Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214025.roa
File:                     AS214025.roa (raw, json)
Hash identifier:          WNtareJ3YTKpurf9tsgLVdiMHuAQlp50lH4NXI7yGIg=
Subject key identifier:   43:E1:E3:95:2B:06:7A:D6:CB:2C:3C:C0:52:0C:F0:D5:58:A4:AF:E9
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       24486D9B9FA4FCA7BA164428BE6FD2D0337F272A
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214025.roa
Signing time:             Wed 06 May 2026 02:53:57 +0000
ROA not before:           Wed 06 May 2026 02:48:57 +0000
ROA not after:            Wed 05 May 2027 02:53:57 +0000
asID:                     214025
IP address blocks:        46.203.203.0/24 maxlen: 24
                          92.113.124.0/23 maxlen: 24
                          92.113.142.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:48:6d:9b:9f:a4:fc:a7:ba:16:44:28:be:6f:d2:d0:33:7f:27:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: May  6 02:48:57 2026 GMT
            Not After : May  5 02:53:57 2027 GMT
        Subject: CN=43E1E3952B067AD6CB2C3CC0520CF0D558A4AFE9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:29:1e:aa:b3:a9:71:18:d6:e7:51:be:21:db:
                    22:94:fb:d7:74:3c:c2:9c:4a:8f:ca:a1:8b:9c:f3:
                    d5:c2:6a:e0:22:4a:60:23:29:d7:ba:ed:1e:97:6f:
                    11:b5:aa:a3:d9:f2:75:57:ed:b7:5a:a1:a7:98:08:
                    0f:fa:56:6f:00:a0:db:e2:c3:62:a4:36:f0:ce:de:
                    a8:f2:a0:6f:fb:49:c6:ec:98:f4:3f:bf:b8:a9:43:
                    58:65:13:87:d0:03:07:fe:b5:fd:4b:ea:66:81:27:
                    44:8b:ea:0f:ce:57:99:87:e8:5e:c8:54:1e:2a:8b:
                    3f:76:c3:80:fe:71:4b:c4:b5:27:70:66:1f:1f:de:
                    75:58:f1:9b:0a:95:e8:1b:fc:3d:65:ee:d5:a3:52:
                    b4:17:80:26:56:ff:61:04:18:7c:04:8a:bb:0d:54:
                    00:7c:3f:4c:a8:ec:73:57:34:47:7e:fa:9b:02:83:
                    7b:78:5e:16:1d:93:36:a4:1e:ed:b1:a6:0d:05:84:
                    39:34:41:04:e6:92:be:a9:66:91:3f:df:ab:3d:b9:
                    99:b8:66:43:31:0c:3b:fa:d9:17:40:09:25:25:0f:
                    a9:9c:72:c2:0f:d7:df:9d:9c:d0:75:0c:44:2e:95:
                    e5:44:7e:2a:fd:9f:e4:86:9c:4e:2b:8d:15:4e:e5:
                    28:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:E1:E3:95:2B:06:7A:D6:CB:2C:3C:C0:52:0C:F0:D5:58:A4:AF:E9
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214025.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.203.203.0/24
                  92.113.124.0/23
                  92.113.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         73:cd:e5:c0:31:c6:c3:19:1f:7f:a5:3f:96:4f:42:e8:aa:60:
         b6:0b:23:28:a2:85:43:b4:12:9b:ec:04:73:3f:56:d5:c1:a8:
         19:98:7f:6b:ee:2e:cb:74:d9:3d:94:b4:93:c5:ea:f3:40:bb:
         7f:ea:f8:cb:84:f2:17:72:39:b4:94:f7:74:f4:89:dd:0a:6c:
         1f:cf:5d:6c:c2:67:cd:31:aa:88:24:1c:71:71:1e:74:22:bb:
         b7:1b:92:3d:90:59:91:43:33:ae:e2:83:63:57:c0:7b:fe:d1:
         40:7a:84:7e:f8:4b:5c:f7:8a:15:32:82:e4:67:62:de:f2:30:
         6a:5b:d5:df:37:5a:be:a9:03:cd:d6:43:65:3d:37:54:44:6e:
         e9:eb:c5:78:5c:78:c7:b6:04:4b:91:48:96:10:7b:eb:42:36:
         dc:2f:1f:de:0b:56:a5:d2:3a:ca:b1:6b:a8:e8:ec:9e:c9:ae:
         40:d0:8e:60:d9:0e:eb:f6:4a:30:be:1b:1f:d6:8a:db:61:4f:
         59:e5:4c:44:45:18:d1:5c:0d:58:44:3e:71:ac:65:c5:80:0c:
         67:a9:c0:db:fb:16:5a:0f:b2:08:75:8e:24:25:27:b8:f9:6a:
         07:13:6e:56:04:ef:47:9c:0e:74:38:a3:19:49:bb:27:64:69:
         1c:c6:75:52
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUJEhtm5+k/Ke6FkQovm/S0DN/JyowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA1MDYwMjQ4NTdaFw0yNzA1MDUwMjUzNTdaMDMxMTAvBgNV
BAMTKDQzRTFFMzk1MkIwNjdBRDZDQjJDM0NDMDUyMENGMEQ1NThBNEFGRTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4KR6qs6lxGNbnUb4h2yKU+9d0
PMKcSo/KoYuc89XCauAiSmAjKde67R6XbxG1qqPZ8nVX7bdaoaeYCA/6Vm8AoNvi
w2KkNvDO3qjyoG/7ScbsmPQ/v7ipQ1hlE4fQAwf+tf1L6maBJ0SL6g/OV5mH6F7I
VB4qiz92w4D+cUvEtSdwZh8f3nVY8ZsKlegb/D1l7tWjUrQXgCZW/2EEGHwEirsN
VAB8P0yo7HNXNEd++psCg3t4XhYdkzakHu2xpg0FhDk0QQTmkr6pZpE/36s9uZm4
ZkMxDDv62RdACSUlD6mccsIP19+dnNB1DEQuleVEfir9n+SGnE4rjRVO5SjlAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUQ+HjlSsGetbLLDzAUgzw1Vikr+kwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE0MDI1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALsvL
AwQBXHF8AwQBXHGOMA0GCSqGSIb3DQEBCwUAA4IBAQBzzeXAMcbDGR9/pT+WT0Lo
qmC2CyMoooVDtBKb7ARzP1bVwagZmH9r7i7LdNk9lLSTxerzQLt/6vjLhPIXcjm0
lPd09IndCmwfz11swmfNMaqIJBxxcR50Iru3G5I9kFmRQzOu4oNjV8B7/tFAeoR+
+Etc94oVMoLkZ2Le8jBqW9XfN1q+qQPN1kNlPTdURG7p68V4XHjHtgRLkUiWEHvr
QjbcLx/eC1al0jrKsWuo6Oyeya5A0I5g2Q7r9kowvhsf1orbYU9Z5UxERRjRXA1Y
RD5xrGXFgAxnqcDb+xZaD7IIdY4kJSe4+WoHE25WBO9HnA50OKMZSbsnZGkcxnVS
-----END CERTIFICATE-----