Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214205.roa
File:                     AS214205.roa (raw, json)
Hash identifier:          g7+fii6gn3icEVyUhwEg8UtEb/iHfq+Fyk9WDoi7q2w=
Subject key identifier:   08:1D:0F:D9:E9:41:E7:B1:AC:E9:40:CC:C1:C7:A2:BD:84:E7:3D:AD
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       4D2C567610E3BDECBAD86092EB13C1D53777BFBC
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214205.roa
Signing time:             Tue 17 Mar 2026 01:08:30 +0000
ROA not before:           Tue 17 Mar 2026 01:03:30 +0000
ROA not after:            Tue 16 Mar 2027 01:08:30 +0000
asID:                     214205
IP address blocks:        2a0f:85c1:8ba::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:2c:56:76:10:e3:bd:ec:ba:d8:60:92:eb:13:c1:d5:37:77:bf:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Mar 17 01:03:30 2026 GMT
            Not After : Mar 16 01:08:30 2027 GMT
        Subject: CN=081D0FD9E941E7B1ACE940CCC1C7A2BD84E73DAD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:45:3a:b8:fd:dd:b3:00:45:2a:c3:3f:fc:6b:
                    7d:23:0f:bc:f7:0f:83:fd:f9:f3:f1:73:06:84:76:
                    76:ca:73:d5:8f:91:3e:c1:96:33:8d:3d:1c:7a:3c:
                    75:66:53:82:75:fd:32:7b:76:e9:5a:cc:98:7c:ab:
                    ac:fb:3d:42:9c:4c:9c:fc:47:51:ea:e8:e6:d7:37:
                    0e:51:fb:72:45:71:2b:8f:03:06:73:69:8c:c1:31:
                    58:cc:5f:17:0c:a8:ec:81:90:44:f9:66:e3:f6:fc:
                    57:fe:c6:60:77:80:44:0b:86:2f:56:d7:14:3c:7b:
                    a9:96:61:21:5e:e4:fa:19:92:cf:5a:da:e5:fd:f6:
                    76:02:94:6b:0c:7e:2f:e2:06:77:f7:35:2c:39:8f:
                    1d:a8:34:ed:1a:4e:de:75:18:15:b3:f0:6b:1f:1c:
                    e8:16:d8:e2:47:e4:5d:19:81:99:2e:19:f9:77:99:
                    49:7b:64:91:a7:e5:cf:e4:70:b9:76:44:57:a6:09:
                    c6:9f:c5:1b:c3:73:a7:50:79:e2:b8:46:d4:31:2c:
                    d9:f4:9f:90:01:0c:75:73:28:56:8a:19:32:27:a7:
                    d7:d7:94:24:7e:eb:45:39:bf:75:fb:77:3a:b2:d7:
                    f3:81:2a:15:94:9c:12:7e:7a:e8:72:b6:98:ed:88:
                    88:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:1D:0F:D9:E9:41:E7:B1:AC:E9:40:CC:C1:C7:A2:BD:84:E7:3D:AD
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214205.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:8ba::/48

    Signature Algorithm: sha256WithRSAEncryption
         10:e5:e5:a6:2a:f3:d2:c7:f0:1a:d9:82:48:d6:be:0b:14:7f:
         22:be:bd:b8:90:f2:81:5a:b4:33:88:7f:a4:06:ec:9c:55:0f:
         6d:62:1f:a5:ca:e3:1b:c8:75:fd:88:5b:20:3f:38:57:1e:b1:
         a7:7b:f2:4d:fa:36:d6:3e:cb:4b:1c:45:e0:57:ad:b4:b9:0d:
         2c:23:96:9d:d1:40:6e:0e:e4:2c:a8:ed:40:e4:e5:a7:43:e4:
         4a:0c:08:7d:b4:7b:c7:70:93:14:d4:1f:68:d1:a4:e5:eb:23:
         e1:32:ed:a8:2e:b7:b3:8f:dc:0c:d7:69:21:60:28:05:74:3b:
         24:42:32:07:45:27:17:66:08:8d:00:1b:c6:ed:d6:89:cd:fa:
         9d:12:d1:32:8f:0e:40:51:0a:96:ea:f0:e2:d2:cb:47:17:ab:
         67:e6:1b:32:12:b9:f6:e8:9d:c9:8c:aa:4e:f5:5a:b4:b2:40:
         e5:e6:f9:f0:2c:33:48:2f:61:1c:c9:b4:7f:75:d5:8b:9f:fe:
         18:81:ec:7d:86:63:75:c3:96:42:bf:7f:97:86:eb:d1:f8:7c:
         0c:de:a6:9a:e9:2a:2f:ca:25:fe:60:19:6d:01:58:b1:68:30:
         ed:8f:9d:e1:8c:02:33:11:cd:f6:e6:ba:01:89:4a:57:2c:f3:
         b8:c3:92:b3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUTSxWdhDjvey62GCS6xPB1Td3v7wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjAzMTcwMTAzMzBaFw0yNzAzMTYwMTA4MzBaMDMxMTAvBgNV
BAMTKDA4MUQwRkQ5RTk0MUU3QjFBQ0U5NDBDQ0MxQzdBMkJEODRFNzNEQUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7RTq4/d2zAEUqwz/8a30jD7z3
D4P9+fPxcwaEdnbKc9WPkT7BljONPRx6PHVmU4J1/TJ7dulazJh8q6z7PUKcTJz8
R1Hq6ObXNw5R+3JFcSuPAwZzaYzBMVjMXxcMqOyBkET5ZuP2/Ff+xmB3gEQLhi9W
1xQ8e6mWYSFe5PoZks9a2uX99nYClGsMfi/iBnf3NSw5jx2oNO0aTt51GBWz8Gsf
HOgW2OJH5F0ZgZkuGfl3mUl7ZJGn5c/kcLl2RFemCcafxRvDc6dQeeK4RtQxLNn0
n5ABDHVzKFaKGTInp9fXlCR+60U5v3X7dzqy1/OBKhWUnBJ+euhytpjtiIhLAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUCB0P2elB57Gs6UDMwceivYTnPa0wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0MjA1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQi6MA0GCSqGSIb3DQEBCwUAA4IBAQAQ5eWmKvPSx/Aa2YJI1r4LFH8ivr24kPKB
WrQziH+kBuycVQ9tYh+lyuMbyHX9iFsgPzhXHrGne/JN+jbWPstLHEXgV620uQ0s
I5ad0UBuDuQsqO1A5OWnQ+RKDAh9tHvHcJMU1B9o0aTl6yPhMu2oLrezj9wM12kh
YCgFdDskQjIHRScXZgiNABvG7daJzfqdEtEyjw5AUQqW6vDi0stHF6tn5hsyErn2
6J3JjKpO9Vq0skDl5vnwLDNIL2EcybR/ddWLn/4Ygex9hmN1w5ZCv3+XhuvR+HwM
3qaa6SovyiX+YBltAVixaDDtj53hjAIzEc325roBiUpXLPO4w5Kz
-----END CERTIFICATE-----