18:
                    05:df:61:3f:5c:ca:91:fe:d4:e0:26:79:73:f0:59:
                    04:b4:5c:cd:55:34:f4:ba:4e:c6:90:f8:1c:9f:a8:
                    eb:90:bd:c4:e3:9b:8c:93:69:ad:98:a8:6b:f2:19:
                    e6:02:c1:18:e6:60:56:c2:0e:65:79:1b:16:83:74:
                    33:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:20:A4:43:32:B7:16:CA:14:69:09:D1:CF:2C:8D:CC:AF:03:25:A1
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS214483.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.196.0/23
                  46.236.204.0-46.236.206.255

    Signature Algorithm: sha256WithRSAEncryption
         83:c3:0c:73:61:a5:3f:a5:94:f9:66:ef:2d:c0:e4:bf:74:f7:
         30:54:c2:86:24:1e:71:c6:e1:a3:0d:48:d0:90:23:33:3a:b3:
         00:ad:d8:48:b8:e2:30:c4:96:53:ac:a7:cd:e4:a3:56:d6:40:
         03:96:d8:cd:44:56:d0:ed:a1:f3:4e:64:ac:b7:96:b8:48:b9:
         8a:a3:43:16:6d:5f:b0:a4:81:4a:26:05:60:c0:51:8c:d3:0d:
         f2:02:25:a9:f3:83:f9:5c:34:d8:e6:d1:b2:18:46:ed:69:73:
         a2:11:3e:16:b0:68:91:6d:49:ff:fa:e2:39:1e:38:26:60:ba:
         f6:cf:9f:9b:d9:2e:7c:35:85:4c:f8:92:82:dd:de:6c:fc:5a:
         64:8b:fa:76:a0:1d:66:c8:3e:3b:0b:ae:2c:5c:06:4a:a8:e4:
         26:34:89:af:07:e1:63:6f:ec:03:01:34:c3:2f:28:8b:f5:97:
         7e:f1:9d:d9:eb:82:42:6a:cd:08:2e:1a:b2:ba:e1:53:ff:14:
         13:9e:f0:79:25:ee:b7:8c:89:24:83:e6:60:11:e6:23:36:b1:
         fe:b5:ce:eb:3f:e3:6e:3c:27:eb:65:1f:48:b3:c6:ac:64:7e:
         4d:0e:b8:da:ab:a5:a7:a8:e7:30:4d:3e:41:c0:72:80:e7:b8:
         ad:45:7b:b1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgIUIyEPQO/g2WXM2MYFcIMlHQdAjJQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MzAwOTU4MTVaFw0yNjA5MjkxMDAzMTVaMDMxMTAvBgNV
BAMTKDI2MjBBNDQzMzJCNzE2Q0ExNDY5MDlEMUNGMkM4RENDQUYwMzI1QTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyJagn8aflE3YX+bsPzssFR5Gl
Ls+30EFYHvcF9aymd3W99U5MXn0Q4VXWNXgXMzuLefRuraona14ehP1CzdOMaEQI
alT2W8XEP8HkeM1QQvnlqVbYpvl8/7Kv9npnjiVC6Gx4PWXGBulo1+jGxWNGI295
IIVJwhDXRrqJis5+LETOPPZRg5IA+78t3Ta8Nu4dKjfqT/5Lbl2OFXQZ1hcoWD2f
1w/2fsv2nTBXrYXIIf6BCWVnDcphU814iye/4maRGAXfYT9cypH+1OAmeXPwWQS0
XM1VNPS6TsaQ+ByfqOuQvcTjm4yTaa2YqGvyGeYCwRjmYFbCDmV5GxaDdDNvAgMB
AAGjggIYMIICFDAdBgNVHQ4EFgQUJiCkQzK3FsoUaQnRzyyNzK8DJaEwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMjE0NDgzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQBLuzE
MAwDBAIu7MwDBAAu7M4wDQYJKoZIhvcNAQELBQADggEBAIPDDHNhpT+llPlm7y3A
5L909zBUwoYkHnHG4aMNSNCQIzM6swCt2Ei44jDEllOsp83ko1bWQAOW2M1EVtDt
ofNOZKy3lrhIuYqjQxZtX7CkgUomBWDAUYzTDfICJanzg/lcNNjm0bIYRu1pc6IR
PhawaJFtSf/64jkeOCZguvbPn5vZLnw1hUz4koLd3mz8WmSL+nagHWbIPjsLrixc
Bkqo5CY0ia8H4WNv7AMBNMMvKIv1l37xndnrgkJqzQguGrK64VP/FBOe8Hkl7reM
iSSD5mAR5iM2sf61zus/4248J+tlH0izxqxkfk0OuNqrpaeo5zBNPkHAcoDnuK1F
e7E=
-----END CERTIFICATE-----