Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214478.roa
File:                     AS214478.roa (raw, json)
Hash identifier:          pgYBQJ2OM4DXWcsML68qXuFfTOQ31+gTwt7OAYkiGmI=
Subject key identifier:   43:7F:6A:8B:8E:48:8C:4F:5E:D0:F9:35:1E:14:83:40:B3:5F:FD:CE
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       76809DA4C647C2C7E6682189444442F416A5FB2A
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214478.roa
Signing time:             Fri 01 May 2026 21:47:07 +0000
ROA not before:           Fri 01 May 2026 21:42:07 +0000
ROA not after:            Fri 30 Apr 2027 21:47:07 +0000
asID:                     214478
IP address blocks:        2a13:9500:76::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:80:9d:a4:c6:47:c2:c7:e6:68:21:89:44:44:42:f4:16:a5:fb:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May  1 21:42:07 2026 GMT
            Not After : Apr 30 21:47:07 2027 GMT
        Subject: CN=437F6A8B8E488C4F5ED0F9351E148340B35FFDCE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:9d:21:2f:4b:68:96:78:03:29:fc:4a:73:41:
                    2a:04:34:71:1c:ec:63:ca:d7:c2:e5:12:72:82:a7:
                    b9:18:b2:0c:79:31:fe:93:ef:82:1a:21:9a:96:cd:
                    bb:a6:fe:a2:59:b3:82:ac:77:e7:57:06:77:b9:34:
                    83:44:6c:1f:75:4e:ae:80:d9:9b:ef:a7:79:a2:57:
                    55:7f:1b:94:86:02:76:c6:9e:51:ff:44:8b:14:b2:
                    0e:99:bd:f2:62:66:14:d9:7f:39:ff:9d:39:28:ed:
                    76:62:41:0a:c9:ad:a6:d8:ec:d6:55:5b:36:60:96:
                    3f:4f:c7:7e:05:80:f4:32:43:38:96:eb:4a:71:68:
                    11:24:8b:71:e3:fe:7a:38:8a:a6:d6:31:7f:b3:ea:
                    b5:5b:4a:19:f5:c5:ac:f8:72:f8:ad:dd:75:1e:d4:
                    40:83:86:c4:83:d2:97:3b:b9:13:c4:5e:29:9f:a4:
                    18:ea:7b:48:1e:4d:3b:30:34:81:a0:bf:6e:00:47:
                    9e:6a:b8:f0:72:4b:24:e1:f0:49:37:4f:2d:47:de:
                    ac:1b:76:ec:35:f6:92:06:5f:29:6c:55:f2:91:90:
                    d9:bf:2d:f6:66:19:48:6b:fe:e3:5d:3b:98:3d:b3:
                    5a:a8:9b:db:83:3b:9c:2f:5e:40:68:1f:00:b1:27:
                    ba:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:7F:6A:8B:8E:48:8C:4F:5E:D0:F9:35:1E:14:83:40:B3:5F:FD:CE
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214478.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:76::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:34:fa:96:a2:d7:01:bd:0e:c7:42:fc:99:d0:8d:cd:74:1a:
         ce:fd:8c:9e:13:41:c2:1f:1b:fd:ea:bb:b3:f0:2f:0b:a6:d3:
         de:f0:c2:f2:e5:9f:b2:9d:f6:4e:62:7d:88:ec:0b:64:80:c3:
         63:1a:0d:41:78:cb:7d:dc:e5:ff:16:04:38:52:cc:4a:78:d4:
         03:7e:a3:28:27:00:5e:2d:3b:5e:ab:39:e2:ec:19:fa:02:2c:
         2c:1e:e4:8a:16:51:d9:6c:99:e2:9e:bf:80:15:6b:d3:96:2d:
         c6:f0:c4:3e:cf:2d:a8:d8:43:76:15:c5:44:65:62:a9:eb:44:
         b6:f1:95:54:86:0f:b3:1a:66:16:47:f5:f0:b4:fa:5b:a5:66:
         1d:8e:df:e8:5a:ad:18:a6:2a:3b:20:38:29:f2:f4:5a:b8:d9:
         35:32:7e:f7:5c:b2:59:76:78:ed:53:8f:28:0a:ec:19:4a:ac:
         31:d4:54:15:6d:16:38:05:df:ba:c5:8c:f4:f9:fd:69:91:d6:
         44:63:ec:89:ae:c3:de:09:63:1a:b2:6e:c6:80:e1:3c:f6:9f:
         0f:b5:bc:80:a7:98:52:43:c9:14:28:71:7a:75:48:33:22:e7:
         d2:9f:2e:8a:08:c7:d5:73:ad:5e:22:d0:8e:e3:c3:21:f3:db:
         12:cf:2a:bf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUdoCdpMZHwsfmaCGJRERC9Bal+yowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MDEyMTQyMDdaFw0yNzA0MzAyMTQ3MDdaMDMxMTAvBgNV
BAMTKDQzN0Y2QThCOEU0ODhDNEY1RUQwRjkzNTFFMTQ4MzQwQjM1RkZEQ0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQnSEvS2iWeAMp/EpzQSoENHEc
7GPK18LlEnKCp7kYsgx5Mf6T74IaIZqWzbum/qJZs4Ksd+dXBne5NINEbB91Tq6A
2Zvvp3miV1V/G5SGAnbGnlH/RIsUsg6ZvfJiZhTZfzn/nTko7XZiQQrJrabY7NZV
WzZglj9Px34FgPQyQziW60pxaBEki3Hj/no4iqbWMX+z6rVbShn1xaz4cvit3XUe
1ECDhsSD0pc7uRPEXimfpBjqe0geTTswNIGgv24AR55quPBySyTh8Ek3Ty1H3qwb
duw19pIGXylsVfKRkNm/LfZmGUhr/uNdO5g9s1qom9uDO5wvXkBoHwCxJ7qJAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUQ39qi45IjE9e0Pk1HhSDQLNf/c4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0NDc4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAB2MA0GCSqGSIb3DQEBCwUAA4IBAQAKNPqWotcBvQ7HQvyZ0I3NdBrO/YyeE0HC
Hxv96ruz8C8LptPe8MLy5Z+ynfZOYn2I7AtkgMNjGg1BeMt93OX/FgQ4UsxKeNQD
fqMoJwBeLTteqzni7Bn6AiwsHuSKFlHZbJninr+AFWvTli3G8MQ+zy2o2EN2FcVE
ZWKp60S28ZVUhg+zGmYWR/XwtPpbpWYdjt/oWq0Ypio7IDgp8vRauNk1Mn73XLJZ
dnjtU48oCuwZSqwx1FQVbRY4Bd+6xYz0+f1pkdZEY+yJrsPeCWMasm7GgOE89p8P
tbyAp5hSQ8kUKHF6dUgzIufSny6KCMfVc61eItCO48Mh89sSzyq/
-----END CERTIFICATE-----