Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214432.roa
File:                     AS214432.roa (raw, json)
Hash identifier:          8xOaTAN3MXCEOEsy89ZhTs4aVnX6m9UkBMgjirGLMIw=
Subject key identifier:   82:F4:7B:35:D6:12:EF:66:5E:E3:16:C4:28:7D:0A:83:41:49:7D:87
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       6131124F5294735D7D65ABA8F4EF70B102845713
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214432.roa
Signing time:             Mon 22 Sep 2025 00:00:22 +0000
ROA not before:           Sun 21 Sep 2025 23:55:22 +0000
ROA not after:            Mon 21 Sep 2026 00:00:22 +0000
asID:                     214432
IP address blocks:        178.93.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:31:12:4f:52:94:73:5d:7d:65:ab:a8:f4:ef:70:b1:02:84:57:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Sep 21 23:55:22 2025 GMT
            Not After : Sep 21 00:00:22 2026 GMT
        Subject: CN=82F47B35D612EF665EE316C4287D0A8341497D87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:c2:e7:1c:b7:ab:3a:4a:95:03:f5:7d:41:3b:
                    30:15:b4:19:3a:8a:7d:8d:a0:ec:aa:d2:d8:78:a2:
                    d1:5f:5e:4f:6c:e0:fc:46:5d:be:ca:4d:83:2d:cc:
                    e0:fe:f2:bf:da:7b:85:5d:66:4f:e0:e7:2a:62:b3:
                    53:7c:e8:b1:81:f0:d4:de:2f:d1:4a:9b:72:87:4a:
                    0f:a5:89:01:d2:cf:90:0c:c3:af:39:97:47:5d:40:
                    b2:7e:47:5c:d9:28:31:4a:87:00:85:b3:15:e8:12:
                    98:51:18:14:31:b1:23:fb:69:c1:fe:9c:8e:86:c1:
                    e7:61:b2:bb:d5:d1:e7:1a:ed:82:32:40:08:39:09:
                    86:74:e5:e1:3f:4a:46:28:cf:2d:1b:33:0a:c9:e3:
                    c8:2c:27:9d:d8:d3:23:7c:cb:09:f5:73:7a:15:1f:
                    91:b8:36:2d:29:87:8a:78:1a:e4:36:59:cb:07:4e:
                    db:93:66:ce:15:b3:27:7a:0f:85:70:fb:18:32:ec:
                    0a:b1:ec:67:83:9b:77:76:0c:3d:76:69:d8:cc:d5:
                    5b:8d:41:fe:a4:de:71:a4:f8:17:bc:73:88:96:43:
                    81:34:09:0c:b4:7c:ea:ec:9d:b0:95:83:9d:e3:ba:
                    51:52:e8:17:08:d4:ce:5c:11:2e:b9:c1:45:c2:66:
                    a5:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:F4:7B:35:D6:12:EF:66:5E:E3:16:C4:28:7D:0A:83:41:49:7D:87
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.93.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:98:d5:e4:34:c3:35:8c:57:37:b2:8f:d5:a0:2c:84:12:f0:
         dd:89:59:53:d0:ef:ea:c8:41:07:00:1e:02:ee:e7:21:39:37:
         1e:67:5e:a0:2a:87:e7:95:80:3e:e8:f7:69:97:a1:eb:40:1e:
         25:5a:17:0b:33:47:fe:8a:95:fc:72:a0:f1:ec:f8:90:eb:73:
         e2:4b:45:3a:ed:57:94:8a:ec:77:fe:c4:2f:34:9c:80:7d:65:
         ea:41:12:62:fd:f8:8d:0e:f2:36:8c:52:6d:a3:6b:69:7c:ea:
         47:b6:a7:10:7e:5a:6f:45:58:5d:29:e2:9c:71:0e:e1:3f:04:
         18:a5:9d:da:ad:7f:0d:b5:55:4f:e8:a0:de:09:0a:89:43:dc:
         9e:6e:28:e9:49:a1:3c:83:ce:4b:64:d8:ac:e4:e1:93:c4:b8:
         47:3b:a1:d3:c2:00:a4:9b:af:51:0d:b0:8c:c3:68:bb:4e:6b:
         ed:03:62:ce:0f:fa:ba:db:8d:0d:f6:7e:2b:56:75:65:7e:b3:
         2a:6c:37:c3:f8:16:93:65:10:fb:5d:9b:28:82:5f:ce:0d:90:
         f9:99:05:7d:a0:5a:9d:be:ae:76:bd:4e:3b:bd:3e:0b:cd:82:
         96:af:74:4d:3b:ff:b4:d6:52:9f:40:7a:01:38:65:c8:ed:e8:
         56:8f:fd:a7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUYTEST1KUc119Zauo9O9wsQKEVxMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA5MjEyMzU1MjJaFw0yNjA5MjEwMDAwMjJaMDMxMTAvBgNV
BAMTKDgyRjQ3QjM1RDYxMkVGNjY1RUUzMTZDNDI4N0QwQTgzNDE0OTdEODcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjwucct6s6SpUD9X1BOzAVtBk6
in2NoOyq0th4otFfXk9s4PxGXb7KTYMtzOD+8r/ae4VdZk/g5ypis1N86LGB8NTe
L9FKm3KHSg+liQHSz5AMw685l0ddQLJ+R1zZKDFKhwCFsxXoEphRGBQxsSP7acH+
nI6GwedhsrvV0eca7YIyQAg5CYZ05eE/SkYozy0bMwrJ48gsJ53Y0yN8ywn1c3oV
H5G4Ni0ph4p4GuQ2WcsHTtuTZs4Vsyd6D4Vw+xgy7Aqx7GeDm3d2DD12adjM1VuN
Qf6k3nGk+Be8c4iWQ4E0CQy0fOrsnbCVg53julFS6BcI1M5cES65wUXCZqXlAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUgvR7NdYS72Ze4xbEKH0Kg0FJfYcwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE0NDMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsl3G
MA0GCSqGSIb3DQEBCwUAA4IBAQCNmNXkNMM1jFc3so/VoCyEEvDdiVlT0O/qyEEH
AB4C7uchOTceZ16gKofnlYA+6Pdpl6HrQB4lWhcLM0f+ipX8cqDx7PiQ63PiS0U6
7VeUiux3/sQvNJyAfWXqQRJi/fiNDvI2jFJto2tpfOpHtqcQflpvRVhdKeKccQ7h
PwQYpZ3arX8NtVVP6KDeCQqJQ9yebijpSaE8g85LZNis5OGTxLhHO6HTwgCkm69R
DbCMw2i7TmvtA2LOD/q6240N9n4rVnVlfrMqbDfD+BaTZRD7XZsogl/ODZD5mQV9
oFqdvq52vU47vT4LzYKWr3RNO/+01lKfQHoBOGXI7ehWj/2n
-----END CERTIFICATE-----