Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS214941.roa
File:                     AS214941.roa (raw, json)
Hash identifier:          AMqsIB2dnWdIrkjdPv2dX7hSVYmfFhFo0c99ltzGe9k=
Subject key identifier:   57:0B:8C:57:75:DC:7B:38:93:8B:48:18:B5:70:1D:FD:22:5D:51:CA
Certificate issuer:       /CN=9dfbff217105df8877d463f6e9bac28a4084d20c
Certificate serial:       4BD5CF01477C26D7A7A3F58234450D45B17C4796
Authority key identifier: 9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS214941.roa
Signing time:             Sun 08 Mar 2026 18:37:04 +0000
ROA not before:           Sun 08 Mar 2026 18:32:04 +0000
ROA not after:            Sun 07 Mar 2027 18:37:04 +0000
asID:                     214941
IP address blocks:        212.87.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:d5:cf:01:47:7c:26:d7:a7:a3:f5:82:34:45:0d:45:b1:7c:47:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dfbff217105df8877d463f6e9bac28a4084d20c
        Validity
            Not Before: Mar  8 18:32:04 2026 GMT
            Not After : Mar  7 18:37:04 2027 GMT
        Subject: CN=570B8C5775DC7B38938B4818B5701DFD225D51CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:54:7d:ba:85:dd:db:9b:ee:eb:82:6c:14:ed:
                    cc:03:d4:e0:93:22:71:f0:eb:57:2f:02:17:cf:d0:
                    07:b7:dc:12:34:fd:3f:b2:11:83:2b:4f:ba:84:1b:
                    e2:0f:10:db:e1:51:18:28:f9:17:03:13:c1:d8:9d:
                    b0:44:d1:78:af:a3:f8:c1:f2:62:e3:64:d1:4b:b8:
                    fa:c7:c8:b7:a7:04:4f:b3:4a:fb:85:2a:4d:86:29:
                    f6:80:6e:19:f1:71:13:43:1c:78:ac:c1:9d:1b:84:
                    ac:06:45:b4:9f:e9:89:36:82:31:c9:d2:a0:09:1c:
                    eb:6a:5a:da:ce:2b:48:ff:64:24:54:1b:d7:f8:1e:
                    c4:f1:d7:31:dd:86:02:de:de:43:f0:cb:f3:b1:ef:
                    79:e6:3a:d3:ff:e5:97:3e:a4:4f:64:26:94:25:49:
                    20:76:e4:cc:a1:01:40:ef:22:dd:a7:2e:66:f3:22:
                    ac:dc:b6:45:ef:2a:be:34:71:dd:f4:cc:71:7f:02:
                    f0:20:26:75:05:66:16:eb:bf:27:b5:9b:ef:72:d7:
                    c8:82:3b:8b:ec:7b:b6:50:aa:31:e2:9c:fd:63:33:
                    56:0e:ca:35:bc:a6:64:3e:c0:e3:ca:9b:07:c1:c5:
                    74:8c:2c:0d:61:5e:41:8a:15:ab:f7:15:c1:6a:3f:
                    be:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:0B:8C:57:75:DC:7B:38:93:8B:48:18:B5:70:1D:FD:22:5D:51:CA
            X509v3 Authority Key Identifier:
                keyid:9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS214941.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.87.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:e9:57:eb:53:31:fc:e8:e6:6d:ba:9c:5c:24:39:ac:31:b5:
         f4:7e:72:d9:3c:fb:41:5c:8a:7f:25:73:c1:5d:69:b0:54:67:
         d7:b9:07:53:a9:b7:77:89:76:1d:cb:49:1b:f2:40:f3:cf:57:
         ac:e4:e6:c9:93:d3:d0:60:2f:ba:2d:b2:c8:cd:7f:1e:5d:0b:
         cb:db:45:d9:2b:12:40:f9:89:44:b1:ff:e1:68:81:ab:4d:3b:
         04:48:06:f8:9e:79:24:18:9a:28:54:5e:7d:a1:27:f9:50:7c:
         81:bc:c1:cd:2c:72:af:4e:f9:21:8b:f9:98:71:64:4a:3b:b1:
         c1:f4:63:aa:5d:84:f2:31:6c:fd:40:c8:6b:02:1a:e1:7c:4d:
         ed:48:7e:b0:c9:6c:c6:73:00:b9:30:a7:2b:a6:21:2d:28:54:
         df:b3:a6:89:c4:c2:98:64:f2:74:75:f4:45:2b:61:89:39:81:
         a6:ff:d6:43:0d:a8:4e:48:9d:d4:2c:68:68:8d:9f:da:4d:56:
         92:29:2a:f4:7c:a9:30:ce:56:56:f4:a8:ee:56:b1:c6:99:a5:
         4a:32:6c:e9:a7:2a:c9:da:63:b8:3e:a1:f2:39:1c:54:eb:81:
         47:72:f8:10:05:e4:00:e5:52:65:21:f9:70:88:c5:ca:37:1a:
         99:32:c0:8e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUS9XPAUd8Jteno/WCNEUNRbF8R5YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmYmZmMjE3MTA1ZGY4ODc3ZDQ2M2Y2ZTliYWMyOGE0
MDg0ZDIwYzAeFw0yNjAzMDgxODMyMDRaFw0yNzAzMDcxODM3MDRaMDMxMTAvBgNV
BAMTKDU3MEI4QzU3NzVEQzdCMzg5MzhCNDgxOEI1NzAxREZEMjI1RDUxQ0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCKVH26hd3bm+7rgmwU7cwD1OCT
InHw61cvAhfP0Ae33BI0/T+yEYMrT7qEG+IPENvhURgo+RcDE8HYnbBE0Xivo/jB
8mLjZNFLuPrHyLenBE+zSvuFKk2GKfaAbhnxcRNDHHiswZ0bhKwGRbSf6Yk2gjHJ
0qAJHOtqWtrOK0j/ZCRUG9f4HsTx1zHdhgLe3kPwy/Ox73nmOtP/5Zc+pE9kJpQl
SSB25MyhAUDvIt2nLmbzIqzctkXvKr40cd30zHF/AvAgJnUFZhbrvye1m+9y18iC
O4vse7ZQqjHinP1jM1YOyjW8pmQ+wOPKmwfBxXSMLA1hXkGKFav3FcFqP77rAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUVwuMV3XceziTi0gYtXAd/SJdUcowHwYDVR0j
BBgwFoAUnfv/IXEF34h31GP26brCikCE0gwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTViNGQ5ZTgtNDExMS00Mzk0LWEzYTYtYmQ4MjUxZTdm
YmJkLzAvOURGQkZGMjE3MTA1REY4ODc3RDQ2M0Y2RTlCQUMyOEE0MDg0RDIwQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25mdl9JWEVGMzRoMzFHUDI2YnJDaWtD
RTBndy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzU1YjRkOWU4LTQxMTEt
NDM5NC1hM2E2LWJkODI1MWU3ZmJiZC8wL0FTMjE0OTQxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1FfF
MA0GCSqGSIb3DQEBCwUAA4IBAQAG6VfrUzH86OZtupxcJDmsMbX0fnLZPPtBXIp/
JXPBXWmwVGfXuQdTqbd3iXYdy0kb8kDzz1es5ObJk9PQYC+6LbLIzX8eXQvL20XZ
KxJA+YlEsf/haIGrTTsESAb4nnkkGJooVF59oSf5UHyBvMHNLHKvTvkhi/mYcWRK
O7HB9GOqXYTyMWz9QMhrAhrhfE3tSH6wyWzGcwC5MKcrpiEtKFTfs6aJxMKYZPJ0
dfRFK2GJOYGm/9ZDDahOSJ3ULGhojZ/aTVaSKSr0fKkwzlZW9KjuVrHGmaVKMmzp
pyrJ2mO4PqHyORxU64FHcvgQBeQA5VJlIflwiMXKNxqZMsCO
-----END CERTIFICATE-----