Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS3214.roa
File:                     AS3214.roa (raw, json)
Hash identifier:          jdza9PJ3CeFkyeGfFz9cYPmh+OJHouTGbuicXyr4m1M=
Subject key identifier:   49:32:E6:47:4A:80:E6:1A:E6:85:1A:EB:64:10:68:75:63:AB:ED:F1
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       627C63F7595CF41E599638FC722E76650F38E263
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS3214.roa
Signing time:             Mon 11 May 2026 01:55:53 +0000
ROA not before:           Mon 11 May 2026 01:50:53 +0000
ROA not after:            Mon 10 May 2027 01:55:53 +0000
asID:                     3214
IP address blocks:        82.139.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 13:47:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:7c:63:f7:59:5c:f4:1e:59:96:38:fc:72:2e:76:65:0f:38:e2:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: May 11 01:50:53 2026 GMT
            Not After : May 10 01:55:53 2027 GMT
        Subject: CN=4932E6474A80E61AE6851AEB6410687563ABEDF1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:0c:65:5e:a9:3a:04:ee:fc:b2:5a:01:18:96:
                    20:72:1d:48:8e:77:ca:c2:a1:0d:6b:17:f0:78:17:
                    f6:59:9c:20:6e:47:d7:e6:0b:5d:92:a7:45:19:70:
                    e5:4b:49:8b:d9:2f:16:0f:fe:7d:24:34:2d:dd:7e:
                    69:02:57:99:75:a3:a1:89:40:ac:65:b7:9a:2e:e4:
                    63:43:64:cc:68:58:2a:ce:1c:9e:0d:5b:6f:0e:fa:
                    6d:84:1a:f7:f8:75:3f:1a:b9:4e:0e:57:a0:94:73:
                    14:5b:87:bc:05:7d:33:6a:64:1c:85:58:4c:d6:20:
                    f2:2d:e3:17:aa:13:8b:a8:98:a6:31:fc:6b:75:f9:
                    f0:bc:28:b2:4a:1b:48:77:0c:3e:a8:ce:bb:70:ab:
                    c9:71:71:74:6c:b4:9f:22:5b:81:c7:2e:9d:0d:70:
                    b7:aa:5f:32:6d:e9:93:f8:7f:7b:26:fc:83:41:a5:
                    49:8e:dd:8b:dc:84:ce:47:3c:d4:71:4a:16:d5:f8:
                    83:90:89:2a:da:bb:6c:98:34:90:7f:c1:6c:cb:16:
                    f1:ca:68:5e:c7:bf:8a:da:47:a8:f0:ca:ee:eb:0a:
                    b4:cd:20:4e:65:d8:ec:87:2a:8c:10:6c:50:ff:be:
                    40:e2:85:60:5a:27:22:48:2b:3d:f8:e9:e4:04:7d:
                    25:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:32:E6:47:4A:80:E6:1A:E6:85:1A:EB:64:10:68:75:63:AB:ED:F1
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS3214.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.139.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:52:da:1a:e1:86:22:ec:75:43:bc:b7:e1:7a:9c:83:84:d2:
         08:82:98:50:10:2a:bf:ce:4b:05:4f:aa:84:e1:57:09:92:55:
         0a:eb:ec:78:e2:79:13:b1:4a:bc:52:65:43:3a:2a:a7:bd:04:
         cb:33:9f:8b:37:a1:f2:4d:09:f7:ab:17:d3:e9:9b:87:b5:71:
         ba:17:37:76:5c:90:89:a5:8c:79:96:26:66:16:97:2c:ee:dd:
         5f:14:28:7c:46:37:94:94:9a:72:1c:e3:e3:0c:60:9b:ca:1c:
         41:4e:24:22:16:b0:62:c5:0c:60:7f:f1:4b:c2:54:3f:8a:7f:
         41:8c:54:e2:1b:3f:24:d8:4d:7c:08:22:58:7f:b3:98:84:7f:
         0a:7a:d3:5d:05:10:40:ab:37:8c:28:5e:0b:4b:2c:11:78:f7:
         25:12:2c:f4:ba:c1:e9:38:42:38:de:9b:3f:df:af:3f:4c:8a:
         e1:0d:22:5b:17:38:cd:86:6a:77:8e:1a:08:23:e0:9a:c1:2a:
         1d:28:33:ab:68:b0:ea:7d:7b:6e:cc:69:cd:cc:9d:4e:8a:0e:
         cd:6f:52:a8:a4:7c:41:68:aa:ff:b6:6b:ba:f8:10:ec:ee:49:
         87:1a:6d:d7:9d:42:52:c3:a7:63:e5:87:0a:48:c9:58:e4:ca:
         0f:93:bf:7d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUYnxj91lc9B5Zljj8ci52ZQ844mMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNjA1MTEwMTUwNTNaFw0yNzA1MTAwMTU1NTNaMDMxMTAvBgNV
BAMTKDQ5MzJFNjQ3NEE4MEU2MUFFNjg1MUFFQjY0MTA2ODc1NjNBQkVERjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqDGVeqToE7vyyWgEYliByHUiO
d8rCoQ1rF/B4F/ZZnCBuR9fmC12Sp0UZcOVLSYvZLxYP/n0kNC3dfmkCV5l1o6GJ
QKxlt5ou5GNDZMxoWCrOHJ4NW28O+m2EGvf4dT8auU4OV6CUcxRbh7wFfTNqZByF
WEzWIPIt4xeqE4uomKYx/Gt1+fC8KLJKG0h3DD6ozrtwq8lxcXRstJ8iW4HHLp0N
cLeqXzJt6ZP4f3sm/INBpUmO3YvchM5HPNRxShbV+IOQiSrau2yYNJB/wWzLFvHK
aF7Hv4raR6jwyu7rCrTNIE5l2OyHKowQbFD/vkDihWBaJyJIKz346eQEfSWZAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUSTLmR0qA5hrmhRrrZBBodWOr7fEwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMzIxNC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFKL1zAN
BgkqhkiG9w0BAQsFAAOCAQEATFLaGuGGIux1Q7y34Xqcg4TSCIKYUBAqv85LBU+q
hOFXCZJVCuvseOJ5E7FKvFJlQzoqp70EyzOfizeh8k0J96sX0+mbh7Vxuhc3dlyQ
iaWMeZYmZhaXLO7dXxQofEY3lJSachzj4wxgm8ocQU4kIhawYsUMYH/xS8JUP4p/
QYxU4hs/JNhNfAgiWH+zmIR/CnrTXQUQQKs3jCheC0ssEXj3JRIs9LrB6ThCON6b
P9+vP0yK4Q0iWxc4zYZqd44aCCPgmsEqHSgzq2iw6n17bsxpzcydTooOzW9SqKR8
QWiq/7ZruvgQ7O5Jhxpt151CUsOnY+WHCkjJWOTKD5O/fQ==
-----END CERTIFICATE-----