Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214432.roa
File:                     AS214432.roa (raw, json)
Hash identifier:          Yw08GeaaIC3LXbgPWZ8MKfgntC6l3Dz4EbdsD4GgIfs=
Subject key identifier:   64:13:3F:7A:DD:22:16:EC:E5:F6:7B:69:C7:94:A4:19:65:2A:47:9C
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       78F1DCED870F8084DB4D9C62DB883F0CB06B7795
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214432.roa
Signing time:             Sat 02 May 2026 07:50:26 +0000
ROA not before:           Sat 02 May 2026 07:45:26 +0000
ROA not after:            Sat 01 May 2027 07:50:26 +0000
asID:                     214432
IP address blocks:        191.101.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 08:12:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:f1:dc:ed:87:0f:80:84:db:4d:9c:62:db:88:3f:0c:b0:6b:77:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May  2 07:45:26 2026 GMT
            Not After : May  1 07:50:26 2027 GMT
        Subject: CN=64133F7ADD2216ECE5F67B69C794A419652A479C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:7b:e0:97:f9:ca:9a:87:7f:42:23:c6:be:6d:
                    47:bd:59:68:ca:80:3b:08:ee:3c:bd:38:69:36:6c:
                    ef:70:dc:cc:1f:d1:17:40:dd:87:5e:b6:d5:a0:2b:
                    5f:76:72:0b:13:6c:83:fb:57:0b:2b:78:c4:a9:fd:
                    48:2b:3b:6b:72:95:b5:28:fa:7b:b8:2c:12:46:2a:
                    23:5d:9d:46:79:e7:3b:f6:b5:15:a7:53:68:26:a7:
                    48:fe:22:83:16:69:21:f4:e0:80:29:2e:39:3e:ac:
                    e3:62:8b:93:62:bb:21:ee:94:7f:f5:1a:d2:84:26:
                    b5:c7:1a:49:71:6a:be:26:93:65:3b:53:79:22:96:
                    00:39:dc:c2:9a:cd:e6:2b:53:f9:9a:0f:d4:d6:b3:
                    cc:b7:33:53:43:ed:46:cb:5c:c2:82:cd:28:2e:80:
                    65:7f:f6:66:e6:44:ad:b6:bb:25:12:97:b8:94:a5:
                    99:1d:97:c3:b6:ec:f4:8a:35:bc:1d:42:b9:25:39:
                    97:62:93:58:8b:d2:a6:67:a8:8f:46:e4:41:11:5e:
                    80:64:20:01:7a:4f:df:8f:57:f6:da:81:fb:a9:36:
                    35:16:55:2d:a7:16:f4:2d:36:7b:fa:01:c8:9d:fd:
                    bb:69:6a:97:05:b6:b1:bc:94:38:ef:c2:34:ee:69:
                    c1:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:13:3F:7A:DD:22:16:EC:E5:F6:7B:69:C7:94:A4:19:65:2A:47:9C
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:93:bc:34:3b:78:85:56:be:0d:35:b5:0f:d4:4c:da:01:79:
         20:84:fe:b7:7d:0d:44:ce:55:ca:d2:3a:62:cd:6b:c0:6c:c4:
         ec:f3:3c:c9:84:d4:5c:64:3a:74:91:97:de:75:fc:5b:66:70:
         b2:8e:a3:35:17:6b:0c:16:55:dd:ec:d3:38:37:84:ba:d1:73:
         12:25:bf:18:53:11:a3:93:69:3f:55:87:1b:87:50:7e:e9:1a:
         24:c3:fe:67:b6:dd:f4:6f:e3:05:99:38:75:ff:0f:db:4d:5f:
         85:5c:b9:fb:45:d5:84:62:51:0f:fa:ef:00:6f:2c:1f:2b:0b:
         ce:76:95:d8:21:45:de:97:d8:a8:f4:2a:c0:fa:49:81:fd:05:
         f4:d2:5e:34:04:4b:50:f9:a1:5b:81:d6:a7:90:9c:ff:9e:e0:
         c9:bb:70:f1:73:62:81:2d:b9:e1:da:18:2d:93:1d:b1:50:81:
         cd:6d:9b:35:26:26:95:da:64:83:20:4e:47:38:bb:80:51:f3:
         6e:f7:1b:8a:f2:9e:d1:c8:56:a6:13:54:f1:bb:80:de:80:e0:
         15:88:24:c1:55:3c:4b:5a:8f:83:02:f5:e0:0a:d5:87:1c:24:
         a7:e1:2b:d4:42:c9:98:ba:f7:5d:c5:b1:48:3b:18:0c:31:b0:
         c6:1a:a2:4f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUePHc7YcPgITbTZxi24g/DLBrd5UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA1MDIwNzQ1MjZaFw0yNzA1MDEwNzUwMjZaMDMxMTAvBgNV
BAMTKDY0MTMzRjdBREQyMjE2RUNFNUY2N0I2OUM3OTRBNDE5NjUyQTQ3OUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCye+CX+cqah39CI8a+bUe9WWjK
gDsI7jy9OGk2bO9w3Mwf0RdA3YdettWgK192cgsTbIP7VwsreMSp/UgrO2tylbUo
+nu4LBJGKiNdnUZ55zv2tRWnU2gmp0j+IoMWaSH04IApLjk+rONii5NiuyHulH/1
GtKEJrXHGklxar4mk2U7U3kilgA53MKazeYrU/maD9TWs8y3M1ND7UbLXMKCzSgu
gGV/9mbmRK22uyUSl7iUpZkdl8O27PSKNbwdQrklOZdik1iL0qZnqI9G5EERXoBk
IAF6T9+PV/bagfupNjUWVS2nFvQtNnv6Acid/btpapcFtrG8lDjvwjTuacHtAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUZBM/et0iFuzl9ntpx5SkGWUqR5wwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE0NDMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2U/
MA0GCSqGSIb3DQEBCwUAA4IBAQBPk7w0O3iFVr4NNbUP1EzaAXkghP63fQ1EzlXK
0jpizWvAbMTs8zzJhNRcZDp0kZfedfxbZnCyjqM1F2sMFlXd7NM4N4S60XMSJb8Y
UxGjk2k/VYcbh1B+6Rokw/5ntt30b+MFmTh1/w/bTV+FXLn7RdWEYlEP+u8Abywf
KwvOdpXYIUXel9io9CrA+kmB/QX00l40BEtQ+aFbgdankJz/nuDJu3Dxc2KBLbnh
2hgtkx2xUIHNbZs1JiaV2mSDIE5HOLuAUfNu9xuK8p7RyFamE1Txu4DegOAViCTB
VTxLWo+DAvXgCtWHHCSn4SvUQsmYuvddxbFIOxgMMbDGGqJP
-----END CERTIFICATE-----