Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214223.roa
File:                     AS214223.roa (raw, json)
Hash identifier:          D863Lj3BBuyzUO/eVHlAh7BkXuAPNk+KVvBaA6PtQhI=
Subject key identifier:   40:46:57:E0:21:77:25:45:4D:BA:FE:03:CD:12:8D:39:66:35:D4:5B
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       07E5272A7D8F280DB41F1B904D1DA688B8E787AA
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214223.roa
Signing time:             Sun 29 Jun 2025 15:30:18 +0000
ROA not before:           Sun 29 Jun 2025 15:25:18 +0000
ROA not after:            Sun 28 Jun 2026 15:30:18 +0000
asID:                     214223
IP address blocks:        2a14:7581:3700::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 16:39:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:e5:27:2a:7d:8f:28:0d:b4:1f:1b:90:4d:1d:a6:88:b8:e7:87:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Jun 29 15:25:18 2025 GMT
            Not After : Jun 28 15:30:18 2026 GMT
        Subject: CN=404657E0217725454DBAFE03CD128D396635D45B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:2d:dc:8e:5e:66:d3:c8:3c:79:5a:be:36:06:
                    eb:bf:b0:90:30:48:98:61:f4:e3:7b:ad:bf:6c:4b:
                    e5:b1:46:a0:81:42:74:81:d2:3b:c1:92:66:f3:44:
                    4b:8f:fd:a4:b0:74:ef:7d:fa:0e:68:18:17:b1:62:
                    a8:13:dc:a7:3f:fd:9f:ab:19:33:45:05:fc:2e:8c:
                    3d:97:d6:4e:3a:7f:60:6a:11:3c:55:89:dc:60:a1:
                    e5:7b:cc:42:ba:16:2a:80:ee:6b:36:23:84:5a:a5:
                    9b:78:87:77:de:69:38:85:e9:75:fd:27:e8:e0:61:
                    20:0c:25:e7:ad:38:b5:0f:ef:1b:dd:69:e6:fc:4f:
                    c0:ca:70:eb:a0:b1:c9:29:fa:78:14:6c:6a:1f:aa:
                    9b:a0:44:79:06:05:61:4e:a4:bb:35:ec:f3:4d:5c:
                    e5:19:a2:b6:44:fc:d1:50:54:21:74:cf:e0:41:2b:
                    ff:dc:2d:c8:f9:52:11:ef:71:b4:45:3f:24:08:64:
                    64:cf:f9:91:4f:db:dd:04:b0:41:27:88:54:30:a5:
                    e9:ac:e9:f4:dc:07:f6:02:15:bf:52:0c:63:55:8a:
                    86:16:6a:02:5e:9a:d3:f5:36:3a:26:b1:64:ce:89:
                    54:89:7f:79:0d:da:9e:28:d7:a6:1a:f2:53:bd:50:
                    83:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:46:57:E0:21:77:25:45:4D:BA:FE:03:CD:12:8D:39:66:35:D4:5B
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214223.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:3700::/40

    Signature Algorithm: sha256WithRSAEncryption
         4b:1a:85:d7:93:31:73:bd:14:35:eb:5e:89:44:ca:9e:67:57:
         3b:0c:80:99:44:8d:c4:1c:a4:e7:cc:54:54:cb:33:ee:18:9c:
         16:f6:1e:5a:26:72:56:d0:bb:87:22:b9:74:6b:a7:18:57:95:
         c5:d3:fa:37:a7:52:e6:a2:70:d4:81:99:44:e2:14:a6:00:cc:
         52:dc:6c:8c:bd:00:67:4a:f2:6c:50:21:78:e1:20:2b:68:2c:
         97:c1:c1:21:2c:9b:92:de:c3:8b:e0:46:65:14:9e:f5:32:91:
         27:b3:fd:19:1e:93:a9:19:a0:b1:03:69:87:47:c9:7e:e7:be:
         77:06:0c:e1:fc:10:a2:32:43:d7:7d:6a:cf:5b:16:c3:79:d6:
         29:43:1e:c6:8c:74:76:24:54:43:cb:8a:f8:d4:6f:58:e1:c2:
         4f:a2:81:04:8e:a3:12:04:ee:76:b9:93:e3:77:95:8b:66:82:
         44:a9:99:85:b2:c1:34:7c:6a:cc:bf:2e:1a:e8:9a:12:24:e0:
         e4:13:ae:61:f2:6e:17:92:89:79:4e:2e:db:5a:48:9f:6d:2f:
         b9:cd:62:16:eb:19:51:d5:91:89:47:cd:70:e1:c0:82:40:30:
         6b:10:a2:5a:f8:98:c0:57:60:0b:ac:d5:4b:3b:89:a5:02:dd:
         08:ba:1d:28
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUB+UnKn2PKA20HxuQTR2miLjnh6owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTA2MjkxNTI1MThaFw0yNjA2MjgxNTMwMThaMDMxMTAvBgNV
BAMTKDQwNDY1N0UwMjE3NzI1NDU0REJBRkUwM0NEMTI4RDM5NjYzNUQ0NUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoLdyOXmbTyDx5Wr42Buu/sJAw
SJhh9ON7rb9sS+WxRqCBQnSB0jvBkmbzREuP/aSwdO99+g5oGBexYqgT3Kc//Z+r
GTNFBfwujD2X1k46f2BqETxVidxgoeV7zEK6FiqA7ms2I4RapZt4h3feaTiF6XX9
J+jgYSAMJeetOLUP7xvdaeb8T8DKcOugsckp+ngUbGofqpugRHkGBWFOpLs17PNN
XOUZorZE/NFQVCF0z+BBK//cLcj5UhHvcbRFPyQIZGTP+ZFP290EsEEniFQwpems
6fTcB/YCFb9SDGNVioYWagJemtP1NjomsWTOiVSJf3kN2p4o16Ya8lO9UIMxAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUQEZX4CF3JUVNuv4DzRKNOWY11FswHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjE0MjIzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhR1
gTcwDQYJKoZIhvcNAQELBQADggEBAEsahdeTMXO9FDXrXolEyp5nVzsMgJlEjcQc
pOfMVFTLM+4YnBb2HlomclbQu4ciuXRrpxhXlcXT+jenUuaicNSBmUTiFKYAzFLc
bIy9AGdK8mxQIXjhICtoLJfBwSEsm5Lew4vgRmUUnvUykSez/Rkek6kZoLEDaYdH
yX7nvncGDOH8EKIyQ9d9as9bFsN51ilDHsaMdHYkVEPLivjUb1jhwk+igQSOoxIE
7na5k+N3lYtmgkSpmYWywTR8asy/LhromhIk4OQTrmHybheSiXlOLttaSJ9tL7nN
YhbrGVHVkYlHzXDhwIJAMGsQolr4mMBXYAus1Us7iaUC3Qi6HSg=
-----END CERTIFICATE-----