Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214850.roa
File:                     AS214850.roa (raw, json)
Hash identifier:          cySpP6XQZK8IC27GVEusAz28y5c2WWW60jqBZ40LbyA=
Subject key identifier:   AC:E1:56:55:EF:32:B2:BE:EF:04:59:A2:55:B3:BA:72:39:D7:E5:58
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       13F489DD9A851A31A5DBE123362A894043E545DF
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214850.roa
Signing time:             Tue 21 Apr 2026 03:17:52 +0000
ROA not before:           Tue 21 Apr 2026 03:12:52 +0000
ROA not after:            Tue 20 Apr 2027 03:17:52 +0000
asID:                     214850
IP address blocks:        2a0f:85c1:3fc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:f4:89:dd:9a:85:1a:31:a5:db:e1:23:36:2a:89:40:43:e5:45:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Apr 21 03:12:52 2026 GMT
            Not After : Apr 20 03:17:52 2027 GMT
        Subject: CN=ACE15655EF32B2BEEF0459A255B3BA7239D7E558
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:bd:55:53:d3:ce:72:52:79:ba:85:49:c0:3a:
                    dc:97:df:70:78:fd:8f:97:aa:51:5d:43:1a:01:ff:
                    06:ad:ba:c5:08:b9:2a:27:1e:e3:61:65:5c:db:2c:
                    03:b5:f5:26:24:16:72:70:a4:8a:f9:1a:4a:c5:fb:
                    ee:76:59:01:2e:c8:a6:13:bb:12:a5:49:e2:47:14:
                    ba:c5:67:e3:43:df:82:62:2f:7f:64:87:ab:88:89:
                    cd:a0:6a:45:6b:7b:85:de:98:01:27:f8:74:69:75:
                    58:3b:8a:b7:1a:6e:d2:d2:37:c4:a7:e1:7f:66:6f:
                    80:6e:fe:4c:20:c1:b9:98:a8:2e:49:25:c5:41:d2:
                    99:ac:94:ab:9a:cb:c6:47:94:6d:c8:2c:65:b1:bd:
                    a8:11:48:48:af:89:2c:39:f7:f6:59:68:f1:dd:e8:
                    97:de:f0:37:8e:26:e1:78:60:cc:64:e2:bd:35:62:
                    c4:a0:98:d8:96:b9:e4:3d:6a:86:f7:3d:5d:ce:ba:
                    28:50:a7:44:28:cd:69:6d:99:07:9d:28:f5:0c:8f:
                    63:38:4f:55:ee:51:a2:d3:ca:45:b5:87:96:e1:98:
                    c0:4d:01:97:3a:4f:70:2c:b8:2f:57:2d:dc:c4:4e:
                    91:e9:bf:f2:cc:52:07:dd:33:42:be:6e:b4:b1:aa:
                    a7:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:E1:56:55:EF:32:B2:BE:EF:04:59:A2:55:B3:BA:72:39:D7:E5:58
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214850.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3fc::/48

    Signature Algorithm: sha256WithRSAEncryption
         16:94:7f:34:aa:ef:2e:74:94:d6:bf:b0:ae:09:12:dc:ba:70:
         3b:d9:88:76:b8:ed:57:c9:dc:5e:58:ca:92:e4:d8:2c:a6:48:
         41:0a:7b:9f:32:72:1e:75:e7:75:cf:c1:6c:87:1c:14:68:df:
         be:68:e2:3c:a1:6c:0a:58:6a:8a:f3:33:26:8a:e6:67:22:f5:
         59:4e:e8:50:3e:d2:84:f6:10:34:66:da:0a:e1:35:37:27:eb:
         19:7c:c2:bf:84:a9:4f:76:23:ee:3c:c6:5d:51:9f:c9:95:8c:
         57:9a:03:fc:05:31:af:a0:19:b0:1b:22:ba:4c:30:b6:c4:68:
         11:52:16:cd:9d:6a:4f:5f:4d:db:33:f8:58:1c:08:4e:1f:93:
         30:2f:a1:58:fb:0b:86:1c:b8:ff:fc:20:9b:fa:9f:d5:8a:1c:
         f4:78:92:aa:f0:1e:43:7b:8b:07:0d:70:1a:83:b9:7c:0d:44:
         29:87:c2:c0:5c:0f:51:95:e1:0c:6c:b6:42:88:9c:96:94:d8:
         c4:19:9e:9c:ca:66:db:77:e4:75:53:89:8b:fe:5d:59:ca:e8:
         fa:61:84:9b:5b:59:7a:75:0e:83:9e:d6:61:50:33:a0:d7:b9:
         7d:20:9d:08:e6:7e:dd:58:a0:85:7a:54:83:50:56:07:2e:b6:
         2a:4f:d0:93
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUE/SJ3ZqFGjGl2+EjNiqJQEPlRd8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjA0MjEwMzEyNTJaFw0yNzA0MjAwMzE3NTJaMDMxMTAvBgNV
BAMTKEFDRTE1NjU1RUYzMkIyQkVFRjA0NTlBMjU1QjNCQTcyMzlEN0U1NTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDevVVT085yUnm6hUnAOtyX33B4
/Y+XqlFdQxoB/watusUIuSonHuNhZVzbLAO19SYkFnJwpIr5GkrF++52WQEuyKYT
uxKlSeJHFLrFZ+ND34JiL39kh6uIic2gakVre4XemAEn+HRpdVg7ircabtLSN8Sn
4X9mb4Bu/kwgwbmYqC5JJcVB0pmslKuay8ZHlG3ILGWxvagRSEiviSw59/ZZaPHd
6Jfe8DeOJuF4YMxk4r01YsSgmNiWueQ9aob3PV3OuihQp0QozWltmQedKPUMj2M4
T1XuUaLTykW1h5bhmMBNAZc6T3AsuC9XLdzETpHpv/LMUgfdM0K+brSxqqcVAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUrOFWVe8ysr7vBFmiVbO6cjnX5VgwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0ODUwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQP8MA0GCSqGSIb3DQEBCwUAA4IBAQAWlH80qu8udJTWv7CuCRLcunA72Yh2uO1X
ydxeWMqS5NgspkhBCnufMnIeded1z8FshxwUaN++aOI8oWwKWGqK8zMmiuZnIvVZ
TuhQPtKE9hA0ZtoK4TU3J+sZfMK/hKlPdiPuPMZdUZ/JlYxXmgP8BTGvoBmwGyK6
TDC2xGgRUhbNnWpPX03bM/hYHAhOH5MwL6FY+wuGHLj//CCb+p/Vihz0eJKq8B5D
e4sHDXAag7l8DUQph8LAXA9RleEMbLZCiJyWlNjEGZ6cymbbd+R1U4mL/l1Zyuj6
YYSbW1l6dQ6DntZhUDOg17l9IJ0I5n7dWKCFelSDUFYHLrYqT9CT
-----END CERTIFICATE-----