Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214432.roa
File:                     AS214432.roa (raw, json)
Hash identifier:          QSUGHb5DtwnWU2HqTe/i8I4lZuD96INpldI2o/IKfd8=
Subject key identifier:   29:BA:A3:5E:BB:BA:D7:59:21:B7:0C:97:12:4A:0B:2D:4B:D6:AD:E7
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       29BFDAA2A2FB6B818959F4FD2E8C5A2BC5228940
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214432.roa
Signing time:             Fri 10 Apr 2026 09:22:33 +0000
ROA not before:           Fri 10 Apr 2026 09:17:33 +0000
ROA not after:            Fri 09 Apr 2027 09:22:33 +0000
asID:                     214432
IP address blocks:        146.103.11.0/24 maxlen: 24
                          168.222.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:bf:da:a2:a2:fb:6b:81:89:59:f4:fd:2e:8c:5a:2b:c5:22:89:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 10 09:17:33 2026 GMT
            Not After : Apr  9 09:22:33 2027 GMT
        Subject: CN=29BAA35EBBBAD75921B70C97124A0B2D4BD6ADE7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:05:6b:68:f2:5d:6d:d1:30:2f:ed:c4:10:a2:
                    52:b7:ba:8c:00:cd:0d:8c:56:c3:63:f8:0e:e4:10:
                    0c:af:25:72:90:13:6d:02:c7:09:8b:db:fb:07:ca:
                    22:e8:4f:19:a1:2b:b1:48:ee:bc:8c:8a:f6:30:81:
                    6b:93:b7:d4:95:40:3d:87:73:0b:df:e4:8a:8e:97:
                    80:4d:96:5a:a0:06:66:a7:1a:81:63:62:3c:4b:0f:
                    76:fd:5c:9d:18:aa:13:f1:ff:2a:62:a0:2a:b6:71:
                    fa:cd:cc:43:69:4b:3a:ab:68:84:90:1d:20:42:81:
                    e6:3f:e1:6a:73:46:bf:36:63:24:83:d1:e7:30:80:
                    7f:27:16:34:bb:af:a9:fa:48:fc:ea:4a:f2:cc:f0:
                    69:66:d2:9a:75:d3:0c:74:1a:34:af:3e:d0:35:8a:
                    a8:ff:59:3f:67:30:a3:3f:49:11:30:02:bd:66:50:
                    93:08:6d:67:2d:68:3a:97:9b:c3:79:84:a0:8d:c8:
                    d4:52:ad:5d:6c:9e:33:3c:64:c4:64:5d:73:ea:e1:
                    98:f6:4e:3b:e3:84:4b:60:c3:61:cd:e5:2d:99:77:
                    a6:29:2e:76:5e:69:ad:f2:d3:7f:d5:f4:74:6c:46:
                    f2:bc:d1:77:9a:8f:52:1e:63:0b:d3:70:f0:01:35:
                    a0:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:BA:A3:5E:BB:BA:D7:59:21:B7:0C:97:12:4A:0B:2D:4B:D6:AD:E7
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.11.0/24
                  168.222.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:84:24:d9:f5:33:48:6d:8d:71:0c:e8:f0:a5:a4:ba:48:d7:
         95:f4:39:31:86:9d:a5:5c:16:78:91:be:ec:d6:f9:b5:25:f2:
         7f:ec:0a:35:d4:ee:20:26:47:ed:9e:83:5d:49:fa:e4:d7:a8:
         23:c9:b2:e7:9e:b3:c4:a3:6d:b8:ef:5a:8b:3e:c5:ae:ab:68:
         e6:70:75:62:0f:2d:91:48:b6:c4:be:67:3e:23:74:8f:ff:86:
         b7:4f:f4:46:95:22:8a:76:e7:da:e7:cb:f3:c9:ff:91:74:ae:
         8a:55:e1:b7:39:97:d0:ac:06:8e:11:36:05:6c:d0:49:67:e8:
         e9:40:4f:5c:25:34:09:ce:51:af:bc:9a:0a:d9:51:31:ce:15:
         c8:9e:c3:00:81:26:76:c1:92:f6:b0:df:39:a4:66:ea:aa:8e:
         6b:12:f4:ad:1a:f5:a2:3f:1c:70:16:07:2b:51:11:3a:e4:c0:
         50:67:b2:8c:fb:03:0f:d9:13:18:18:ff:52:bd:e2:77:1d:8a:
         e3:a1:e5:65:aa:f8:59:ad:80:50:c8:84:c6:52:c5:2e:1e:72:
         e9:20:e1:88:5c:29:da:7f:07:40:cb:e3:6a:73:ff:34:e9:cf:
         27:db:10:c9:55:e1:56:52:3e:ed:77:b2:d6:24:28:9f:74:1f:
         8d:bd:4d:ed
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUKb/aoqL7a4GJWfT9LoxaK8UiiUAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA0MTAwOTE3MzNaFw0yNzA0MDkwOTIyMzNaMDMxMTAvBgNV
BAMTKDI5QkFBMzVFQkJCQUQ3NTkyMUI3MEM5NzEyNEEwQjJENEJENkFERTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEBWto8l1t0TAv7cQQolK3uowA
zQ2MVsNj+A7kEAyvJXKQE20CxwmL2/sHyiLoTxmhK7FI7ryMivYwgWuTt9SVQD2H
cwvf5IqOl4BNllqgBmanGoFjYjxLD3b9XJ0YqhPx/ypioCq2cfrNzENpSzqraISQ
HSBCgeY/4WpzRr82YySD0ecwgH8nFjS7r6n6SPzqSvLM8Glm0pp10wx0GjSvPtA1
iqj/WT9nMKM/SREwAr1mUJMIbWctaDqXm8N5hKCNyNRSrV1snjM8ZMRkXXPq4Zj2
TjvjhEtgw2HN5S2Zd6YpLnZeaa3y03/V9HRsRvK80Xeaj1IeYwvTcPABNaCPAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUKbqjXru611khtwyXEkoLLUvWrecwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE0NDMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAkmcL
AwQAqN4vMA0GCSqGSIb3DQEBCwUAA4IBAQAEhCTZ9TNIbY1xDOjwpaS6SNeV9Dkx
hp2lXBZ4kb7s1vm1JfJ/7Ao11O4gJkftnoNdSfrk16gjybLnnrPEo22471qLPsWu
q2jmcHViDy2RSLbEvmc+I3SP/4a3T/RGlSKKdufa58vzyf+RdK6KVeG3OZfQrAaO
ETYFbNBJZ+jpQE9cJTQJzlGvvJoK2VExzhXInsMAgSZ2wZL2sN85pGbqqo5rEvSt
GvWiPxxwFgcrURE65MBQZ7KM+wMP2RMYGP9SveJ3HYrjoeVlqvhZrYBQyITGUsUu
HnLpIOGIXCnafwdAy+Nqc/806c8n2xDJVeFWUj7td7LWJCifdB+NvU3t
-----END CERTIFICATE-----