Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS214026.roa
File:                     AS214026.roa (raw, json)
Hash identifier:          pS8gT+TdPUJBHBoqwa5MxxAicXWEBnGVsYSb0ZjMTsI=
Subject key identifier:   50:3A:32:86:C5:0E:0E:C8:7F:01:71:B3:E5:10:F7:30:8B:93:39:AF
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       7523F211E1B4BB5CD902D3196B8CEF633E03C62E
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS214026.roa
Signing time:             Thu 16 Oct 2025 12:35:56 +0000
ROA not before:           Thu 16 Oct 2025 12:30:56 +0000
ROA not after:            Thu 15 Oct 2026 12:35:56 +0000
asID:                     214026
IP address blocks:        84.54.0.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 13:54:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:23:f2:11:e1:b4:bb:5c:d9:02:d3:19:6b:8c:ef:63:3e:03:c6:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Oct 16 12:30:56 2025 GMT
            Not After : Oct 15 12:35:56 2026 GMT
        Subject: CN=503A3286C50E0EC87F0171B3E510F7308B9339AF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:15:81:de:46:a9:14:1e:94:90:b9:4c:85:4a:
                    38:6f:7e:b0:e9:19:ac:ed:e3:86:44:ff:0c:54:70:
                    27:2e:0c:87:d8:03:e9:b6:e0:2b:5e:37:cc:3f:d3:
                    57:cd:4d:01:28:dd:56:52:af:8b:a0:47:61:34:13:
                    19:3e:45:2a:c4:c2:29:56:00:92:9d:02:94:28:ac:
                    68:e2:18:13:c8:5f:0a:92:96:53:07:d0:f0:15:6f:
                    8f:58:c7:93:c3:eb:8c:16:de:8e:25:5a:a2:01:f7:
                    0d:62:2a:d2:50:68:66:a2:2d:9f:a6:ab:58:6d:c9:
                    60:84:33:cd:33:34:07:bf:75:6c:55:ab:26:2a:eb:
                    66:03:91:cf:1a:f8:54:1b:d5:9e:b1:17:78:ac:70:
                    be:68:6f:51:d0:25:40:f8:2b:c2:9f:a7:ae:4e:22:
                    9e:30:d6:5f:52:4e:32:5c:d9:04:38:61:af:9a:71:
                    54:18:39:41:69:0f:68:30:68:f0:f3:79:d1:e8:46:
                    72:11:ee:0d:56:15:6c:ab:65:0d:c6:d5:bf:e6:d2:
                    f5:59:45:09:47:88:02:12:e1:07:03:67:3f:eb:5f:
                    72:78:72:35:f4:61:70:11:f1:aa:26:d2:f5:5e:c8:
                    7d:ac:0f:70:25:bb:6a:1b:2a:57:36:ae:9d:b5:e3:
                    a8:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:3A:32:86:C5:0E:0E:C8:7F:01:71:B3:E5:10:F7:30:8B:93:39:AF
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS214026.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.54.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:ed:4b:cc:3a:30:12:68:5f:c0:1f:a0:5e:bb:de:f2:9f:2c:
         dd:a2:68:af:9b:2d:a2:b6:91:a4:65:af:79:33:22:2b:4c:8c:
         6b:29:4d:33:f7:cb:20:57:44:4b:9d:64:eb:68:3d:eb:0a:11:
         38:9c:c2:a5:a8:97:1b:81:a2:39:a9:1a:81:3d:20:2c:cc:61:
         c5:62:79:f9:cd:46:66:4e:4a:b4:5f:90:69:6d:52:d7:93:e7:
         fc:04:23:ac:1b:2a:59:ba:c4:0f:5f:dc:03:17:49:1a:2b:b8:
         bd:f2:60:90:50:34:48:1e:e8:23:17:da:75:62:77:2e:18:0c:
         d4:e6:fc:f7:48:d2:6e:b0:3e:8a:61:f5:6f:03:5b:fa:be:97:
         08:2a:09:26:76:4f:de:ce:81:a2:25:21:69:bb:30:69:29:2c:
         0d:56:de:0c:8d:c3:5b:91:61:b7:f3:43:26:ef:9b:3e:7a:3e:
         8d:df:c4:fd:f5:25:15:eb:58:cd:67:18:3c:b3:d3:9f:de:6f:
         aa:f3:37:b4:e8:7d:28:45:b9:7a:35:df:0a:a6:cd:df:f6:6b:
         d3:64:32:41:14:87:46:2d:bb:e0:68:69:46:c5:37:9d:60:6a:
         e9:44:f8:72:a6:dd:ee:32:45:24:35:2a:e0:ce:b2:e6:ce:56:
         e6:8f:75:d6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUdSPyEeG0u1zZAtMZa4zvYz4Dxi4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTEwMTYxMjMwNTZaFw0yNjEwMTUxMjM1NTZaMDMxMTAvBgNV
BAMTKDUwM0EzMjg2QzUwRTBFQzg3RjAxNzFCM0U1MTBGNzMwOEI5MzM5QUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpFYHeRqkUHpSQuUyFSjhvfrDp
Gazt44ZE/wxUcCcuDIfYA+m24CteN8w/01fNTQEo3VZSr4ugR2E0Exk+RSrEwilW
AJKdApQorGjiGBPIXwqSllMH0PAVb49Yx5PD64wW3o4lWqIB9w1iKtJQaGaiLZ+m
q1htyWCEM80zNAe/dWxVqyYq62YDkc8a+FQb1Z6xF3iscL5ob1HQJUD4K8Kfp65O
Ip4w1l9STjJc2QQ4Ya+acVQYOUFpD2gwaPDzedHoRnIR7g1WFWyrZQ3G1b/m0vVZ
RQlHiAIS4QcDZz/rX3J4cjX0YXAR8aom0vVeyH2sD3Alu2obKlc2rp2146gdAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUUDoyhsUODsh/AXGz5RD3MIuTOa8wHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjE0MDI2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVDYA
MA0GCSqGSIb3DQEBCwUAA4IBAQAp7UvMOjASaF/AH6Beu97ynyzdomivmy2itpGk
Za95MyIrTIxrKU0z98sgV0RLnWTraD3rChE4nMKlqJcbgaI5qRqBPSAszGHFYnn5
zUZmTkq0X5BpbVLXk+f8BCOsGypZusQPX9wDF0kaK7i98mCQUDRIHugjF9p1Yncu
GAzU5vz3SNJusD6KYfVvA1v6vpcIKgkmdk/ezoGiJSFpuzBpKSwNVt4MjcNbkWG3
80Mm75s+ej6N38T99SUV61jNZxg8s9Of3m+q8ze06H0oRbl6Nd8Kps3f9mvTZDJB
FIdGLbvgaGlGxTedYGrpRPhypt3uMkUkNSrgzrLmzlbmj3XW
-----END CERTIFICATE-----