Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214432.roa
File:                     AS214432.roa (raw, json)
Hash identifier:          MFIM9IateDdChl3NmOsKbgwZr393SAHxTR70xLs4UAg=
Subject key identifier:   D5:BD:F2:62:A9:5D:92:C0:F6:81:3E:01:10:64:15:F4:11:05:9F:C3
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       01E9DFF7CECA18A17CBDC4EA204A3C7D524CA814
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214432.roa
Signing time:             Mon 23 Mar 2026 06:11:12 +0000
ROA not before:           Mon 23 Mar 2026 06:06:12 +0000
ROA not after:            Mon 22 Mar 2027 06:11:12 +0000
asID:                     214432
IP address blocks:        46.202.15.0/24 maxlen: 24
                          178.94.45.0/24 maxlen: 24
                          178.94.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:e9:df:f7:ce:ca:18:a1:7c:bd:c4:ea:20:4a:3c:7d:52:4c:a8:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Mar 23 06:06:12 2026 GMT
            Not After : Mar 22 06:11:12 2027 GMT
        Subject: CN=D5BDF262A95D92C0F6813E01106415F411059FC3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:bd:d3:4e:08:ad:64:78:78:91:7d:94:dd:3d:
                    2a:a0:8f:11:01:0d:0d:cc:d0:b7:56:23:85:83:45:
                    dd:77:49:f3:82:92:e6:1b:0c:f0:3d:19:93:a3:77:
                    1a:22:68:b9:97:4f:4a:2a:3b:03:01:15:2d:c1:47:
                    f5:c9:7b:08:9b:08:f7:c6:f6:6c:8e:1d:b6:43:8b:
                    f6:b6:c3:db:39:17:ee:0f:db:e3:a5:f4:1e:09:f9:
                    2b:b2:3c:3c:2a:b0:8f:a3:df:87:2a:f0:3b:3b:c9:
                    48:ab:91:cb:47:85:7c:b7:1f:11:76:c1:ef:06:a2:
                    54:3f:ce:6a:ac:a9:16:7e:83:bf:4e:5e:24:db:8a:
                    00:f0:3a:a4:d2:be:39:73:1e:61:4f:96:71:95:db:
                    4d:e6:a9:0c:fc:67:df:5e:c2:91:52:a8:89:1a:a6:
                    26:91:88:e8:f4:0e:82:a9:15:7b:c3:3f:f0:fb:62:
                    6d:7e:32:7b:e6:8a:d1:a6:a8:96:21:50:23:93:39:
                    57:9c:ff:a1:7d:88:99:f3:dc:82:92:95:31:8a:b8:
                    bd:b2:8d:44:7e:e5:5d:ee:94:0a:7f:d0:f9:73:78:
                    0f:57:ec:2a:d3:61:2c:da:fa:29:da:54:56:4a:1e:
                    fb:31:70:66:bf:8d:2d:09:df:18:8b:d8:df:b2:17:
                    c1:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:BD:F2:62:A9:5D:92:C0:F6:81:3E:01:10:64:15:F4:11:05:9F:C3
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.202.15.0/24
                  178.94.45.0-178.94.46.255

    Signature Algorithm: sha256WithRSAEncryption
         aa:f8:95:56:75:da:8b:25:a4:0d:84:ac:d7:74:30:ee:81:53:
         57:94:34:24:2c:ba:b1:dc:39:54:1e:3e:7a:b5:ab:d5:87:0b:
         d9:01:75:0e:9f:59:f1:07:84:49:5a:57:c6:4e:1f:99:e8:da:
         a2:98:db:91:52:89:39:02:62:6b:14:22:c3:01:98:53:e1:8c:
         37:e5:77:f5:3c:1d:76:22:01:46:5f:24:41:1c:04:b7:0a:25:
         c6:ac:3e:fa:77:1a:ad:af:99:f2:f2:29:f0:1d:b7:c8:a1:7c:
         b5:34:d0:08:64:6f:99:34:91:ca:02:30:67:5c:3a:a8:91:3f:
         ac:b2:56:92:b3:e9:78:3d:ce:b6:e5:f3:6c:7e:ec:5f:8e:09:
         10:05:c0:11:ce:a4:8a:93:2d:81:22:39:84:e2:53:64:a4:e1:
         6d:65:88:43:c6:65:3e:cb:ff:2b:43:f6:5d:ef:23:cf:b6:fe:
         0c:11:fb:6a:97:5a:23:e4:43:8a:2a:af:1f:3d:1f:2f:fb:d6:
         86:b4:9e:6a:54:5e:a2:92:b5:89:c5:0e:97:75:ef:33:cd:00:
         bb:4e:fd:e2:64:44:7d:5f:90:3d:2a:2d:6b:b9:4d:15:e6:9f:
         98:fb:9d:3a:38:45:eb:33:fd:c1:e5:0c:3f:ba:68:6e:92:8f:
         90:e3:db:6b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgIUAenf987KGKF8vcTqIEo8fVJMqBQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjAzMjMwNjA2MTJaFw0yNzAzMjIwNjExMTJaMDMxMTAvBgNV
BAMTKEQ1QkRGMjYyQTk1RDkyQzBGNjgxM0UwMTEwNjQxNUY0MTEwNTlGQzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDavdNOCK1keHiRfZTdPSqgjxEB
DQ3M0LdWI4WDRd13SfOCkuYbDPA9GZOjdxoiaLmXT0oqOwMBFS3BR/XJewibCPfG
9myOHbZDi/a2w9s5F+4P2+Ol9B4J+SuyPDwqsI+j34cq8Ds7yUirkctHhXy3HxF2
we8GolQ/zmqsqRZ+g79OXiTbigDwOqTSvjlzHmFPlnGV203mqQz8Z99ewpFSqIka
piaRiOj0DoKpFXvDP/D7Ym1+MnvmitGmqJYhUCOTOVec/6F9iJnz3IKSlTGKuL2y
jUR+5V3ulAp/0PlzeA9X7CrTYSza+inaVFZKHvsxcGa/jS0J3xiL2N+yF8HRAgMB
AAGjggIYMIICFDAdBgNVHQ4EFgQU1b3yYqldksD2gT4BEGQV9BEFn8MwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE0NDMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQALsoP
MAwDBACyXi0DBACyXi4wDQYJKoZIhvcNAQELBQADggEBAKr4lVZ12oslpA2ErNd0
MO6BU1eUNCQsurHcOVQePnq1q9WHC9kBdQ6fWfEHhElaV8ZOH5no2qKY25FSiTkC
YmsUIsMBmFPhjDfld/U8HXYiAUZfJEEcBLcKJcasPvp3Gq2vmfLyKfAdt8ihfLU0
0Ahkb5k0kcoCMGdcOqiRP6yyVpKz6Xg9zrbl82x+7F+OCRAFwBHOpIqTLYEiOYTi
U2Sk4W1liEPGZT7L/ytD9l3vI8+2/gwR+2qXWiPkQ4oqrx89Hy/71oa0nmpUXqKS
tYnFDpd17zPNALtO/eJkRH1fkD0qLWu5TRXmn5j7nTo4Resz/cHlDD+6aG6Sj5Dj
22s=
-----END CERTIFICATE-----