Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214143.roa
File:                     AS214143.roa (raw, json)
Hash identifier:          B7+sLp1M6v4dOSUpbCUVzKrCYN//uzEF8x+hgR+3QZ8=
Subject key identifier:   B0:E3:BB:42:66:EB:94:1C:D6:7E:90:19:84:EB:20:60:59:1F:AA:53
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       203EB1F327A59500316E0734ED7D67FC14A1BD0E
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214143.roa
Signing time:             Tue 31 Mar 2026 11:46:56 +0000
ROA not before:           Tue 31 Mar 2026 11:41:56 +0000
ROA not after:            Tue 30 Mar 2027 11:46:56 +0000
asID:                     214143
IP address blocks:        143.14.32.0/24 maxlen: 24
                          143.14.228.0/24 maxlen: 24
                          143.14.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:3e:b1:f3:27:a5:95:00:31:6e:07:34:ed:7d:67:fc:14:a1:bd:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar 31 11:41:56 2026 GMT
            Not After : Mar 30 11:46:56 2027 GMT
        Subject: CN=B0E3BB4266EB941CD67E901984EB2060591FAA53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b5:5c:84:87:34:f3:63:6d:cd:32:3d:f7:4a:
                    04:8f:9e:95:bd:27:43:a7:93:3a:cd:a7:29:a4:76:
                    c6:ac:3a:d2:75:38:04:1c:e6:72:ee:78:34:2d:26:
                    53:e5:c5:41:64:25:ef:c7:12:14:14:01:66:29:28:
                    7c:d4:a6:e5:e7:c5:81:54:df:81:ab:65:06:de:59:
                    7b:95:6a:27:a3:68:e0:87:8f:41:c3:da:94:bb:7c:
                    5e:4a:62:cb:5b:a3:bf:36:17:1e:4b:05:50:c6:4f:
                    74:49:90:45:f4:dc:c0:2a:92:85:2a:c7:5f:5c:74:
                    42:db:64:76:b9:4a:b4:92:3d:ec:fa:ba:eb:5d:61:
                    d0:0f:b2:f6:75:82:e3:ff:97:c5:a4:fe:e7:e3:0f:
                    b0:02:94:40:f1:7a:57:02:6e:26:1c:1c:99:fa:da:
                    74:2e:9a:27:26:67:62:b9:a1:a1:a4:95:e8:2f:5f:
                    be:17:a1:ba:79:b2:44:24:b1:29:94:eb:89:a2:ec:
                    79:14:09:ad:fb:5f:ba:1a:0d:6a:62:25:02:7c:d8:
                    eb:1f:3f:d8:2b:e5:4f:cb:75:cf:1c:6b:02:c4:6c:
                    fe:ea:a7:ab:46:c0:be:1d:6a:15:0d:5a:b0:9b:8b:
                    2d:6f:94:33:27:67:fe:95:e1:eb:38:07:97:5c:4a:
                    3c:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:E3:BB:42:66:EB:94:1C:D6:7E:90:19:84:EB:20:60:59:1F:AA:53
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214143.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.32.0/24
                  143.14.228.0/24
                  143.14.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:5e:8f:41:73:54:b4:27:09:8e:64:e2:b0:d0:47:d4:1b:94:
         04:97:11:ff:59:5b:24:36:c2:1b:7d:cc:a6:9c:52:e1:03:05:
         f4:db:e9:1f:0b:34:a8:9e:4e:ac:33:d4:a0:fe:5e:1e:c3:52:
         49:3a:13:ca:37:d2:a1:fe:00:72:66:52:d1:9e:e5:3d:e9:fc:
         8a:30:9a:94:dd:2c:a3:90:f0:55:66:86:0f:d1:d7:b2:07:e6:
         73:50:a0:d7:98:c2:7f:09:d6:a5:18:bc:4f:43:89:72:f2:7b:
         3a:13:fa:7a:02:9e:c9:0d:3e:6b:95:40:88:28:55:d9:44:7d:
         ab:0b:38:1d:c8:d6:16:8c:7f:69:3a:63:74:a2:5f:d9:3a:38:
         af:31:d1:ea:28:70:60:27:65:18:a7:49:3e:85:31:04:04:41:
         ff:8b:0f:21:02:de:fd:22:97:de:0b:03:be:fb:d6:8e:75:1f:
         d5:ba:8b:be:0e:dd:a2:7f:61:8d:da:2c:c7:60:00:b7:15:a8:
         7a:69:da:8b:e1:4d:61:94:66:92:47:10:88:29:f3:ae:a0:24:
         4f:bd:c9:17:d2:63:63:fb:6b:18:fe:81:c5:63:e1:46:ef:ce:
         ce:a1:99:58:b3:91:91:ba:8d:9f:76:e8:48:dc:0e:bf:2e:99:
         5d:1c:85:ce
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUID6x8yellQAxbgc07X1n/BShvQ4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMzExMTQxNTZaFw0yNzAzMzAxMTQ2NTZaMDMxMTAvBgNV
BAMTKEIwRTNCQjQyNjZFQjk0MUNENjdFOTAxOTg0RUIyMDYwNTkxRkFBNTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8tVyEhzTzY23NMj33SgSPnpW9
J0OnkzrNpymkdsasOtJ1OAQc5nLueDQtJlPlxUFkJe/HEhQUAWYpKHzUpuXnxYFU
34GrZQbeWXuVaiejaOCHj0HD2pS7fF5KYstbo782Fx5LBVDGT3RJkEX03MAqkoUq
x19cdELbZHa5SrSSPez6uutdYdAPsvZ1guP/l8Wk/ufjD7AClEDxelcCbiYcHJn6
2nQumicmZ2K5oaGklegvX74Xobp5skQksSmU64mi7HkUCa37X7oaDWpiJQJ82Osf
P9gr5U/Ldc8cawLEbP7qp6tGwL4dahUNWrCbiy1vlDMnZ/6V4es4B5dcSjyZAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUsOO7QmbrlBzWfpAZhOsgYFkfqlMwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE0MTQzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjw4g
AwQAjw7kAwQAjw7wMA0GCSqGSIb3DQEBCwUAA4IBAQAhXo9Bc1S0JwmOZOKw0EfU
G5QElxH/WVskNsIbfcymnFLhAwX02+kfCzSonk6sM9Sg/l4ew1JJOhPKN9Kh/gBy
ZlLRnuU96fyKMJqU3SyjkPBVZoYP0deyB+ZzUKDXmMJ/CdalGLxPQ4ly8ns6E/p6
Ap7JDT5rlUCIKFXZRH2rCzgdyNYWjH9pOmN0ol/ZOjivMdHqKHBgJ2UYp0k+hTEE
BEH/iw8hAt79IpfeCwO++9aOdR/Vuou+Dt2if2GN2izHYAC3Fah6adqL4U1hlGaS
RxCIKfOuoCRPvckX0mNj+2sY/oHFY+FG787OoZlYs5GRuo2fduhI3A6/LpldHIXO
-----END CERTIFICATE-----