Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214028.roa
File:                     AS214028.roa (raw, json)
Hash identifier:          oIwkKwJ92UiD+bdMrI2xujEXp+GZSPpZe147EGCT64A=
Subject key identifier:   32:90:F3:9D:57:C7:F9:24:28:F1:67:8D:6F:03:9F:EE:6B:92:B0:28
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       6F07C529830BFC83BE316CE2FFA045C0D1804951
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214028.roa
Signing time:             Wed 17 Sep 2025 03:07:53 +0000
ROA not before:           Wed 17 Sep 2025 03:02:53 +0000
ROA not after:            Wed 16 Sep 2026 03:07:53 +0000
asID:                     214028
IP address blocks:        2a0f:85c1:8b9::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:07:c5:29:83:0b:fc:83:be:31:6c:e2:ff:a0:45:c0:d1:80:49:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Sep 17 03:02:53 2025 GMT
            Not After : Sep 16 03:07:53 2026 GMT
        Subject: CN=3290F39D57C7F92428F1678D6F039FEE6B92B028
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:16:c7:7f:09:42:3b:e0:cc:63:dc:29:ff:21:
                    49:c1:39:11:73:2f:4d:e0:ae:d6:7c:45:af:9b:58:
                    76:8f:29:d2:01:42:b6:e6:af:7a:ed:74:7f:ce:e2:
                    6e:1d:70:d8:e8:f4:21:c6:0e:a9:95:e4:a7:d5:65:
                    69:4c:29:f6:2c:95:04:85:3b:15:20:ba:bc:07:45:
                    98:8f:d0:50:e7:f7:8d:f0:02:40:5c:74:0e:6c:53:
                    d0:a3:02:89:89:9d:30:90:77:33:13:e8:cd:6a:91:
                    24:35:d6:d4:8a:9c:52:0b:12:9e:fb:0d:79:a8:57:
                    98:95:3f:0a:93:35:14:f9:68:30:9d:2d:69:30:d9:
                    8d:c1:77:db:57:14:63:c2:36:50:51:f9:37:7d:43:
                    80:c6:21:28:ad:bd:55:45:ed:23:09:e8:25:a3:eb:
                    7b:57:d5:b4:f2:31:ec:37:bc:0f:e5:13:2d:45:1b:
                    fe:53:e5:d2:a9:13:9f:fd:22:a4:2d:f7:b3:cf:7d:
                    fd:8a:e9:10:26:f5:a3:2a:ec:42:9c:86:60:40:94:
                    05:b4:ff:85:4c:a1:fa:56:13:3e:79:c4:87:5f:d5:
                    5f:76:43:f4:17:56:fd:04:3c:4a:7b:85:64:bf:0f:
                    f3:9d:49:d4:c9:5f:a8:42:a3:09:49:27:0b:63:99:
                    96:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:90:F3:9D:57:C7:F9:24:28:F1:67:8D:6F:03:9F:EE:6B:92:B0:28
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214028.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:8b9::/48

    Signature Algorithm: sha256WithRSAEncryption
         9c:03:66:e6:e8:aa:56:82:c5:65:fd:c7:33:a1:64:19:4d:0d:
         b0:3b:c7:13:c1:7d:26:f9:39:8c:a0:b0:79:f9:92:27:2e:66:
         5d:2d:80:81:62:d8:fc:07:47:da:17:73:18:a5:84:34:a7:d9:
         20:57:73:e2:40:71:bc:da:19:18:3f:dc:8c:51:5e:db:72:8b:
         b0:e6:35:e3:09:3b:df:5d:63:c1:c5:a2:26:97:79:73:7a:25:
         29:cd:a6:a8:98:31:83:4f:ec:00:8f:b9:2c:8c:94:a2:32:06:
         51:b2:98:fd:db:75:c5:6d:94:39:39:17:b2:da:06:32:73:68:
         07:6f:bd:45:ad:c4:98:b8:0b:46:83:1d:1f:61:60:e2:30:76:
         77:fd:ea:b8:dd:3e:52:78:f1:1d:aa:c2:50:b3:ff:4e:dd:24:
         42:76:3b:72:9e:03:85:c2:cd:16:16:df:ae:8b:5f:55:f8:ea:
         c4:8a:d4:4d:98:10:ae:be:20:8b:79:ac:13:a8:67:bf:a9:be:
         79:8b:35:08:95:47:8a:49:89:e5:bd:bc:05:9e:f9:18:b7:aa:
         e7:9e:a2:f1:36:83:6b:25:e1:04:6b:fb:87:27:30:4a:c4:be:
         e6:ff:a7:a4:97:36:c0:3e:28:af:cc:1f:eb:c9:29:68:50:a9:
         1c:90:df:66
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUbwfFKYML/IO+MWzi/6BFwNGASVEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA5MTcwMzAyNTNaFw0yNjA5MTYwMzA3NTNaMDMxMTAvBgNV
BAMTKDMyOTBGMzlENTdDN0Y5MjQyOEYxNjc4RDZGMDM5RkVFNkI5MkIwMjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBFsd/CUI74Mxj3Cn/IUnBORFz
L03grtZ8Ra+bWHaPKdIBQrbmr3rtdH/O4m4dcNjo9CHGDqmV5KfVZWlMKfYslQSF
OxUgurwHRZiP0FDn943wAkBcdA5sU9CjAomJnTCQdzMT6M1qkSQ11tSKnFILEp77
DXmoV5iVPwqTNRT5aDCdLWkw2Y3Bd9tXFGPCNlBR+Td9Q4DGISitvVVF7SMJ6CWj
63tX1bTyMew3vA/lEy1FG/5T5dKpE5/9IqQt97PPff2K6RAm9aMq7EKchmBAlAW0
/4VMofpWEz55xIdf1V92Q/QXVv0EPEp7hWS/D/OdSdTJX6hCowlJJwtjmZajAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUMpDznVfH+SQo8WeNbwOf7muSsCgwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0MDI4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQi5MA0GCSqGSIb3DQEBCwUAA4IBAQCcA2bm6KpWgsVl/cczoWQZTQ2wO8cTwX0m
+TmMoLB5+ZInLmZdLYCBYtj8B0faF3MYpYQ0p9kgV3PiQHG82hkYP9yMUV7bcouw
5jXjCTvfXWPBxaIml3lzeiUpzaaomDGDT+wAj7ksjJSiMgZRspj923XFbZQ5ORey
2gYyc2gHb71FrcSYuAtGgx0fYWDiMHZ3/eq43T5SePEdqsJQs/9O3SRCdjtyngOF
ws0WFt+ui19V+OrEitRNmBCuviCLeawTqGe/qb55izUIlUeKSYnlvbwFnvkYt6rn
nqLxNoNrJeEEa/uHJzBKxL7m/6eklzbAPiivzB/rySloUKkckN9m
-----END CERTIFICATE-----