Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214223.roa
File:                     AS214223.roa (raw, json)
Hash identifier:          y6AYEGNwRFvaPA8+IE2bq9KHLmyrOU4Cw9xAwExs+j4=
Subject key identifier:   64:2E:6F:00:CC:36:C5:87:B7:2C:2A:F7:78:67:0C:55:3B:37:DF:EB
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       1587DBC5E43C36C4A2A8003E6217E25DD662B077
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214223.roa
Signing time:             Wed 15 Oct 2025 07:02:23 +0000
ROA not before:           Wed 15 Oct 2025 06:57:23 +0000
ROA not after:            Wed 14 Oct 2026 07:02:23 +0000
asID:                     214223
IP address blocks:        2a14:7581:3700::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:87:db:c5:e4:3c:36:c4:a2:a8:00:3e:62:17:e2:5d:d6:62:b0:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Oct 15 06:57:23 2025 GMT
            Not After : Oct 14 07:02:23 2026 GMT
        Subject: CN=642E6F00CC36C587B72C2AF778670C553B37DFEB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:d0:56:68:51:4e:32:ee:73:98:29:eb:3c:10:
                    25:19:3a:e7:6b:16:db:cc:e0:e8:ec:e6:12:f9:8c:
                    51:9a:9c:4a:47:44:00:ef:7f:9b:dc:1e:7f:72:00:
                    d0:35:51:0d:46:72:d9:0c:a6:fa:56:85:71:58:6d:
                    f1:1c:2b:7b:11:f3:cf:e3:26:ef:08:ff:dc:a6:97:
                    ac:50:b1:22:eb:09:a2:51:ac:77:b0:dd:00:e6:02:
                    ac:d6:53:87:26:ff:22:c1:0b:8b:24:08:73:0b:3c:
                    a0:dd:3c:5b:91:53:b4:59:0d:20:d9:25:be:9c:1f:
                    44:87:d1:5a:f9:c1:a7:05:64:46:81:9a:51:6c:53:
                    f3:6b:bc:b8:dd:35:d6:d9:d8:59:5e:c6:19:d8:6c:
                    dd:4e:f2:5e:0c:1f:cb:a5:4a:9e:64:22:b2:9b:e6:
                    ae:7f:99:10:49:f1:60:79:f1:de:09:67:20:f1:e3:
                    63:45:e5:bf:96:72:e0:87:16:6e:c8:09:71:78:ca:
                    be:93:e8:ef:2c:c3:e7:28:53:d5:36:56:42:d7:79:
                    c6:3f:3b:8f:3c:b4:62:50:2c:81:29:ad:29:0f:eb:
                    77:c8:3a:4e:c1:73:28:cf:b0:23:8c:9a:ad:48:1d:
                    66:db:02:29:5e:4e:40:4f:4f:0b:d5:43:0a:25:f5:
                    d6:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:2E:6F:00:CC:36:C5:87:B7:2C:2A:F7:78:67:0C:55:3B:37:DF:EB
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214223.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:3700::/40

    Signature Algorithm: sha256WithRSAEncryption
         62:67:ce:05:83:3d:64:0f:21:ec:9e:b9:c6:03:51:c4:d9:93:
         aa:c0:1a:87:a9:2c:bb:49:57:d3:34:6e:05:b3:f1:2b:58:10:
         59:05:b5:cb:f0:5b:2a:bd:7b:6c:46:61:0e:bd:ea:22:a9:78:
         9f:62:0c:7c:ce:b4:c4:b0:f4:64:5f:41:81:7d:eb:8f:35:02:
         00:0c:04:bf:19:25:c9:de:f4:eb:a1:2e:e1:c7:e3:e6:e7:da:
         f8:9d:58:73:e8:41:b6:75:a0:8d:23:d4:3e:1e:86:14:cd:76:
         77:ef:73:c5:ea:18:17:cb:9f:6a:83:ea:36:c7:71:0c:44:4c:
         9a:91:6d:1e:6a:eb:ea:bd:71:fc:b8:9f:62:e4:da:15:10:5f:
         11:36:dc:fd:35:0e:a0:77:03:5d:b6:5a:aa:56:fa:46:db:42:
         73:bb:d0:3f:c8:58:c3:a1:ef:61:15:67:20:5c:b3:05:2d:84:
         e5:80:9f:b9:ac:3b:36:ec:85:09:23:65:8a:a3:38:9e:78:c6:
         b4:f4:0b:c7:1e:00:a3:1d:c6:2f:ca:bf:9d:1e:c1:91:04:f6:
         23:61:05:f6:73:f9:e8:cf:ef:17:04:c9:33:c9:d7:68:f5:2a:
         9e:86:7a:a6:68:37:a7:ca:82:b3:b6:eb:76:4c:d0:d5:1b:13:
         b6:eb:3a:f0
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUFYfbxeQ8NsSiqAA+YhfiXdZisHcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTEwMTUwNjU3MjNaFw0yNjEwMTQwNzAyMjNaMDMxMTAvBgNV
BAMTKDY0MkU2RjAwQ0MzNkM1ODdCNzJDMkFGNzc4NjcwQzU1M0IzN0RGRUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA0FZoUU4y7nOYKes8ECUZOudr
FtvM4Ojs5hL5jFGanEpHRADvf5vcHn9yANA1UQ1GctkMpvpWhXFYbfEcK3sR88/j
Ju8I/9yml6xQsSLrCaJRrHew3QDmAqzWU4cm/yLBC4skCHMLPKDdPFuRU7RZDSDZ
Jb6cH0SH0Vr5wacFZEaBmlFsU/NrvLjdNdbZ2FlexhnYbN1O8l4MH8ulSp5kIrKb
5q5/mRBJ8WB58d4JZyDx42NF5b+WcuCHFm7ICXF4yr6T6O8sw+coU9U2VkLXecY/
O488tGJQLIEprSkP63fIOk7BcyjPsCOMmq1IHWbbAileTkBPTwvVQwol9darAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUZC5vAMw2xYe3LCr3eGcMVTs33+swHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjE0MjIzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhR1
gTcwDQYJKoZIhvcNAQELBQADggEBAGJnzgWDPWQPIeyeucYDUcTZk6rAGoepLLtJ
V9M0bgWz8StYEFkFtcvwWyq9e2xGYQ696iKpeJ9iDHzOtMSw9GRfQYF96481AgAM
BL8ZJcne9OuhLuHH4+bn2vidWHPoQbZ1oI0j1D4ehhTNdnfvc8XqGBfLn2qD6jbH
cQxETJqRbR5q6+q9cfy4n2Lk2hUQXxE23P01DqB3A122WqpW+kbbQnO70D/IWMOh
72EVZyBcswUthOWAn7msOzbshQkjZYqjOJ54xrT0C8ceAKMdxi/Kv50ewZEE9iNh
BfZz+ejP7xcEyTPJ12j1Kp6GeqZoN6fKgrO263ZM0NUbE7brOvA=
-----END CERTIFICATE-----