Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS214025.roa
File:                     AS214025.roa (raw, json)
Hash identifier:          k14Hou/uLTI5LCEHtVNEKoPRi6OcYjOfPR+hYi07CXo=
Subject key identifier:   1E:38:46:C9:06:5F:70:E9:6D:4D:1E:4A:11:39:88:C9:A1:4A:DE:D6
Certificate issuer:       /CN=9dfbff217105df8877d463f6e9bac28a4084d20c
Certificate serial:       A398DA3001795BE164AC0712024A0C30950C9E
Authority key identifier: 9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS214025.roa
Signing time:             Fri 20 Mar 2026 11:06:18 +0000
ROA not before:           Fri 20 Mar 2026 11:01:18 +0000
ROA not after:            Fri 19 Mar 2027 11:06:18 +0000
asID:                     214025
IP address blocks:        193.32.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            a3:98:da:30:01:79:5b:e1:64:ac:07:12:02:4a:0c:30:95:0c:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dfbff217105df8877d463f6e9bac28a4084d20c
        Validity
            Not Before: Mar 20 11:01:18 2026 GMT
            Not After : Mar 19 11:06:18 2027 GMT
        Subject: CN=1E3846C9065F70E96D4D1E4A113988C9A14ADED6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:77:9b:80:60:4c:18:ee:3f:1c:29:10:f9:a2:
                    d9:27:ff:cc:d7:1a:c0:19:01:86:39:af:34:95:47:
                    e1:03:dd:3b:b7:4c:31:d7:52:47:bf:35:27:da:c2:
                    cb:1d:29:37:2e:2a:33:3d:db:28:30:b5:f7:69:34:
                    25:16:7a:d3:38:83:ce:54:2b:35:2e:a4:b7:8d:f7:
                    39:d9:d6:d3:8c:d7:57:57:ba:7e:4a:ad:10:c6:95:
                    fa:86:5c:72:49:6f:b2:b3:63:89:07:2b:e1:16:1b:
                    62:44:f4:a1:ab:76:ba:e3:c2:da:e1:35:7e:bf:59:
                    75:be:70:96:12:7a:14:c1:74:09:03:fe:8a:ed:d3:
                    35:0c:7b:7b:17:16:8a:ac:f0:a9:07:63:49:63:94:
                    1b:c0:1e:71:b0:b9:85:22:a8:50:af:2d:b3:6e:ef:
                    a3:fc:39:bf:a8:a5:37:64:0f:7e:ce:64:39:bc:40:
                    15:73:4c:51:fa:2d:3a:68:fe:d4:2a:9f:4b:27:cf:
                    ea:13:3b:8f:b3:6e:f5:a5:92:b1:c6:a0:8f:82:93:
                    50:36:c9:71:b4:02:ea:75:84:58:92:6b:26:12:0c:
                    b0:f2:9e:17:6c:06:15:4a:d3:dc:29:71:76:04:92:
                    ce:4d:65:d9:22:5a:ff:aa:cf:2b:99:c7:f8:8b:71:
                    a5:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:38:46:C9:06:5F:70:E9:6D:4D:1E:4A:11:39:88:C9:A1:4A:DE:D6
            X509v3 Authority Key Identifier:
                keyid:9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS214025.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:17:8c:04:fb:c9:d3:bb:2d:41:2f:e8:59:38:8d:e3:48:64:
         6f:11:a4:ab:7f:fa:f6:96:08:36:65:7d:30:9e:00:38:c4:89:
         1d:06:aa:ed:05:d9:f8:ee:c3:2c:40:f0:61:24:c8:a7:43:f0:
         da:2a:4f:1e:09:7e:1f:ec:ce:cd:89:0e:63:eb:2d:6f:78:58:
         62:be:75:93:6f:21:96:c2:a9:d2:6a:27:cb:83:1b:d8:88:38:
         9a:a6:43:f7:f2:72:ac:50:c5:dc:20:db:21:b7:da:85:be:58:
         69:a6:87:84:2a:aa:1a:97:1f:67:a9:dc:92:c4:d0:93:c3:50:
         7d:d6:d4:f1:a7:26:e7:32:92:6e:de:78:3f:65:31:41:98:84:
         b8:6e:48:46:53:0e:89:40:be:8b:74:77:d6:5f:09:70:34:1f:
         81:2b:3a:dd:3e:d7:20:84:a2:6a:42:fd:d8:e9:48:0f:e5:79:
         26:7a:b5:3b:c0:5d:d7:03:30:88:57:aa:41:00:38:fd:49:2c:
         2e:a9:a8:aa:a1:be:81:2a:40:92:ff:f2:89:95:60:6a:2a:cd:
         d3:e2:8c:ed:4b:33:bf:98:82:e9:74:5e:a6:fd:88:c6:81:75:
         bb:bb:da:69:d0:a1:4e:ed:da:53:06:f4:b4:df:04:6f:4f:ff:
         1c:7c:b3:ea
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUAKOY2jABeVvhZKwHEgJKDDCVDJ4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmYmZmMjE3MTA1ZGY4ODc3ZDQ2M2Y2ZTliYWMyOGE0
MDg0ZDIwYzAeFw0yNjAzMjAxMTAxMThaFw0yNzAzMTkxMTA2MThaMDMxMTAvBgNV
BAMTKDFFMzg0NkM5MDY1RjcwRTk2RDREMUU0QTExMzk4OEM5QTE0QURFRDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKd5uAYEwY7j8cKRD5otkn/8zX
GsAZAYY5rzSVR+ED3Tu3TDHXUke/NSfawssdKTcuKjM92ygwtfdpNCUWetM4g85U
KzUupLeN9znZ1tOM11dXun5KrRDGlfqGXHJJb7KzY4kHK+EWG2JE9KGrdrrjwtrh
NX6/WXW+cJYSehTBdAkD/ort0zUMe3sXFoqs8KkHY0ljlBvAHnGwuYUiqFCvLbNu
76P8Ob+opTdkD37OZDm8QBVzTFH6LTpo/tQqn0snz+oTO4+zbvWlkrHGoI+Ck1A2
yXG0Aup1hFiSayYSDLDynhdsBhVK09wpcXYEks5NZdkiWv+qzyuZx/iLcaU5AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUHjhGyQZfcOltTR5KETmIyaFK3tYwHwYDVR0j
BBgwFoAUnfv/IXEF34h31GP26brCikCE0gwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTViNGQ5ZTgtNDExMS00Mzk0LWEzYTYtYmQ4MjUxZTdm
YmJkLzAvOURGQkZGMjE3MTA1REY4ODc3RDQ2M0Y2RTlCQUMyOEE0MDg0RDIwQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25mdl9JWEVGMzRoMzFHUDI2YnJDaWtD
RTBndy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzU1YjRkOWU4LTQxMTEt
NDM5NC1hM2E2LWJkODI1MWU3ZmJiZC8wL0FTMjE0MDI1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSDM
MA0GCSqGSIb3DQEBCwUAA4IBAQCnF4wE+8nTuy1BL+hZOI3jSGRvEaSrf/r2lgg2
ZX0wngA4xIkdBqrtBdn47sMsQPBhJMinQ/DaKk8eCX4f7M7NiQ5j6y1veFhivnWT
byGWwqnSaifLgxvYiDiapkP38nKsUMXcINsht9qFvlhppoeEKqoalx9nqdySxNCT
w1B91tTxpybnMpJu3ng/ZTFBmIS4bkhGUw6JQL6LdHfWXwlwNB+BKzrdPtcghKJq
Qv3Y6UgP5XkmerU7wF3XAzCIV6pBADj9SSwuqaiqob6BKkCS//KJlWBqKs3T4ozt
SzO/mILpdF6m/YjGgXW7u9pp0KFO7dpTBvS03wRvT/8cfLPq
-----END CERTIFICATE-----