Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS214828.roa
File:                     AS214828.roa (raw, json)
Hash identifier:          JrVUP3u/023kVCJ5/bUCw6v8KIu8YuPRoVye7eCmzds=
Subject key identifier:   F9:EE:66:A6:87:2A:52:CF:A5:06:DE:B0:1F:4F:05:2A:5D:B2:A9:C2
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       6ACAFF4ACAE955856B2370CB0D481B13C373C318
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS214828.roa
Signing time:             Fri 08 Aug 2025 14:38:27 +0000
ROA not before:           Fri 08 Aug 2025 14:33:27 +0000
ROA not after:            Fri 07 Aug 2026 14:38:27 +0000
asID:                     214828
IP address blocks:        141.11.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Aug 2025 19:47:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:ca:ff:4a:ca:e9:55:85:6b:23:70:cb:0d:48:1b:13:c3:73:c3:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Aug  8 14:33:27 2025 GMT
            Not After : Aug  7 14:38:27 2026 GMT
        Subject: CN=F9EE66A6872A52CFA506DEB01F4F052A5DB2A9C2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:be:9a:c0:ce:b9:a6:5b:b9:7e:ad:4b:d0:b5:
                    20:d5:8c:d9:a9:0c:f3:d4:8f:3d:49:ef:68:f7:84:
                    7f:97:35:03:4d:19:41:87:18:97:48:7a:31:15:b5:
                    c9:85:3e:4a:ca:3d:8e:bb:b0:e2:01:00:dd:af:96:
                    80:bd:98:0e:07:ca:56:32:0f:03:f7:19:5d:d7:32:
                    ce:e7:4c:2b:83:55:0c:50:c9:8f:49:32:12:5b:43:
                    1b:6b:50:e8:94:21:bf:b9:62:07:fc:35:25:a0:c3:
                    78:49:59:85:27:e3:ce:3b:61:ae:89:ed:63:5e:4e:
                    15:8e:a0:dd:ca:0a:ba:72:f1:c1:48:ad:7b:10:4c:
                    59:2c:20:2e:48:71:2d:bb:c4:f3:27:38:4b:40:26:
                    d1:03:3d:30:73:e3:29:a1:8c:6d:aa:d7:57:5e:ae:
                    26:94:6d:4b:af:9c:0e:9e:6c:4c:ba:71:3c:62:24:
                    a1:4c:e8:7c:d8:6a:4f:7c:a1:fa:e0:1a:39:2c:44:
                    29:ba:0e:45:57:92:82:35:f1:00:78:7a:09:28:14:
                    92:88:f7:19:8a:8c:88:52:18:16:ba:b3:76:3d:13:
                    43:a4:cf:86:07:da:5c:cd:d0:8e:5b:83:85:ad:5e:
                    a4:16:bc:8a:57:0c:7d:d3:a1:0a:ae:f5:12:d9:61:
                    60:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:EE:66:A6:87:2A:52:CF:A5:06:DE:B0:1F:4F:05:2A:5D:B2:A9:C2
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS214828.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:bb:7c:80:52:a5:81:ad:db:52:7b:f2:1f:1f:f3:13:ae:af:
         5e:37:b2:43:3b:20:31:0e:63:7e:7e:0d:2d:ba:5c:64:71:2d:
         53:87:fd:05:18:0d:5d:67:3c:b7:8d:ee:36:df:c1:f4:01:c5:
         a6:7f:31:0c:60:a6:f4:cb:43:f5:41:11:ab:d2:38:39:9e:ce:
         c3:47:4d:91:d0:67:8e:44:dc:3a:30:85:89:8e:c4:14:d2:18:
         62:9d:ed:2e:8e:8b:f6:be:6e:e7:ef:87:cd:a5:68:d2:d8:33:
         24:e3:6a:6c:e4:f0:cc:64:5d:29:00:37:c7:d5:3d:43:b4:87:
         02:7e:fb:6d:34:e3:97:e3:a2:d6:2a:15:a6:f4:df:2a:30:74:
         cb:3f:c0:20:3b:45:9b:39:8d:3f:d9:b6:f6:63:ca:14:4d:dc:
         8e:b4:78:f0:33:2d:1a:8b:22:64:8e:d9:06:6e:04:42:a7:05:
         22:32:40:43:c8:f3:67:46:74:d6:e9:c5:76:16:16:26:22:69:
         ff:81:3b:c4:de:c6:66:a4:cc:02:a9:bd:b1:21:2e:c7:b2:e3:
         66:d9:74:24:5f:c9:1b:cf:91:74:db:19:a1:86:88:ab:c0:58:
         4f:52:82:d2:33:a5:dc:28:98:40:45:28:81:18:8f:0a:ba:cc:
         01:96:ad:6b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUasr/SsrpVYVrI3DLDUgbE8NzwxgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA4MDgxNDMzMjdaFw0yNjA4MDcxNDM4MjdaMDMxMTAvBgNV
BAMTKEY5RUU2NkE2ODcyQTUyQ0ZBNTA2REVCMDFGNEYwNTJBNURCMkE5QzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCivprAzrmmW7l+rUvQtSDVjNmp
DPPUjz1J72j3hH+XNQNNGUGHGJdIejEVtcmFPkrKPY67sOIBAN2vloC9mA4HylYy
DwP3GV3XMs7nTCuDVQxQyY9JMhJbQxtrUOiUIb+5Ygf8NSWgw3hJWYUn4847Ya6J
7WNeThWOoN3KCrpy8cFIrXsQTFksIC5IcS27xPMnOEtAJtEDPTBz4ymhjG2q11de
riaUbUuvnA6ebEy6cTxiJKFM6HzYak98ofrgGjksRCm6DkVXkoI18QB4egkoFJKI
9xmKjIhSGBa6s3Y9E0Okz4YH2lzN0I5bg4WtXqQWvIpXDH3ToQqu9RLZYWC7AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU+e5mpocqUs+lBt6wH08FKl2yqcIwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE0ODI4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQvH
MA0GCSqGSIb3DQEBCwUAA4IBAQALu3yAUqWBrdtSe/IfH/MTrq9eN7JDOyAxDmN+
fg0tulxkcS1Th/0FGA1dZzy3je4238H0AcWmfzEMYKb0y0P1QRGr0jg5ns7DR02R
0GeORNw6MIWJjsQU0hhine0ujov2vm7n74fNpWjS2DMk42ps5PDMZF0pADfH1T1D
tIcCfvttNOOX46LWKhWm9N8qMHTLP8AgO0WbOY0/2bb2Y8oUTdyOtHjwMy0aiyJk
jtkGbgRCpwUiMkBDyPNnRnTW6cV2FhYmImn/gTvE3sZmpMwCqb2xIS7HsuNm2XQk
X8kbz5F02xmhhoirwFhPUoLSM6XcKJhARSiBGI8KuswBlq1r
-----END CERTIFICATE-----