Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS214483.roa
File:                     AS214483.roa (raw, json)
Hash identifier:          4KtpSOnc/KWvq+zimWh8U+q+OC78oZRQovYOuN+I9XY=
Subject key identifier:   6A:AB:3C:00:74:58:76:08:24:AD:2C:98:2B:AC:E7:17:94:98:37:E0
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       7629A35A381819FC34C64E839FDB90476888A6E5
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS214483.roa
Signing time:             Wed 15 Apr 2026 00:01:47 +0000
ROA not before:           Tue 14 Apr 2026 23:56:47 +0000
ROA not after:            Wed 14 Apr 2027 00:01:47 +0000
asID:                     214483
IP address blocks:        46.236.204.0/23 maxlen: 24
                          46.236.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 03:57:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:29:a3:5a:38:18:19:fc:34:c6:4e:83:9f:db:90:47:68:88:a6:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Apr 14 23:56:47 2026 GMT
            Not After : Apr 14 00:01:47 2027 GMT
        Subject: CN=6AAB3C007458760824AD2C982BACE717949837E0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:2a:72:cd:21:13:c8:f6:a1:d9:4a:f1:82:c9:
                    ec:71:a8:dc:bf:41:cf:39:dd:cf:e4:7a:19:e1:76:
                    b6:cc:a5:ff:96:85:e7:d6:28:64:fb:e4:c4:d0:98:
                    ab:57:bc:8c:30:bd:81:40:2b:9e:3e:62:76:9d:23:
                    e8:ab:0b:5f:d5:5a:53:61:88:26:ff:e5:56:8b:eb:
                    4e:95:56:13:10:e7:5b:0e:e4:66:76:69:36:60:24:
                    21:c8:fd:0f:5f:8a:f7:f9:99:17:c4:32:d4:a5:0b:
                    bd:f5:fe:1c:20:50:38:af:01:27:06:0a:74:22:05:
                    9e:fd:ab:f4:61:ff:ce:39:2f:89:71:4c:d4:e1:f9:
                    d7:75:42:e0:76:5c:5f:4f:bd:95:c1:71:55:a7:67:
                    e6:fe:69:8c:23:40:ac:b7:f1:ac:28:35:8f:92:1a:
                    74:87:1c:11:a6:2e:4c:05:72:0f:78:10:ef:be:46:
                    34:7e:39:64:ee:65:82:08:6d:a2:6a:83:6d:2f:75:
                    c2:25:0c:91:6d:3f:b1:45:d6:0e:68:93:c2:b8:50:
                    57:cd:52:79:66:05:b1:86:57:4d:f8:2e:03:fc:4e:
                    62:10:c5:c5:f0:45:f8:99:7f:49:31:ff:05:0d:8c:
                    77:39:0e:91:42:20:b2:ea:3a:ed:42:14:ba:79:b4:
                    23:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:AB:3C:00:74:58:76:08:24:AD:2C:98:2B:AC:E7:17:94:98:37:E0
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS214483.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.204.0-46.236.206.255

    Signature Algorithm: sha256WithRSAEncryption
         70:2c:b1:2d:ac:5c:c7:ec:18:08:a2:6d:af:f1:ec:4c:8a:e7:
         53:a8:c9:0a:78:54:76:89:cd:bc:c0:5b:6e:ec:9d:c7:02:b9:
         bd:ab:7d:a5:5a:6a:65:51:40:ee:8e:b8:4b:32:ce:8a:a7:44:
         98:51:a8:d2:4a:19:7b:75:a3:36:a7:7f:69:55:bf:09:7e:2e:
         db:0a:ee:1a:f9:50:43:4e:7e:2d:62:be:f9:a7:c2:77:21:ee:
         0d:c7:9e:67:a6:2e:68:4b:32:bf:55:59:82:a2:f5:39:9a:4e:
         1f:14:c4:fc:db:f6:79:9a:e8:27:a5:ef:51:02:f8:f6:6c:de:
         9b:75:6c:5c:42:f5:19:19:a4:c7:1d:dc:3b:0e:37:dd:78:e1:
         94:3d:8d:cf:35:8b:72:a8:d9:2a:dd:14:20:8b:af:15:48:00:
         50:58:8b:92:ad:7f:56:6c:f5:30:23:5d:2f:91:d7:b8:7c:f3:
         97:fc:57:a9:d5:c5:89:d7:57:77:bf:cd:e5:8b:7b:00:e6:03:
         4c:ce:02:33:03:a4:66:b1:9f:0b:2d:be:2c:2f:d2:5d:57:f9:
         26:ef:44:eb:ff:ec:9b:5a:be:50:0a:a4:d1:9f:d4:47:e2:4c:
         68:62:22:ef:a7:08:f8:4c:08:35:db:46:58:f9:72:97:54:1b:
         71:8b:8b:dc
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgIUdimjWjgYGfw0xk6Dn9uQR2iIpuUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNjA0MTQyMzU2NDdaFw0yNzA0MTQwMDAxNDdaMDMxMTAvBgNV
BAMTKDZBQUIzQzAwNzQ1ODc2MDgyNEFEMkM5ODJCQUNFNzE3OTQ5ODM3RTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqKnLNIRPI9qHZSvGCyexxqNy/
Qc853c/kehnhdrbMpf+WhefWKGT75MTQmKtXvIwwvYFAK54+YnadI+irC1/VWlNh
iCb/5VaL606VVhMQ51sO5GZ2aTZgJCHI/Q9fivf5mRfEMtSlC731/hwgUDivAScG
CnQiBZ79q/Rh/845L4lxTNTh+dd1QuB2XF9PvZXBcVWnZ+b+aYwjQKy38awoNY+S
GnSHHBGmLkwFcg94EO++RjR+OWTuZYIIbaJqg20vdcIlDJFtP7FF1g5ok8K4UFfN
UnlmBbGGV034LgP8TmIQxcXwRfiZf0kx/wUNjHc5DpFCILLqOu1CFLp5tCNvAgMB
AAGjggISMIICDjAdBgNVHQ4EFgQUaqs8AHRYdggkrSyYK6znF5SYN+AwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMjE0NDgzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAIu
7MwDBAAu7M4wDQYJKoZIhvcNAQELBQADggEBAHAssS2sXMfsGAiiba/x7EyK51Oo
yQp4VHaJzbzAW27snccCub2rfaVaamVRQO6OuEsyzoqnRJhRqNJKGXt1ozanf2lV
vwl+LtsK7hr5UENOfi1ivvmnwnch7g3HnmemLmhLMr9VWYKi9TmaTh8UxPzb9nma
6Cel71EC+PZs3pt1bFxC9RkZpMcd3DsON9144ZQ9jc81i3Ko2SrdFCCLrxVIAFBY
i5Ktf1Zs9TAjXS+R17h885f8V6nVxYnXV3e/zeWLewDmA0zOAjMDpGaxnwstviwv
0l1X+SbvROv/7JtavlAKpNGf1EfiTGhiIu+nCPhMCDXbRlj5cpdUG3GLi9w=
-----END CERTIFICATE-----