Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214432.roa
File:                     AS214432.roa (raw, json)
Hash identifier:          TtkvVBZnbP1rvdIGA6b9Ewm2WnQ+VutFFdsWJaR/nJ4=
Subject key identifier:   01:D7:63:EF:1D:7B:46:29:49:BD:3B:3B:09:5F:5A:FA:6C:E3:32:2E
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       0F324BA996DD9DD1FAD48AA64399F624219FA561
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214432.roa
Signing time:             Sat 14 Jun 2025 10:50:41 +0000
ROA not before:           Sat 14 Jun 2025 10:45:41 +0000
ROA not after:            Sat 13 Jun 2026 10:50:41 +0000
asID:                     214432
IP address blocks:        155.117.90.0/24 maxlen: 24
                          167.148.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Jun 2025 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:32:4b:a9:96:dd:9d:d1:fa:d4:8a:a6:43:99:f6:24:21:9f:a5:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun 14 10:45:41 2025 GMT
            Not After : Jun 13 10:50:41 2026 GMT
        Subject: CN=01D763EF1D7B462949BD3B3B095F5AFA6CE3322E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:95:0d:76:0f:c7:45:df:d7:c3:bf:e1:bf:10:
                    d4:cf:26:28:de:fa:50:9d:1d:eb:ad:a1:71:0e:cd:
                    9f:1e:a7:a2:b3:14:1a:be:61:cf:23:9f:ce:69:d8:
                    3b:be:12:50:89:c0:47:01:cc:4a:ea:c9:32:ab:12:
                    a7:a3:5a:be:f5:5e:af:07:71:1b:2a:2d:2a:45:41:
                    61:98:68:40:9f:eb:40:c5:f6:bb:e9:b1:42:5a:16:
                    08:14:fb:c4:a9:9b:c7:ea:13:6a:55:5e:02:4a:22:
                    0e:c3:ef:26:e9:12:c2:5b:e1:df:12:3b:16:d9:94:
                    a2:95:cb:d8:25:96:53:9a:13:84:14:df:fc:c8:d6:
                    7d:af:1c:3b:a4:aa:4b:32:56:54:30:09:d0:e7:92:
                    c6:54:0c:55:8d:b1:98:5d:9f:09:cc:8d:07:6a:8e:
                    bc:e2:1f:4b:fa:39:6f:3e:95:7e:70:5c:0d:e6:88:
                    6e:18:e1:ac:78:69:46:79:98:f2:0a:78:9c:c0:ba:
                    32:e1:29:98:c3:ca:df:01:ce:a7:50:b6:c7:5e:af:
                    2b:0e:19:d8:06:da:e4:1d:0b:ac:46:69:d9:81:ff:
                    04:e0:b9:18:c3:94:5e:83:d8:c8:7a:76:a3:bd:c3:
                    e6:1b:51:55:75:21:e0:02:8a:8d:d2:19:87:b9:c8:
                    6c:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:D7:63:EF:1D:7B:46:29:49:BD:3B:3B:09:5F:5A:FA:6C:E3:32:2E
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.90.0/24
                  167.148.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:04:a1:3c:5d:0d:8b:f9:3a:86:93:17:eb:f3:c9:64:0c:2c:
         d5:cc:56:f6:90:c7:49:ee:da:a2:aa:fb:b7:49:07:1c:cf:12:
         d5:0c:65:2a:b3:3a:06:86:e9:b8:59:f3:82:0d:9c:97:d2:bf:
         3c:f5:5f:91:2a:3c:7f:b5:00:7c:60:26:a3:71:be:d9:9e:2c:
         7c:e5:6c:c9:4d:06:eb:73:5f:56:db:1a:f7:1d:55:ea:39:6b:
         06:bb:ec:c6:cf:95:06:b4:d7:9e:08:ef:6f:3e:3d:1c:30:99:
         00:63:60:c0:20:d9:1c:58:cd:28:d7:d3:92:a7:9b:dc:42:8b:
         0e:06:43:8a:93:d3:29:33:16:e5:49:84:42:3b:b3:b1:fd:c4:
         83:f4:d6:a9:63:e5:e1:38:70:87:90:d5:13:79:f1:f0:50:a1:
         d4:42:d2:8b:64:50:57:73:33:7c:4f:cf:68:e3:31:3a:ac:de:
         67:f0:57:23:dc:d4:9d:c5:ff:75:5f:30:4a:70:45:ef:e5:45:
         f8:5a:3f:74:36:e9:eb:9f:bd:66:0d:45:f0:a3:2a:05:70:93:
         fa:4a:66:4b:d0:6a:aa:e8:8f:42:76:a0:96:b8:ad:9f:39:b7:
         f2:6d:9f:c3:49:13:36:1d:d8:b5:86:cf:8e:e2:30:2e:df:7b:
         66:ef:6f:89
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUDzJLqZbdndH61IqmQ5n2JCGfpWEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA2MTQxMDQ1NDFaFw0yNjA2MTMxMDUwNDFaMDMxMTAvBgNV
BAMTKDAxRDc2M0VGMUQ3QjQ2Mjk0OUJEM0IzQjA5NUY1QUZBNkNFMzMyMkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTlQ12D8dF39fDv+G/ENTPJije
+lCdHeutoXEOzZ8ep6KzFBq+Yc8jn85p2Du+ElCJwEcBzErqyTKrEqejWr71Xq8H
cRsqLSpFQWGYaECf60DF9rvpsUJaFggU+8Spm8fqE2pVXgJKIg7D7ybpEsJb4d8S
OxbZlKKVy9glllOaE4QU3/zI1n2vHDukqksyVlQwCdDnksZUDFWNsZhdnwnMjQdq
jrziH0v6OW8+lX5wXA3miG4Y4ax4aUZ5mPIKeJzAujLhKZjDyt8BzqdQtsderysO
GdgG2uQdC6xGadmB/wTguRjDlF6D2Mh6dqO9w+YbUVV1IeACio3SGYe5yGzvAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUAddj7x17RilJvTs7CV9a+mzjMi4wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE0NDMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAm3Va
AwQAp5QIMA0GCSqGSIb3DQEBCwUAA4IBAQAnBKE8XQ2L+TqGkxfr88lkDCzVzFb2
kMdJ7tqiqvu3SQcczxLVDGUqszoGhum4WfOCDZyX0r889V+RKjx/tQB8YCajcb7Z
nix85WzJTQbrc19W2xr3HVXqOWsGu+zGz5UGtNeeCO9vPj0cMJkAY2DAINkcWM0o
19OSp5vcQosOBkOKk9MpMxblSYRCO7Ox/cSD9NapY+XhOHCHkNUTefHwUKHUQtKL
ZFBXczN8T89o4zE6rN5n8Fcj3NSdxf91XzBKcEXv5UX4Wj90Nunrn71mDUXwoyoF
cJP6SmZL0Gqq6I9CdqCWuK2fObfybZ/DSRM2Hdi1hs+O4jAu33tm72+J
-----END CERTIFICATE-----