Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214579.roa
File:                     AS214579.roa (raw, json)
Hash identifier:          OkC66vnNw/jIBQ04ZLvH1LFub/NimcktArNJyEwOxwA=
Subject key identifier:   80:9E:BF:6C:22:5E:41:91:E8:7E:CF:68:22:D3:13:93:C7:A9:CF:20
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       79D03D2D249905283469D92F6EA6355E57D3B4AF
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214579.roa
Signing time:             Mon 03 Nov 2025 15:23:09 +0000
ROA not before:           Mon 03 Nov 2025 15:18:09 +0000
ROA not after:            Mon 02 Nov 2026 15:23:09 +0000
asID:                     214579
IP address blocks:        140.150.224.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:d0:3d:2d:24:99:05:28:34:69:d9:2f:6e:a6:35:5e:57:d3:b4:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Nov  3 15:18:09 2025 GMT
            Not After : Nov  2 15:23:09 2026 GMT
        Subject: CN=809EBF6C225E4191E87ECF6822D31393C7A9CF20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:78:21:a9:9c:17:50:7b:fa:84:0f:15:7d:84:
                    fc:79:09:d3:de:33:3d:d0:e1:7b:3b:79:35:01:c8:
                    80:a9:a3:6e:1f:85:6e:e2:98:1d:ea:41:27:b0:41:
                    2e:0c:51:ec:7d:c4:b2:77:ec:52:66:38:ef:67:1d:
                    db:da:14:90:d3:a1:7c:27:47:8f:ab:f3:c5:91:75:
                    8e:95:b7:c2:84:19:7b:21:ea:ac:a7:a4:47:e6:81:
                    5e:02:2a:cc:8d:0f:ce:ec:2a:7b:a6:c9:9c:82:1f:
                    b6:83:1f:59:2b:f3:af:b5:fa:90:fb:4c:0d:62:0a:
                    28:11:05:77:54:0f:78:e0:83:d3:ba:e4:da:ec:bf:
                    f4:3b:7b:6a:fb:1c:33:17:75:ee:02:61:cc:d5:2a:
                    d2:d0:03:62:f0:c8:5c:dd:a7:86:07:9a:96:92:f8:
                    a7:ba:43:99:25:13:b2:b3:b3:b3:f4:00:6e:b0:5a:
                    b3:e8:09:7e:ed:61:8d:69:5f:56:09:30:ed:71:ed:
                    ad:a3:13:43:e3:3c:26:6a:2c:29:e0:ff:ac:61:dd:
                    f9:7e:76:b9:78:ab:5b:f4:6a:12:a1:6b:ab:f0:63:
                    e1:95:21:c5:7a:f1:69:32:b7:2e:2d:e3:77:f6:a1:
                    66:83:ba:0c:49:95:e8:69:3c:15:d7:a1:fd:f2:80:
                    b9:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:9E:BF:6C:22:5E:41:91:E8:7E:CF:68:22:D3:13:93:C7:A9:CF:20
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214579.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         27:75:3c:49:97:0e:a4:bf:2f:f2:9e:ac:2f:f4:7b:c1:99:7d:
         cd:60:86:02:3d:3b:2e:e4:3b:19:fb:49:17:d7:ce:2e:39:5e:
         12:f5:cc:51:aa:56:ce:c5:4f:cc:11:37:fd:3e:68:06:3d:91:
         e8:9f:02:f1:a9:2c:d2:0e:3f:6a:4d:9d:63:1a:ce:36:e2:1a:
         6d:34:96:24:e6:a9:b4:e1:d7:e6:09:6c:da:d1:19:e2:9c:f2:
         6a:82:02:84:ff:12:53:6f:f9:0f:da:5f:2a:f6:73:33:de:d2:
         0d:f2:77:99:ab:21:c5:ac:6a:44:8c:c9:70:1d:cc:93:ef:c9:
         60:3f:05:76:e0:20:32:63:34:43:ff:ac:cf:5f:7a:22:ec:01:
         f3:26:80:2c:aa:45:56:db:95:8b:f9:c8:80:47:c8:07:5a:b0:
         b7:e1:6b:f1:9b:cb:4a:5c:70:71:02:ac:77:3b:da:34:53:bb:
         be:57:62:95:1e:94:2f:9f:b2:57:2f:69:08:e7:b8:0e:01:c3:
         a4:0b:21:e8:19:55:e2:66:50:fb:58:3c:72:0f:45:ef:09:e6:
         b2:ed:38:b6:f2:24:91:08:37:bb:34:c9:5f:19:47:66:9b:e6:
         b3:71:e8:1d:b8:db:94:38:f4:a3:6e:1f:ed:f1:8e:41:47:5d:
         1a:19:fb:ae
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUedA9LSSZBSg0adkvbqY1XlfTtK8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTExMDMxNTE4MDlaFw0yNjExMDIxNTIzMDlaMDMxMTAvBgNV
BAMTKDgwOUVCRjZDMjI1RTQxOTFFODdFQ0Y2ODIyRDMxMzkzQzdBOUNGMjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAeCGpnBdQe/qEDxV9hPx5CdPe
Mz3Q4Xs7eTUByICpo24fhW7imB3qQSewQS4MUex9xLJ37FJmOO9nHdvaFJDToXwn
R4+r88WRdY6Vt8KEGXsh6qynpEfmgV4CKsyND87sKnumyZyCH7aDH1kr86+1+pD7
TA1iCigRBXdUD3jgg9O65Nrsv/Q7e2r7HDMXde4CYczVKtLQA2LwyFzdp4YHmpaS
+Ke6Q5klE7Kzs7P0AG6wWrPoCX7tYY1pX1YJMO1x7a2jE0PjPCZqLCng/6xh3fl+
drl4q1v0ahKha6vwY+GVIcV68Wkyty4t43f2oWaDugxJlehpPBXXof3ygLmpAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUgJ6/bCJeQZHofs9oItMTk8epzyAwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE0NTc5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjJbg
MA0GCSqGSIb3DQEBCwUAA4IBAQAndTxJlw6kvy/ynqwv9HvBmX3NYIYCPTsu5DsZ
+0kX184uOV4S9cxRqlbOxU/METf9PmgGPZHonwLxqSzSDj9qTZ1jGs424hptNJYk
5qm04dfmCWza0RninPJqggKE/xJTb/kP2l8q9nMz3tIN8neZqyHFrGpEjMlwHcyT
78lgPwV24CAyYzRD/6zPX3oi7AHzJoAsqkVW25WL+ciAR8gHWrC34Wvxm8tKXHBx
Aqx3O9o0U7u+V2KVHpQvn7JXL2kI57gOAcOkCyHoGVXiZlD7WDxyD0XvCeay7Ti2
8iSRCDe7NMlfGUdmm+azcegduNuUOPSjbh/t8Y5BR10aGfuu
-----END CERTIFICATE-----