Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS214025.roa
File:                     AS214025.roa (raw, json)
Hash identifier:          FogOqjBd/pqOZk2o+FJtKIklp33wwQWO2Dy7T4wwFeA=
Subject key identifier:   F9:82:FF:14:A1:0E:DD:D5:B6:74:80:47:46:8C:7A:69:05:A0:78:FE
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       612B83AD7BA24ED9520E2291F972232F32D7BE1B
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS214025.roa
Signing time:             Mon 23 Feb 2026 09:01:02 +0000
ROA not before:           Mon 23 Feb 2026 08:56:02 +0000
ROA not after:            Mon 22 Feb 2027 09:01:02 +0000
asID:                     214025
IP address blocks:        46.236.192.0/24 maxlen: 24
                          212.60.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:2b:83:ad:7b:a2:4e:d9:52:0e:22:91:f9:72:23:2f:32:d7:be:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Feb 23 08:56:02 2026 GMT
            Not After : Feb 22 09:01:02 2027 GMT
        Subject: CN=F982FF14A10EDDD5B6748047468C7A6905A078FE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:62:e5:f0:3c:f3:df:6a:77:4a:c4:3e:e4:d9:
                    77:01:4e:dd:8e:73:e6:a5:c2:44:5a:f4:8b:2b:49:
                    04:3b:0d:43:9e:4e:61:51:7b:7d:aa:ca:ae:0f:a7:
                    60:b0:79:df:8d:11:77:0d:a6:02:39:53:7c:93:8e:
                    27:db:fa:31:67:77:5e:cb:12:e3:95:96:4a:02:74:
                    48:a5:7c:b6:8c:95:b5:1e:83:b2:e4:9a:55:26:fa:
                    41:79:49:38:b4:43:fe:c2:ee:18:81:27:27:4a:1b:
                    2c:20:7a:66:16:89:e9:95:95:ad:e7:60:3a:61:d3:
                    9a:eb:42:6b:d0:57:1f:ce:75:09:64:ff:9f:cc:5a:
                    f5:c8:43:df:53:c7:32:80:d9:bb:3c:1c:e1:ea:8f:
                    80:82:c8:04:06:23:4e:19:79:dc:bd:9c:a6:ee:6a:
                    f6:66:00:61:13:16:9a:db:4a:f0:bd:d2:e7:bd:8d:
                    77:09:1b:19:92:f1:8c:b4:07:3e:95:f3:02:87:8d:
                    d8:f3:40:e7:fa:f6:4f:5f:5e:ee:f3:4c:a1:20:a3:
                    7b:7a:d8:56:60:ec:f2:43:61:8a:41:f9:07:b8:96:
                    c3:a5:1b:c6:2b:2a:e7:db:c3:11:d1:f3:f7:15:72:
                    41:83:29:e2:8d:47:80:fb:ed:12:f8:6e:51:a5:2c:
                    98:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:82:FF:14:A1:0E:DD:D5:B6:74:80:47:46:8C:7A:69:05:A0:78:FE
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS214025.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.192.0/24
                  212.60.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:66:fd:5f:5e:d1:77:31:62:40:0f:e5:75:2f:7b:93:5c:3f:
         86:62:c2:26:5d:11:25:b7:25:3f:4c:bc:98:b4:43:09:70:a0:
         b6:fc:41:11:8b:4e:cb:ab:2f:fd:01:02:1f:12:a2:98:69:68:
         8d:35:3e:d5:a7:2e:e2:2a:1c:8e:e2:5a:91:09:14:21:78:d1:
         6b:34:25:ef:aa:a3:68:36:1a:dd:cc:4e:8d:cc:ff:d0:e1:1e:
         3c:ff:62:ee:08:66:01:2f:c7:bc:77:eb:e2:dc:a3:0f:5f:dc:
         7a:f8:e1:82:fa:c5:17:ec:93:90:3c:8b:c4:d2:7f:f2:23:93:
         a5:93:99:c0:84:ff:cf:9f:8a:8b:3c:32:0a:80:84:cb:41:81:
         17:6a:4a:ee:26:2f:b0:38:da:0a:00:94:17:ab:09:5c:7b:8b:
         a2:9c:05:0c:66:05:11:c2:b6:37:17:3d:9c:b6:69:c9:ee:d3:
         00:09:56:97:0d:09:14:d8:a7:87:9a:88:5b:4f:ca:ec:23:87:
         8b:53:42:05:08:54:22:4a:88:32:72:43:0b:c7:18:64:64:19:
         e3:57:c8:12:74:96:a0:f7:bb:ca:bc:1c:b2:c0:78:a5:5c:6f:
         48:a8:b8:77:0b:ff:8c:0f:be:c7:bd:00:e9:8f:5c:6a:14:e1:
         be:46:5c:22
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUYSuDrXuiTtlSDiKR+XIjLzLXvhswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNjAyMjMwODU2MDJaFw0yNzAyMjIwOTAxMDJaMDMxMTAvBgNV
BAMTKEY5ODJGRjE0QTEwRURERDVCNjc0ODA0NzQ2OEM3QTY5MDVBMDc4RkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChYuXwPPPfandKxD7k2XcBTt2O
c+alwkRa9IsrSQQ7DUOeTmFRe32qyq4Pp2Cwed+NEXcNpgI5U3yTjifb+jFnd17L
EuOVlkoCdEilfLaMlbUeg7LkmlUm+kF5STi0Q/7C7hiBJydKGywgemYWiemVla3n
YDph05rrQmvQVx/OdQlk/5/MWvXIQ99TxzKA2bs8HOHqj4CCyAQGI04Zedy9nKbu
avZmAGETFprbSvC90ue9jXcJGxmS8Yy0Bz6V8wKHjdjzQOf69k9fXu7zTKEgo3t6
2FZg7PJDYYpB+Qe4lsOlG8YrKufbwxHR8/cVckGDKeKNR4D77RL4blGlLJifAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU+YL/FKEO3dW2dIBHRox6aQWgeP4wHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMjE0MDI1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALuzA
AwQA1DybMA0GCSqGSIb3DQEBCwUAA4IBAQBlZv1fXtF3MWJAD+V1L3uTXD+GYsIm
XREltyU/TLyYtEMJcKC2/EERi07Lqy/9AQIfEqKYaWiNNT7Vpy7iKhyO4lqRCRQh
eNFrNCXvqqNoNhrdzE6NzP/Q4R48/2LuCGYBL8e8d+vi3KMPX9x6+OGC+sUX7JOQ
PIvE0n/yI5Olk5nAhP/Pn4qLPDIKgITLQYEXakruJi+wONoKAJQXqwlce4uinAUM
ZgURwrY3Fz2ctmnJ7tMACVaXDQkU2KeHmohbT8rsI4eLU0IFCFQiSogyckMLxxhk
ZBnjV8gSdJag97vKvByywHilXG9IqLh3C/+MD77HvQDpj1xqFOG+Rlwi
-----END CERTIFICATE-----