Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214720.roa
File:                     AS214720.roa (raw, json)
Hash identifier:          4FAIc0gU5CXtrb33ROJEacIxqgNeghzaPAFzUGlXbOg=
Subject key identifier:   00:F5:DC:30:FD:DB:6F:07:07:CE:B7:FC:DF:F1:08:B8:B2:88:A4:6F
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       01C24503FE1B73A93FF3D6CC6FFACAF59946F9D7
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214720.roa
Signing time:             Tue 05 May 2026 12:08:52 +0000
ROA not before:           Tue 05 May 2026 12:03:52 +0000
ROA not after:            Tue 04 May 2027 12:08:52 +0000
asID:                     214720
IP address blocks:        45.87.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 08:12:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:c2:45:03:fe:1b:73:a9:3f:f3:d6:cc:6f:fa:ca:f5:99:46:f9:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May  5 12:03:52 2026 GMT
            Not After : May  4 12:08:52 2027 GMT
        Subject: CN=00F5DC30FDDB6F0707CEB7FCDFF108B8B288A46F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:96:64:09:da:00:72:1d:8c:b4:8d:97:35:43:
                    ee:3b:87:c1:41:f7:0b:0c:e2:5f:e2:c8:83:93:13:
                    12:e1:cd:8d:f8:10:eb:da:c4:de:1a:83:01:36:c8:
                    c3:74:bd:c3:9f:0b:bc:f2:99:8c:8d:e9:a1:05:c1:
                    36:c4:86:79:3a:c2:92:f3:78:1a:2c:7e:17:ce:7e:
                    d0:89:f3:78:6d:c7:f3:18:0d:de:e1:40:e3:a1:10:
                    82:29:ca:6b:75:32:c5:16:78:9c:84:38:59:b9:82:
                    a7:3b:84:7e:ec:fa:5c:3e:be:ba:f2:f8:a6:fc:66:
                    17:d8:92:f3:87:4f:49:90:51:d0:ba:6b:56:fa:77:
                    4c:6e:b5:d1:c6:31:f9:88:d5:2d:34:16:2d:eb:66:
                    fd:02:bf:e5:76:09:4c:58:97:41:dc:1a:6f:86:bd:
                    23:d0:94:fa:68:f0:01:ff:9e:da:5d:8d:8e:f2:e9:
                    c4:e6:6e:5f:cd:e8:78:2c:a2:5a:cc:b1:71:b5:91:
                    da:fb:0c:f1:ba:48:e5:84:0e:ef:0d:30:dd:a6:7a:
                    c7:2a:b6:b5:f2:6f:8c:8f:ee:fb:ba:c4:96:85:c3:
                    80:2c:4e:03:12:bb:d7:98:a4:7e:eb:bd:66:94:cf:
                    be:6b:e6:07:2b:c2:6d:a4:03:32:ed:b7:31:ff:08:
                    9f:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:F5:DC:30:FD:DB:6F:07:07:CE:B7:FC:DF:F1:08:B8:B2:88:A4:6F
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214720.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:8a:0e:46:c5:d1:50:4b:82:d3:20:51:cf:4c:1b:f2:c0:3a:
         50:15:15:36:66:b2:38:e6:ef:27:9e:66:3b:a7:25:ae:ba:cb:
         86:dd:01:43:d0:0f:29:13:ed:ee:c0:d4:56:3c:dd:72:93:de:
         6e:25:db:97:b5:17:7e:bf:72:6b:75:30:04:a3:16:81:90:02:
         3a:88:ed:35:ff:08:8e:f2:2e:31:f7:02:91:8c:a5:8d:37:3c:
         04:d0:d7:cf:b9:0c:d5:97:5f:a5:53:44:3f:12:ff:4a:9c:43:
         cc:a2:cc:d9:cc:1c:72:d4:58:0d:d1:b7:9d:b3:73:33:aa:33:
         fc:40:db:92:1c:55:12:7b:a2:d7:fb:96:82:13:74:ae:5e:d2:
         3b:69:3c:dc:7e:bc:c1:2b:eb:e1:08:6c:12:ac:73:85:5e:c5:
         70:70:b4:1a:15:77:db:bd:a2:af:e3:66:fb:4b:3b:2c:67:a9:
         dd:f8:da:f2:76:fc:2c:e1:ff:7a:d6:7b:b9:6b:6f:21:bd:ba:
         91:ac:18:ed:a9:c3:56:22:66:8e:1a:d6:96:ff:5a:24:9c:18:
         92:8a:cb:d8:68:34:80:07:99:f5:14:40:05:d1:49:c8:10:e2:
         75:f7:3f:57:12:e0:7a:7d:d6:0b:cf:26:a0:5d:63:ba:36:8e:
         91:e4:d3:b8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUAcJFA/4bc6k/89bMb/rK9ZlG+dcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA1MDUxMjAzNTJaFw0yNzA1MDQxMjA4NTJaMDMxMTAvBgNV
BAMTKDAwRjVEQzMwRkREQjZGMDcwN0NFQjdGQ0RGRjEwOEI4QjI4OEE0NkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAlmQJ2gByHYy0jZc1Q+47h8FB
9wsM4l/iyIOTExLhzY34EOvaxN4agwE2yMN0vcOfC7zymYyN6aEFwTbEhnk6wpLz
eBosfhfOftCJ83htx/MYDd7hQOOhEIIpymt1MsUWeJyEOFm5gqc7hH7s+lw+vrry
+Kb8ZhfYkvOHT0mQUdC6a1b6d0xutdHGMfmI1S00Fi3rZv0Cv+V2CUxYl0HcGm+G
vSPQlPpo8AH/ntpdjY7y6cTmbl/N6HgsolrMsXG1kdr7DPG6SOWEDu8NMN2mescq
trXyb4yP7vu6xJaFw4AsTgMSu9eYpH7rvWaUz75r5gcrwm2kAzLttzH/CJ/VAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUAPXcMP3bbwcHzrf83/EIuLKIpG8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE0NzIwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVe4
MA0GCSqGSIb3DQEBCwUAA4IBAQCcig5GxdFQS4LTIFHPTBvywDpQFRU2ZrI45u8n
nmY7pyWuusuG3QFD0A8pE+3uwNRWPN1yk95uJduXtRd+v3JrdTAEoxaBkAI6iO01
/wiO8i4x9wKRjKWNNzwE0NfPuQzVl1+lU0Q/Ev9KnEPMoszZzBxy1FgN0beds3Mz
qjP8QNuSHFUSe6LX+5aCE3SuXtI7aTzcfrzBK+vhCGwSrHOFXsVwcLQaFXfbvaKv
42b7SzssZ6nd+Nrydvws4f961nu5a28hvbqRrBjtqcNWImaOGtaW/1oknBiSisvY
aDSAB5n1FEAF0UnIEOJ19z9XEuB6fdYLzyagXWO6No6R5NO4
-----END CERTIFICATE-----