Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214084.roa
File:                     AS214084.roa (raw, json)
Hash identifier:          Yd3xhV2s7c3z5bZPS4jLr8Qalv8koBEVXRVb/VCaPOo=
Subject key identifier:   BF:E5:21:7F:F5:E6:D8:B1:EA:77:4B:92:07:D9:3A:0F:35:1B:71:88
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       4D75FEBE3970BF7CD68B929CB07691DF4C36F74A
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214084.roa
Signing time:             Wed 17 Sep 2025 03:07:52 +0000
ROA not before:           Wed 17 Sep 2025 03:02:52 +0000
ROA not after:            Wed 16 Sep 2026 03:07:52 +0000
asID:                     214084
IP address blocks:        2a0f:85c1:8b7::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:75:fe:be:39:70:bf:7c:d6:8b:92:9c:b0:76:91:df:4c:36:f7:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Sep 17 03:02:52 2025 GMT
            Not After : Sep 16 03:07:52 2026 GMT
        Subject: CN=BFE5217FF5E6D8B1EA774B9207D93A0F351B7188
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:f4:de:3e:69:b6:fa:df:b6:51:0e:ed:ff:02:
                    ad:af:c2:65:59:36:4b:d0:d9:b1:50:fe:56:5a:a1:
                    f9:ef:6d:76:3c:ee:85:86:fb:09:51:40:5c:6e:d9:
                    dd:e0:6b:6f:38:3c:4f:3e:94:68:bb:c7:be:80:19:
                    4d:5c:b2:1b:e9:99:54:19:e4:a7:fc:26:9b:68:8b:
                    5e:79:59:2c:5b:4d:f0:5a:69:db:ba:d0:fb:95:29:
                    13:16:9d:90:d9:4b:7f:7d:99:3c:1d:48:25:df:4b:
                    44:4d:6c:19:a3:05:c1:67:24:66:26:e8:ac:bb:03:
                    de:15:79:15:ca:1b:29:38:62:87:7d:81:f4:20:95:
                    3f:87:ab:d8:36:ca:be:a4:1b:22:84:a1:37:5d:23:
                    b9:95:1c:c2:f3:6d:af:31:13:91:80:f9:17:ca:64:
                    29:4e:2b:36:fb:ac:a7:e0:d4:4c:b5:34:a6:e6:07:
                    4e:26:09:9c:13:69:80:8d:01:ee:a4:09:e9:95:04:
                    2a:67:27:24:b3:b9:59:fb:60:e9:3f:44:93:e3:3c:
                    42:70:2c:82:06:a9:a7:6b:75:ca:8b:28:ee:e2:f0:
                    b9:39:75:6a:e7:17:4b:51:b0:f9:ee:f2:a9:20:cb:
                    b0:14:e6:8d:24:6b:63:69:b2:3e:9b:81:e2:2a:e5:
                    83:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:E5:21:7F:F5:E6:D8:B1:EA:77:4B:92:07:D9:3A:0F:35:1B:71:88
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214084.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:8b7::/48

    Signature Algorithm: sha256WithRSAEncryption
         61:76:9b:3a:5f:42:9d:26:14:aa:e5:17:85:d4:cf:79:53:cc:
         96:93:68:37:d5:74:3b:6d:1b:58:a1:31:3f:da:e6:cb:07:37:
         92:6a:6e:0f:b4:b8:4c:be:48:32:5f:58:2f:ab:bc:4b:9e:5b:
         46:95:f9:44:41:a1:5a:c6:91:9a:ba:97:34:92:8c:57:4e:77:
         ad:fb:fb:ff:28:07:1e:26:df:41:55:89:f6:84:51:2f:48:47:
         5e:68:88:5f:4d:57:e9:08:04:e4:07:ac:4d:ce:7a:83:37:fd:
         a1:9e:49:78:fa:18:47:7a:56:c1:29:2c:e8:05:68:d9:26:02:
         35:9e:7d:7e:40:f6:39:74:3e:bb:39:a6:32:4c:da:71:b2:07:
         d6:ae:1c:e1:78:5b:2f:21:4c:b7:17:8f:e7:85:65:e1:1b:73:
         2f:e5:ef:61:6e:73:c3:47:c1:85:05:53:dd:dd:28:80:a0:c9:
         69:3e:f8:dc:e9:07:a6:23:6d:6b:2c:17:7f:12:32:91:85:42:
         d2:45:bd:94:f9:ed:a0:72:95:43:59:cb:34:f4:88:11:8d:33:
         29:7c:0d:ee:d3:8b:ce:de:06:65:47:f3:78:77:a4:78:1c:a0:
         a1:e2:73:92:2a:e8:e6:a7:52:39:2d:43:96:3d:e2:ef:db:0d:
         20:c8:b0:f6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUTXX+vjlwv3zWi5KcsHaR30w290owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA5MTcwMzAyNTJaFw0yNjA5MTYwMzA3NTJaMDMxMTAvBgNV
BAMTKEJGRTUyMTdGRjVFNkQ4QjFFQTc3NEI5MjA3RDkzQTBGMzUxQjcxODgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD29N4+abb637ZRDu3/Aq2vwmVZ
NkvQ2bFQ/lZaofnvbXY87oWG+wlRQFxu2d3ga284PE8+lGi7x76AGU1cshvpmVQZ
5Kf8Jptoi155WSxbTfBaadu60PuVKRMWnZDZS399mTwdSCXfS0RNbBmjBcFnJGYm
6Ky7A94VeRXKGyk4Yod9gfQglT+Hq9g2yr6kGyKEoTddI7mVHMLzba8xE5GA+RfK
ZClOKzb7rKfg1Ey1NKbmB04mCZwTaYCNAe6kCemVBCpnJySzuVn7YOk/RJPjPEJw
LIIGqadrdcqLKO7i8Lk5dWrnF0tRsPnu8qkgy7AU5o0ka2Npsj6bgeIq5YM9AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUv+Uhf/Xm2LHqd0uSB9k6DzUbcYgwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0MDg0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQi3MA0GCSqGSIb3DQEBCwUAA4IBAQBhdps6X0KdJhSq5ReF1M95U8yWk2g31XQ7
bRtYoTE/2ubLBzeSam4PtLhMvkgyX1gvq7xLnltGlflEQaFaxpGaupc0koxXTnet
+/v/KAceJt9BVYn2hFEvSEdeaIhfTVfpCATkB6xNznqDN/2hnkl4+hhHelbBKSzo
BWjZJgI1nn1+QPY5dD67OaYyTNpxsgfWrhzheFsvIUy3F4/nhWXhG3Mv5e9hbnPD
R8GFBVPd3SiAoMlpPvjc6QemI21rLBd/EjKRhULSRb2U+e2gcpVDWcs09IgRjTMp
fA3u04vO3gZlR/N4d6R4HKCh4nOSKujmp1I5LUOWPeLv2w0gyLD2
-----END CERTIFICATE-----