Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211305.roa
File:                     AS211305.roa (raw, json)
Hash identifier:          NjesqlBmWLAQE2f44tBkYxsKFCUye5fLEniRcu7zkmA=
Subject key identifier:   A9:FD:83:72:09:D1:83:98:ED:70:E1:4F:75:37:FC:E2:9A:38:F6:0F
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6E9D1314EC2957D2E2BB54C0BD98655402AFFD34
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211305.roa
Signing time:             Thu 26 Mar 2026 18:15:43 +0000
ROA not before:           Thu 26 Mar 2026 18:10:43 +0000
ROA not after:            Thu 25 Mar 2027 18:15:43 +0000
asID:                     211305
IP address blocks:        181.214.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 Apr 2026 15:35:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:9d:13:14:ec:29:57:d2:e2:bb:54:c0:bd:98:65:54:02:af:fd:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 26 18:10:43 2026 GMT
            Not After : Mar 25 18:15:43 2027 GMT
        Subject: CN=A9FD837209D18398ED70E14F7537FCE29A38F60F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ed:e4:df:1c:35:52:b8:ed:84:29:86:7f:a9:
                    95:96:5d:b3:c2:47:18:54:ba:09:24:bc:55:9c:af:
                    d2:c8:42:f5:52:a3:6d:ef:d4:63:ac:3d:15:12:a2:
                    2e:ff:6f:d4:f9:b9:52:64:ec:6e:c7:0b:d6:bc:f8:
                    f7:0f:ff:95:80:30:5f:27:13:88:b7:63:14:e3:8a:
                    46:77:fc:42:5b:42:f8:d2:27:29:8c:f9:33:f3:9c:
                    81:91:c9:00:44:47:bc:15:c3:6c:b8:7c:56:56:01:
                    3d:73:01:e9:54:b2:9d:27:07:42:78:a8:db:cd:db:
                    34:07:43:33:2b:f2:cb:b8:f2:2a:0e:9e:90:7b:d9:
                    4d:9d:d4:3d:37:dc:0a:98:1b:4b:c7:02:75:b8:ea:
                    77:f2:9c:cd:68:4e:86:b7:d9:de:ac:d0:ce:cd:36:
                    b4:df:5b:a5:7c:e6:ea:3b:38:53:41:af:c5:8b:94:
                    62:1d:56:82:e8:31:0b:3c:fc:b4:03:7a:27:36:c3:
                    64:7f:77:65:24:68:ce:e0:75:11:0a:d3:bd:cc:53:
                    cc:76:70:4c:9c:25:8c:4a:29:1f:2c:38:0e:20:bb:
                    6f:05:57:14:fc:3c:7b:63:6c:2d:cd:49:af:ac:72:
                    36:53:1e:f8:76:2e:f0:cc:b7:94:20:ef:2b:93:d6:
                    4d:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:FD:83:72:09:D1:83:98:ED:70:E1:4F:75:37:FC:E2:9A:38:F6:0F
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211305.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:12:bc:ee:be:7e:8f:0d:a3:8f:99:4a:97:95:ca:67:25:59:
         af:c6:6e:8a:a6:6c:de:5a:f1:0e:c8:8f:ac:0c:0f:c9:46:82:
         fe:f7:7c:66:17:4f:82:bc:39:17:47:c8:02:ed:bf:b0:c9:3e:
         2e:85:c8:f4:19:d1:12:7c:09:19:d0:7c:ae:aa:7f:ca:5f:9b:
         ee:d6:1a:6a:1f:9d:17:c3:f2:74:ef:69:c8:e2:9b:fa:96:cb:
         a7:b1:be:39:4d:d9:b7:5e:ef:2d:c8:80:69:f2:09:a2:65:52:
         c0:c1:fa:ef:46:c6:a2:4d:15:3d:0a:bd:6c:cb:ad:18:c0:36:
         4d:db:04:ba:4c:a9:1a:bd:52:50:86:5a:81:0f:30:7c:cc:5d:
         e9:28:ac:70:e4:f9:d9:15:7b:6c:4a:e1:a5:ad:b3:85:92:b7:
         97:76:d9:d9:63:7b:d4:95:2f:d4:50:3c:3a:bf:ac:46:83:87:
         31:39:d2:a3:21:e1:2f:45:d4:09:9a:26:05:bc:9e:6a:eb:fc:
         87:fa:79:3f:1d:ca:8a:4d:75:80:29:e5:1d:d2:70:24:0d:9f:
         ed:6b:bd:38:2a:1b:bb:fa:0d:ba:17:75:57:23:db:5f:e5:9f:
         a7:bd:74:c6:02:b1:0f:7c:85:d8:ce:6b:ae:eb:75:cc:1e:d8:
         76:33:80:ac
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUbp0TFOwpV9Liu1TAvZhlVAKv/TQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAzMjYxODEwNDNaFw0yNzAzMjUxODE1NDNaMDMxMTAvBgNV
BAMTKEE5RkQ4MzcyMDlEMTgzOThFRDcwRTE0Rjc1MzdGQ0UyOUEzOEY2MEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt7eTfHDVSuO2EKYZ/qZWWXbPC
RxhUugkkvFWcr9LIQvVSo23v1GOsPRUSoi7/b9T5uVJk7G7HC9a8+PcP/5WAMF8n
E4i3YxTjikZ3/EJbQvjSJymM+TPznIGRyQBER7wVw2y4fFZWAT1zAelUsp0nB0J4
qNvN2zQHQzMr8su48ioOnpB72U2d1D033AqYG0vHAnW46nfynM1oToa32d6s0M7N
NrTfW6V85uo7OFNBr8WLlGIdVoLoMQs8/LQDeic2w2R/d2UkaM7gdREK073MU8x2
cEycJYxKKR8sOA4gu28FVxT8PHtjbC3NSa+scjZTHvh2LvDMt5Qg7yuT1k2DAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUqf2DcgnRg5jtcOFPdTf84po49g8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjExMzA1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdYO
MA0GCSqGSIb3DQEBCwUAA4IBAQBlErzuvn6PDaOPmUqXlcpnJVmvxm6KpmzeWvEO
yI+sDA/JRoL+93xmF0+CvDkXR8gC7b+wyT4uhcj0GdESfAkZ0Hyuqn/KX5vu1hpq
H50Xw/J072nI4pv6lsunsb45Tdm3Xu8tyIBp8gmiZVLAwfrvRsaiTRU9Cr1sy60Y
wDZN2wS6TKkavVJQhlqBDzB8zF3pKKxw5PnZFXtsSuGlrbOFkreXdtnZY3vUlS/U
UDw6v6xGg4cxOdKjIeEvRdQJmiYFvJ5q6/yH+nk/HcqKTXWAKeUd0nAkDZ/ta704
Khu7+g26F3VXI9tf5Z+nvXTGArEPfIXYzmuu63XMHth2M4Cs
-----END CERTIFICATE-----