Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214639.roa
File:                     AS214639.roa (raw, json)
Hash identifier:          KwKNe3Sr6Gj3+wrhh/s1JwkcbyKMFggUbmROC59WdYQ=
Subject key identifier:   79:29:5A:5C:BE:3C:EF:F6:C5:2D:52:C0:96:DE:B1:10:58:02:15:E4
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       5B43BBCFECFAC52F95C2688D79DC484003039CA3
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214639.roa
Signing time:             Sat 27 Sep 2025 17:55:04 +0000
ROA not before:           Sat 27 Sep 2025 17:50:04 +0000
ROA not after:            Sat 26 Sep 2026 17:55:04 +0000
asID:                     214639
IP address blocks:        2a14:7583:9000::/36 maxlen: 48
                          2a14:7583:fa00::/40 maxlen: 48
                          2a14:7584:d000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:43:bb:cf:ec:fa:c5:2f:95:c2:68:8d:79:dc:48:40:03:03:9c:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Sep 27 17:50:04 2025 GMT
            Not After : Sep 26 17:55:04 2026 GMT
        Subject: CN=79295A5CBE3CEFF6C52D52C096DEB110580215E4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ad:71:e9:2d:d5:41:74:3d:50:6e:fe:65:95:
                    37:0b:42:72:e0:c0:16:e3:5e:28:93:26:f2:20:a6:
                    ac:f3:ad:41:fa:36:80:9c:15:d4:8e:89:93:4c:99:
                    b1:fa:f6:29:f5:c8:15:1d:c1:9f:cb:53:87:eb:1f:
                    55:f1:c1:d3:ec:a5:ce:f8:84:7d:47:10:96:ad:cb:
                    2a:27:15:89:48:2c:b3:48:e3:3a:20:bd:61:c2:26:
                    47:58:3e:2e:1b:41:18:0b:bc:a7:5c:96:e8:ab:03:
                    0a:db:f5:67:75:9d:8d:86:e4:bf:8d:6c:cd:40:e1:
                    2b:cd:e4:2e:b0:9f:e8:6e:ef:8c:9e:ed:21:5e:02:
                    96:65:de:17:21:cc:1c:4b:d5:f0:9c:6b:fb:e2:9f:
                    d5:ac:be:03:6e:e2:af:1f:3b:96:2c:7e:db:8a:0e:
                    42:21:47:9b:bc:6d:96:d1:8c:72:13:13:6b:e1:fa:
                    53:6d:b3:9c:5f:fc:50:27:8e:c4:15:55:7f:03:31:
                    3c:0f:c7:00:76:d7:d9:5e:87:5b:9f:fe:75:de:2a:
                    54:fb:aa:60:82:57:e6:3c:09:e2:37:aa:83:4a:64:
                    20:99:00:20:73:9c:87:b6:b1:fe:54:6c:bd:f4:0b:
                    6e:03:17:58:63:50:72:48:54:71:f0:c7:dd:cd:19:
                    51:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:29:5A:5C:BE:3C:EF:F6:C5:2D:52:C0:96:DE:B1:10:58:02:15:E4
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214639.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7583:9000::/36
                  2a14:7583:fa00::/40
                  2a14:7584:d000::/36

    Signature Algorithm: sha256WithRSAEncryption
         28:c8:2b:37:28:be:43:44:26:59:27:d9:24:c5:b4:ca:64:c1:
         35:af:c2:83:db:90:43:11:b5:4c:88:e4:f1:92:a5:d6:f1:b9:
         43:ae:11:5c:55:d9:8b:7d:21:a0:72:25:72:04:1b:37:3a:ce:
         82:22:88:cb:8e:0f:22:a5:10:64:0a:fb:91:6e:39:11:04:cd:
         cf:95:30:70:00:e7:e0:15:bf:29:fa:8c:c0:01:b4:f4:f6:3a:
         3e:5c:04:6a:04:7f:c5:2f:0c:35:1a:c9:67:ff:21:dd:48:5a:
         76:44:29:8b:be:27:c7:34:f5:5d:d5:72:71:28:b7:96:9a:a5:
         29:b1:75:7d:33:0b:04:6b:3d:5d:9a:82:6c:c1:c5:a9:93:b5:
         dc:81:27:f0:1a:82:3c:c0:82:49:72:5f:46:22:1e:76:25:c4:
         68:6b:19:2a:26:a4:5c:56:50:8f:87:ea:d9:6a:e0:dd:0a:93:
         27:06:10:4b:13:ac:e9:10:70:9f:80:9e:54:27:13:c2:f0:65:
         12:9d:b3:93:1a:6d:b9:e0:65:be:54:ee:20:9c:3b:db:c0:25:
         83:cf:07:36:64:00:e7:43:81:7e:77:64:67:30:4b:bd:bc:45:
         64:da:07:e4:fc:ae:1f:8b:08:fe:31:ed:69:f6:5a:7c:3c:2b:
         3c:19:90:c4
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgIUW0O7z+z6xS+VwmiNedxIQAMDnKMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTA5MjcxNzUwMDRaFw0yNjA5MjYxNzU1MDRaMDMxMTAvBgNV
BAMTKDc5Mjk1QTVDQkUzQ0VGRjZDNTJENTJDMDk2REVCMTEwNTgwMjE1RTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+rXHpLdVBdD1Qbv5llTcLQnLg
wBbjXiiTJvIgpqzzrUH6NoCcFdSOiZNMmbH69in1yBUdwZ/LU4frH1XxwdPspc74
hH1HEJatyyonFYlILLNI4zogvWHCJkdYPi4bQRgLvKdcluirAwrb9Wd1nY2G5L+N
bM1A4SvN5C6wn+hu74ye7SFeApZl3hchzBxL1fCca/vin9WsvgNu4q8fO5YsftuK
DkIhR5u8bZbRjHITE2vh+lNts5xf/FAnjsQVVX8DMTwPxwB219leh1uf/nXeKlT7
qmCCV+Y8CeI3qoNKZCCZACBznIe2sf5UbL30C24DF1hjUHJIVHHwx93NGVF5AgMB
AAGjggIcMIICGDAdBgNVHQ4EFgQUeSlaXL487/bFLVLAlt6xEFgCFeQwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjE0NjM5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAAjAYAwYEKhR1
g5ADBgAqFHWD+gMGBCoUdYTQMA0GCSqGSIb3DQEBCwUAA4IBAQAoyCs3KL5DRCZZ
J9kkxbTKZME1r8KD25BDEbVMiOTxkqXW8blDrhFcVdmLfSGgciVyBBs3Os6CIojL
jg8ipRBkCvuRbjkRBM3PlTBwAOfgFb8p+ozAAbT09jo+XARqBH/FLww1Gsln/yHd
SFp2RCmLvifHNPVd1XJxKLeWmqUpsXV9MwsEaz1dmoJswcWpk7XcgSfwGoI8wIJJ
cl9GIh52JcRoaxkqJqRcVlCPh+rZauDdCpMnBhBLE6zpEHCfgJ5UJxPC8GUSnbOT
Gm254GW+VO4gnDvbwCWDzwc2ZADnQ4F+d2RnMEu9vEVk2gfk/K4fiwj+Me1p9lp8
PCs8GZDE
-----END CERTIFICATE-----