Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214578.roa
File:                     AS214578.roa (raw, json)
Hash identifier:          SdjNzCtlOus/o3X1+PPPryvQmxpkb+qPFeTAOUNKUew=
Subject key identifier:   E3:AB:2C:B5:FB:CF:F4:EA:F3:4E:E3:52:FF:38:12:0B:DD:66:FF:DD
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       7749C0528F0F681D7B13BF936E08E66E55A87092
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214578.roa
Signing time:             Fri 05 Jun 2026 05:27:06 +0000
ROA not before:           Fri 05 Jun 2026 05:22:06 +0000
ROA not after:            Fri 04 Jun 2027 05:27:06 +0000
asID:                     214578
IP address blocks:        143.14.192.0/24 maxlen: 24
                          155.117.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 19:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:49:c0:52:8f:0f:68:1d:7b:13:bf:93:6e:08:e6:6e:55:a8:70:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun  5 05:22:06 2026 GMT
            Not After : Jun  4 05:27:06 2027 GMT
        Subject: CN=E3AB2CB5FBCFF4EAF34EE352FF38120BDD66FFDD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:80:64:f4:70:3f:62:08:14:27:ad:e2:2a:2c:
                    e1:fb:e2:75:e8:cf:ea:01:7c:d8:9d:72:65:ad:6b:
                    28:d0:9a:9c:90:32:f3:af:bc:f9:28:af:b7:24:f2:
                    6d:63:5c:e7:f9:c4:9c:60:78:8e:e2:90:8e:9e:0b:
                    e2:e2:05:67:0f:d5:f0:cb:40:85:96:b2:74:33:14:
                    df:9a:13:3c:1d:9d:b1:81:70:8f:0f:e4:ee:7d:38:
                    b4:65:af:ea:21:b9:9a:8a:7d:eb:b8:58:73:26:03:
                    e6:43:54:23:05:85:1f:4f:c3:76:fd:71:c0:d4:c9:
                    97:ec:62:4f:31:80:6f:df:85:40:7a:3a:62:f8:64:
                    90:3b:c3:87:ad:d2:22:e0:8c:90:90:da:b1:42:0d:
                    11:ac:e4:ef:05:bf:3f:2a:72:63:62:48:4d:06:00:
                    e4:15:fe:da:cc:a6:90:0c:99:32:7d:a7:ad:72:94:
                    60:f3:be:c2:a7:93:6a:a3:a3:b5:96:64:b8:43:48:
                    84:34:f2:1c:10:4e:1c:cc:6e:6e:c3:67:ac:d4:d9:
                    6c:05:1e:ae:a9:38:89:9e:4d:4b:53:38:57:fd:ec:
                    1f:b8:3c:9e:dd:8d:8b:2b:cd:2b:3c:f9:ba:65:c3:
                    c4:a8:8a:1d:a4:79:94:c7:fa:0b:b3:43:78:16:16:
                    b1:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:AB:2C:B5:FB:CF:F4:EA:F3:4E:E3:52:FF:38:12:0B:DD:66:FF:DD
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214578.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.192.0/24
                  155.117.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:45:be:5e:42:55:a5:53:0c:1d:49:43:70:cf:d4:85:d4:62:
         95:3f:04:26:56:37:a0:e4:ba:25:68:13:cf:5e:e1:2c:98:25:
         8c:1f:4c:33:9c:47:a5:ff:ee:45:19:be:5e:85:b5:46:53:b9:
         9d:e2:05:c6:e5:2f:e6:a5:30:8a:68:98:ac:b5:e2:8f:1c:ba:
         37:d9:a2:0b:e8:28:1b:b6:f1:88:ed:d4:ce:3e:ac:65:ec:78:
         ab:24:72:68:8d:50:6a:9d:bc:fb:ab:b1:03:1a:01:c2:fa:7b:
         0f:8f:a7:e3:03:27:35:d2:27:b5:58:36:b4:01:3f:5a:77:80:
         e0:98:1f:ca:f7:b7:49:49:4b:3d:9d:8f:ee:3e:93:91:c9:c5:
         e5:14:64:73:a9:fa:89:7e:d9:fe:90:b4:91:36:b6:f7:c6:38:
         e4:c5:2b:1f:ec:2d:42:fc:d2:8c:91:71:00:2f:92:bc:8f:a0:
         2c:8a:6a:ac:df:ac:1e:3e:e9:a3:88:19:a5:42:e3:9d:bf:82:
         1b:82:ce:48:c5:37:5d:a9:49:11:b1:44:bd:59:17:0e:60:cc:
         4a:3b:78:55:1a:8d:ec:3e:40:26:01:fb:67:da:e1:3a:73:5e:
         a9:e7:45:1a:8a:2c:e5:30:7c:78:59:4b:28:9a:d7:c9:eb:f3:
         73:8e:6d:66
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUd0nAUo8PaB17E7+TbgjmblWocJIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MDUwNTIyMDZaFw0yNzA2MDQwNTI3MDZaMDMxMTAvBgNV
BAMTKEUzQUIyQ0I1RkJDRkY0RUFGMzRFRTM1MkZGMzgxMjBCREQ2NkZGREQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCugGT0cD9iCBQnreIqLOH74nXo
z+oBfNidcmWtayjQmpyQMvOvvPkor7ck8m1jXOf5xJxgeI7ikI6eC+LiBWcP1fDL
QIWWsnQzFN+aEzwdnbGBcI8P5O59OLRlr+ohuZqKfeu4WHMmA+ZDVCMFhR9Pw3b9
ccDUyZfsYk8xgG/fhUB6OmL4ZJA7w4et0iLgjJCQ2rFCDRGs5O8Fvz8qcmNiSE0G
AOQV/trMppAMmTJ9p61ylGDzvsKnk2qjo7WWZLhDSIQ08hwQThzMbm7DZ6zU2WwF
Hq6pOImeTUtTOFf97B+4PJ7djYsrzSs8+bplw8Soih2keZTH+guzQ3gWFrGHAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU46sstfvP9OrzTuNS/zgSC91m/90wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE0NTc4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjw7A
AwQAm3X5MA0GCSqGSIb3DQEBCwUAA4IBAQBZRb5eQlWlUwwdSUNwz9SF1GKVPwQm
Vjeg5LolaBPPXuEsmCWMH0wznEel/+5FGb5ehbVGU7md4gXG5S/mpTCKaJisteKP
HLo32aIL6CgbtvGI7dTOPqxl7HirJHJojVBqnbz7q7EDGgHC+nsPj6fjAyc10ie1
WDa0AT9ad4DgmB/K97dJSUs9nY/uPpORycXlFGRzqfqJftn+kLSRNrb3xjjkxSsf
7C1C/NKMkXEAL5K8j6Asimqs36wePumjiBmlQuOdv4Ibgs5IxTddqUkRsUS9WRcO
YMxKO3hVGo3sPkAmAftn2uE6c16p50UaiizlMHx4WUsomtfJ6/Nzjm1m
-----END CERTIFICATE-----