Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214025.roa
File:                     AS214025.roa (raw, json)
Hash identifier:          W1EWwv+aEkajzOqphIWB0EOVeIVTjZAc7fb1hL3xNag=
Subject key identifier:   31:78:2C:6A:7B:72:75:8B:0B:05:37:E0:7C:9A:92:89:A6:87:2A:A6
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       20F874CE03208382A0F9F23B802B4683611AA442
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214025.roa
Signing time:             Sun 01 Mar 2026 03:02:41 +0000
ROA not before:           Sun 01 Mar 2026 02:57:41 +0000
ROA not after:            Sun 28 Feb 2027 03:02:41 +0000
asID:                     214025
IP address blocks:        143.14.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:f8:74:ce:03:20:83:82:a0:f9:f2:3b:80:2b:46:83:61:1a:a4:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar  1 02:57:41 2026 GMT
            Not After : Feb 28 03:02:41 2027 GMT
        Subject: CN=31782C6A7B72758B0B0537E07C9A9289A6872AA6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:0c:77:02:4e:1c:84:a1:c0:1a:37:94:c7:ad:
                    0f:13:f3:e6:2e:45:72:c9:7c:91:37:ef:2b:25:8f:
                    84:70:9c:7c:20:66:eb:46:83:6a:ae:1e:cc:8e:9f:
                    99:e5:8f:9f:cb:2f:70:18:55:4b:50:31:55:96:52:
                    79:74:20:c4:f8:18:fd:f6:53:b5:81:30:8c:d0:06:
                    53:d5:83:af:26:6d:a7:b0:3a:3e:8d:3a:af:b3:e1:
                    6d:1e:83:99:6d:af:95:01:3c:66:44:78:76:9e:0b:
                    13:62:18:29:60:81:c8:08:54:73:f2:7b:4e:3d:e9:
                    7a:07:6d:76:61:77:0f:0a:ea:a0:7b:fb:97:f1:a4:
                    cc:7d:f3:03:20:80:e6:e2:ac:f8:36:6c:af:d9:75:
                    c7:d8:33:89:8f:32:51:0d:37:e0:d5:3c:96:40:63:
                    be:03:12:44:b5:c5:a5:07:90:10:6d:3c:41:70:2e:
                    37:1f:5d:83:56:92:0e:b0:41:30:b0:8e:06:b8:80:
                    3b:90:b1:29:44:25:36:d3:fa:50:da:60:47:8d:65:
                    d2:52:7d:f1:52:68:40:84:4d:54:28:bb:21:54:1e:
                    de:62:13:5e:ef:eb:45:70:a9:fc:86:3e:e7:09:3d:
                    e6:a3:aa:d4:d9:38:e6:90:15:f9:3d:5f:e8:51:a2:
                    6c:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:78:2C:6A:7B:72:75:8B:0B:05:37:E0:7C:9A:92:89:A6:87:2A:A6
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214025.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:21:fd:a9:1d:da:23:8f:cb:3a:2d:de:8d:10:8f:fb:75:53:
         1c:6d:b0:76:20:26:64:d6:51:bb:2c:04:12:70:9d:d3:d5:1c:
         84:ed:f8:88:45:d4:c4:d5:8f:57:4a:60:b1:44:d3:49:d4:8b:
         dd:ee:ce:90:8f:d3:a2:80:36:ef:fa:39:3c:99:d5:ba:0c:da:
         a3:4b:55:df:a3:28:61:8b:a1:16:3f:3d:f4:52:71:be:ff:5a:
         fd:22:21:e9:69:0c:ad:ec:e5:d1:e4:bb:5c:26:4e:f7:b0:ee:
         ec:a5:db:6e:14:ee:0a:e8:11:f7:cc:73:87:11:b0:9f:9d:5e:
         93:b7:ef:de:33:b3:b3:11:ab:c5:94:10:37:d0:36:9a:9c:f3:
         c7:65:2a:33:19:67:e0:8c:06:60:ec:16:11:db:4e:76:90:72:
         b3:43:fa:c7:5c:59:25:bb:80:a5:c9:5e:c4:83:8d:6e:02:e2:
         85:ea:83:3d:46:36:ef:d2:43:f7:ec:43:ce:3b:0a:3e:91:41:
         7f:31:7b:6d:f8:3c:51:c0:b2:fb:b8:e1:e2:6b:62:cf:fc:b4:
         ca:2e:39:f0:c4:e8:41:b6:74:ec:3e:54:16:1e:df:08:a7:42:
         f4:ec:ac:89:35:fa:17:cd:9f:bb:58:9a:76:40:65:19:c6:b1:
         66:46:3d:a7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUIPh0zgMgg4Kg+fI7gCtGg2EapEIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMDEwMjU3NDFaFw0yNzAyMjgwMzAyNDFaMDMxMTAvBgNV
BAMTKDMxNzgyQzZBN0I3Mjc1OEIwQjA1MzdFMDdDOUE5Mjg5QTY4NzJBQTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLDHcCThyEocAaN5THrQ8T8+Yu
RXLJfJE37yslj4RwnHwgZutGg2quHsyOn5nlj5/LL3AYVUtQMVWWUnl0IMT4GP32
U7WBMIzQBlPVg68mbaewOj6NOq+z4W0eg5ltr5UBPGZEeHaeCxNiGClggcgIVHPy
e0496XoHbXZhdw8K6qB7+5fxpMx98wMggObirPg2bK/ZdcfYM4mPMlENN+DVPJZA
Y74DEkS1xaUHkBBtPEFwLjcfXYNWkg6wQTCwjga4gDuQsSlEJTbT+lDaYEeNZdJS
ffFSaECETVQouyFUHt5iE17v60VwqfyGPucJPeajqtTZOOaQFfk9X+hRomzPAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUMXgsantydYsLBTfgfJqSiaaHKqYwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE0MDI1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjw7l
MA0GCSqGSIb3DQEBCwUAA4IBAQBxIf2pHdojj8s6Ld6NEI/7dVMcbbB2ICZk1lG7
LAQScJ3T1RyE7fiIRdTE1Y9XSmCxRNNJ1Ivd7s6Qj9OigDbv+jk8mdW6DNqjS1Xf
oyhhi6EWPz30UnG+/1r9IiHpaQyt7OXR5LtcJk73sO7spdtuFO4K6BH3zHOHEbCf
nV6Tt+/eM7OzEavFlBA30DaanPPHZSozGWfgjAZg7BYR2052kHKzQ/rHXFklu4Cl
yV7Eg41uAuKF6oM9Rjbv0kP37EPOOwo+kUF/MXtt+DxRwLL7uOHia2LP/LTKLjnw
xOhBtnTsPlQWHt8Ip0L07KyJNfoXzZ+7WJp2QGUZxrFmRj2n
-----END CERTIFICATE-----