Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS214382.roa
File:                     AS214382.roa (raw, json)
Hash identifier:          9GH0DicuudZMMkz9MbY96oioL0EG5BUe587rz7L8JlA=
Subject key identifier:   02:DD:20:ED:C4:CC:AD:DD:AF:90:7D:3A:B2:2B:1E:CB:B4:77:BA:0D
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       7C9D2E9D94EE9BF3D44D262008E3E0D37E8F5675
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS214382.roa
Signing time:             Wed 08 Oct 2025 11:57:10 +0000
ROA not before:           Wed 08 Oct 2025 11:52:10 +0000
ROA not after:            Wed 07 Oct 2026 11:57:10 +0000
asID:                     214382
IP address blocks:        85.235.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:9d:2e:9d:94:ee:9b:f3:d4:4d:26:20:08:e3:e0:d3:7e:8f:56:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Oct  8 11:52:10 2025 GMT
            Not After : Oct  7 11:57:10 2026 GMT
        Subject: CN=02DD20EDC4CCADDDAF907D3AB22B1ECBB477BA0D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:30:a4:cb:41:62:ed:e7:58:0c:f2:67:e6:d8:
                    ce:73:63:23:fc:ae:18:a1:ca:bf:a6:a3:20:fa:35:
                    d3:46:b5:15:22:32:cd:01:45:82:2a:43:e2:cd:5e:
                    bb:3e:f1:29:b0:bc:c8:66:0c:ee:47:9a:23:23:f3:
                    b8:c2:c5:09:52:17:8c:ea:bb:75:46:dc:35:eb:bc:
                    b2:c8:e2:44:cc:a4:f9:6f:89:84:27:7c:12:0c:00:
                    a7:b5:02:1b:d8:9e:27:d8:72:16:4f:63:8e:6c:1f:
                    34:29:7b:d6:4b:75:01:c0:12:ea:a4:05:34:6b:a9:
                    5d:d9:98:71:0b:9a:f3:ea:b7:81:86:f2:24:ce:b4:
                    c5:ff:8c:58:9c:44:e0:ea:3a:d2:42:9e:07:4d:f9:
                    9d:08:f8:f7:85:82:6d:6a:40:9a:c9:43:cf:0e:b3:
                    dd:fa:0b:d3:f9:aa:06:15:b9:3f:24:36:6d:18:52:
                    74:8c:d5:f2:a4:30:6e:f7:4e:db:df:a6:da:36:8a:
                    95:48:d8:2c:67:d7:d7:8a:18:4e:fb:20:8d:fb:65:
                    1f:93:eb:f1:13:1d:0f:09:66:ef:5b:15:95:59:65:
                    cb:35:cc:db:1c:d5:e8:34:4f:79:0f:0b:52:f8:30:
                    a1:0e:8b:96:c4:86:a2:15:d2:26:e9:6f:71:55:79:
                    af:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:DD:20:ED:C4:CC:AD:DD:AF:90:7D:3A:B2:2B:1E:CB:B4:77:BA:0D
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS214382.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.235.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:1c:ae:bc:e7:1f:da:ea:c4:db:09:e1:ff:0a:91:b1:0c:c3:
         0c:91:d2:cd:f8:e3:5c:7c:3a:46:c0:68:79:a3:31:5f:ca:4a:
         77:9f:20:70:1a:c2:a8:33:91:f4:32:b8:15:ff:09:79:c3:fe:
         59:39:b2:a7:e8:70:77:29:53:ae:ea:2b:62:e0:28:09:ac:43:
         41:22:a9:f6:88:16:c8:e1:30:50:86:ad:d8:7a:0d:e7:85:bd:
         77:da:58:ee:b7:d2:34:17:05:27:b2:5b:f7:52:61:27:57:bb:
         df:59:44:71:8c:6d:23:44:73:5b:b5:60:3d:19:b2:d5:9a:b9:
         7d:20:62:e3:f3:3a:9c:f1:c7:58:e3:f1:c6:2d:3c:d5:4e:b0:
         72:66:0e:6e:90:d3:c8:93:29:7e:62:96:62:37:40:e3:3d:ca:
         4c:26:d3:8d:e1:ce:85:77:d0:b1:43:fb:79:96:69:31:41:be:
         ff:88:1f:71:0d:94:8b:ed:32:dc:54:fb:02:37:e9:a5:75:fa:
         b0:b9:07:df:00:68:01:e8:89:9a:7b:68:f5:4a:68:77:0f:8c:
         b7:98:dc:27:d9:8d:ee:5b:7a:07:42:9e:a2:fd:e5:21:c8:25:
         65:83:28:52:65:3e:c0:64:6f:31:c9:04:9c:7a:60:3e:54:96:
         71:ac:70:1c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUfJ0unZTum/PUTSYgCOPg036PVnUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTEwMDgxMTUyMTBaFw0yNjEwMDcxMTU3MTBaMDMxMTAvBgNV
BAMTKDAyREQyMEVEQzRDQ0FERERBRjkwN0QzQUIyMkIxRUNCQjQ3N0JBMEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6MKTLQWLt51gM8mfm2M5zYyP8
rhihyr+moyD6NdNGtRUiMs0BRYIqQ+LNXrs+8SmwvMhmDO5HmiMj87jCxQlSF4zq
u3VG3DXrvLLI4kTMpPlviYQnfBIMAKe1AhvYnifYchZPY45sHzQpe9ZLdQHAEuqk
BTRrqV3ZmHELmvPqt4GG8iTOtMX/jFicRODqOtJCngdN+Z0I+PeFgm1qQJrJQ88O
s936C9P5qgYVuT8kNm0YUnSM1fKkMG73Ttvfpto2ipVI2Cxn19eKGE77II37ZR+T
6/ETHQ8JZu9bFZVZZcs1zNsc1eg0T3kPC1L4MKEOi5bEhqIV0ibpb3FVea+NAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUAt0g7cTMrd2vkH06sisey7R3ug0wHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjE0MzgyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVetL
MA0GCSqGSIb3DQEBCwUAA4IBAQCaHK685x/a6sTbCeH/CpGxDMMMkdLN+ONcfDpG
wGh5ozFfykp3nyBwGsKoM5H0MrgV/wl5w/5ZObKn6HB3KVOu6iti4CgJrENBIqn2
iBbI4TBQhq3Yeg3nhb132ljut9I0FwUnslv3UmEnV7vfWURxjG0jRHNbtWA9GbLV
mrl9IGLj8zqc8cdY4/HGLTzVTrByZg5ukNPIkyl+YpZiN0DjPcpMJtON4c6Fd9Cx
Q/t5lmkxQb7/iB9xDZSL7TLcVPsCN+mldfqwuQffAGgB6Imae2j1Smh3D4y3mNwn
2Y3uW3oHQp6i/eUhyCVlgyhSZT7AZG8xyQScemA+VJZxrHAc
-----END CERTIFICATE-----