Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS214259.roa
File:                     AS214259.roa (raw, json)
Hash identifier:          agt3WkdmT5/A/MruFcGwCiQMASncg8YgTfKsL4vnn08=
Subject key identifier:   26:35:2A:C8:1E:4F:A9:CA:30:BD:03:27:77:23:03:0B:0B:3B:88:B7
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       327D94E9BB6A8070A01E41659533CE8650D6A280
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS214259.roa
Signing time:             Wed 06 Aug 2025 17:54:13 +0000
ROA not before:           Wed 06 Aug 2025 17:49:13 +0000
ROA not after:            Wed 05 Aug 2026 17:54:13 +0000
asID:                     214259
IP address blocks:        141.11.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Aug 2025 19:47:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:7d:94:e9:bb:6a:80:70:a0:1e:41:65:95:33:ce:86:50:d6:a2:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Aug  6 17:49:13 2025 GMT
            Not After : Aug  5 17:54:13 2026 GMT
        Subject: CN=26352AC81E4FA9CA30BD03277723030B0B3B88B7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:5c:59:b0:c8:71:69:22:d6:7b:bd:58:84:46:
                    ae:9b:73:8f:9f:a6:b2:d1:77:56:9b:6d:03:26:c8:
                    ac:de:39:b5:a0:12:bc:1d:2f:43:d1:e1:f4:7e:8d:
                    b2:7b:79:9f:72:3d:8a:1c:d8:13:c7:28:fb:0b:35:
                    2d:2f:3c:b3:34:18:08:43:09:3a:92:94:2d:42:05:
                    e0:33:ed:2e:9f:a8:28:85:27:cc:15:d4:85:e7:f2:
                    97:ca:a8:74:0e:8d:bb:30:56:14:44:50:c8:1f:1e:
                    ed:f4:01:dc:88:48:22:41:3f:ad:19:f5:eb:71:fa:
                    e1:e1:7a:a6:89:5f:0c:be:62:f7:05:22:86:bb:7b:
                    c9:0d:77:00:a3:d8:f4:d3:f7:83:ad:1d:9c:58:9d:
                    eb:c6:7d:63:1b:e4:1b:6b:29:d2:a0:9d:36:7d:5b:
                    24:18:45:7f:c3:7e:bf:0c:0b:46:5f:e4:10:d0:eb:
                    98:0d:23:e9:0f:51:cb:cb:70:27:58:10:11:e3:10:
                    89:11:b8:5a:49:00:5a:4a:0a:96:44:a4:39:3f:cd:
                    cf:b8:97:b7:64:21:4e:01:55:87:38:0b:6a:c4:05:
                    c6:3c:a5:31:7d:fb:99:8a:f5:e1:de:32:e3:40:55:
                    b3:1b:dc:9d:b9:d1:fd:54:d9:64:55:c5:0c:b6:89:
                    eb:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:35:2A:C8:1E:4F:A9:CA:30:BD:03:27:77:23:03:0B:0B:3B:88:B7
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS214259.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:2a:06:05:87:d9:03:ca:a7:71:cc:08:54:fd:5a:24:b1:6d:
         1f:35:2e:bb:2b:d7:e3:f7:34:7c:c8:6f:7b:44:c4:e8:fb:42:
         30:82:55:3a:a8:99:68:15:fc:7b:45:2c:b0:fd:2d:2f:2a:48:
         d1:90:1f:b5:07:85:14:60:f9:38:7e:ca:93:f1:ca:26:7b:6e:
         fe:59:ba:e5:09:5f:c2:96:58:73:48:b1:1b:33:0d:62:c0:ae:
         f3:77:76:5b:3f:f6:0d:0c:d5:23:85:90:6e:b4:3c:fc:fe:21:
         97:1e:1a:27:16:78:bc:08:87:f4:11:09:c2:f7:f1:db:ed:42:
         37:33:29:08:df:51:72:8c:de:07:7e:c3:1b:39:e5:b8:ed:4e:
         fe:62:0f:38:ef:94:4f:09:d5:96:bd:47:4d:6a:fb:f1:af:54:
         78:9e:5d:40:30:30:68:25:5d:8f:1b:27:48:50:48:13:2b:23:
         79:22:7d:cb:30:7a:42:c9:b8:30:e7:e9:bf:14:3c:bb:a6:8b:
         ca:c3:47:bb:7d:d4:06:5c:a1:d1:15:9e:ae:f3:6f:95:57:e0:
         83:ad:be:0a:8e:2e:cb:da:8f:80:59:b8:14:61:29:ca:05:90:
         a1:30:1c:fa:ba:3c:9e:6b:73:de:77:9a:31:27:b3:36:c3:ae:
         8f:f3:d6:6e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUMn2U6btqgHCgHkFllTPOhlDWooAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA4MDYxNzQ5MTNaFw0yNjA4MDUxNzU0MTNaMDMxMTAvBgNV
BAMTKDI2MzUyQUM4MUU0RkE5Q0EzMEJEMDMyNzc3MjMwMzBCMEIzQjg4QjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzXFmwyHFpItZ7vViERq6bc4+f
prLRd1abbQMmyKzeObWgErwdL0PR4fR+jbJ7eZ9yPYoc2BPHKPsLNS0vPLM0GAhD
CTqSlC1CBeAz7S6fqCiFJ8wV1IXn8pfKqHQOjbswVhREUMgfHu30AdyISCJBP60Z
9etx+uHheqaJXwy+YvcFIoa7e8kNdwCj2PTT94OtHZxYnevGfWMb5BtrKdKgnTZ9
WyQYRX/Dfr8MC0Zf5BDQ65gNI+kPUcvLcCdYEBHjEIkRuFpJAFpKCpZEpDk/zc+4
l7dkIU4BVYc4C2rEBcY8pTF9+5mK9eHeMuNAVbMb3J250f1U2WRVxQy2ietjAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUJjUqyB5PqcowvQMndyMDCws7iLcwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE0MjU5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQuh
MA0GCSqGSIb3DQEBCwUAA4IBAQAyKgYFh9kDyqdxzAhU/VoksW0fNS67K9fj9zR8
yG97RMTo+0IwglU6qJloFfx7RSyw/S0vKkjRkB+1B4UUYPk4fsqT8come27+Wbrl
CV/CllhzSLEbMw1iwK7zd3ZbP/YNDNUjhZButDz8/iGXHhonFni8CIf0EQnC9/Hb
7UI3MykI31FyjN4HfsMbOeW47U7+Yg8475RPCdWWvUdNavvxr1R4nl1AMDBoJV2P
GydIUEgTKyN5In3LMHpCybgw5+m/FDy7povKw0e7fdQGXKHRFZ6u82+VV+CDrb4K
ji7L2o+AWbgUYSnKBZChMBz6ujyea3Ped5oxJ7M2w66P89Zu
-----END CERTIFICATE-----