Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214266.roa
File:                     AS214266.roa (raw, json)
Hash identifier:          EReISxrQu+VHTfRCy6+d3tdhTEpWY7SNazY8Wo7nGAA=
Subject key identifier:   FF:FB:B6:F7:22:12:88:78:F5:19:6E:7A:55:BC:15:6A:B7:28:AC:3B
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       134CAAAAAE33C15DD208CFBBAC8EBA226141D5AE
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214266.roa
Signing time:             Thu 11 Jun 2026 07:48:49 +0000
ROA not before:           Thu 11 Jun 2026 07:43:49 +0000
ROA not after:            Thu 10 Jun 2027 07:48:49 +0000
asID:                     214266
IP address blocks:        2a09:4b40::/29 maxlen: 48
                          2a0b:3700::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:4c:aa:aa:ae:33:c1:5d:d2:08:cf:bb:ac:8e:ba:22:61:41:d5:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 11 07:43:49 2026 GMT
            Not After : Jun 10 07:48:49 2027 GMT
        Subject: CN=FFFBB6F722128878F5196E7A55BC156AB728AC3B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e1:7c:11:06:d5:04:94:82:41:3c:f3:3d:46:
                    05:5b:de:9d:90:72:ab:96:49:85:05:f2:72:9e:e4:
                    2f:ce:6d:71:a7:73:6e:88:d2:86:6b:71:f8:d7:9a:
                    81:20:19:52:20:71:46:53:60:0d:ce:52:67:20:bb:
                    93:06:c9:e3:15:40:6c:c1:58:50:89:15:c2:9f:e2:
                    98:ec:24:0c:89:20:da:74:13:1f:74:06:d4:f9:bd:
                    a3:05:61:45:b9:fc:7c:93:f3:0a:41:9e:79:38:52:
                    55:7c:27:85:65:f9:34:5f:ce:a3:00:8a:94:00:3e:
                    74:7f:33:d1:d3:60:c5:58:c1:f0:e8:22:e8:88:ee:
                    88:57:70:f7:c5:70:71:5f:bb:49:cb:fa:41:c6:1d:
                    f9:5c:26:c1:57:71:e6:39:0b:2a:bf:57:f8:72:76:
                    a2:e3:5b:83:a6:0c:0e:fe:0c:29:04:40:43:7a:8c:
                    e8:00:17:eb:00:3e:83:45:8d:f4:48:46:a0:9e:cf:
                    95:33:dc:11:14:1c:c5:f1:41:b7:aa:e8:68:b0:dd:
                    23:6b:b8:c1:39:3a:74:79:df:c0:b0:e1:52:bb:aa:
                    65:cb:8f:ba:ef:43:bd:a4:0c:b5:07:b8:5f:61:21:
                    52:24:ea:ed:df:9a:b4:92:ed:f8:81:0a:24:51:81:
                    28:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:FB:B6:F7:22:12:88:78:F5:19:6E:7A:55:BC:15:6A:B7:28:AC:3B
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214266.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:4b40::/29
                  2a0b:3700::/29

    Signature Algorithm: sha256WithRSAEncryption
         62:7a:71:49:e1:e0:7d:fd:51:4e:2b:c6:d7:40:bc:bc:c7:1f:
         04:32:f0:55:5e:22:45:b2:be:91:ab:74:b4:2f:91:68:e8:f5:
         7a:0b:ef:d2:0c:a4:5b:9d:40:45:d8:b8:68:9a:ca:cc:ab:8c:
         cf:7c:b2:d8:24:9e:f0:33:e9:33:1a:69:a8:fe:9b:0c:27:da:
         7a:7d:98:06:f1:4a:47:51:b3:24:a2:3b:bc:10:49:bd:75:03:
         f6:0e:01:da:fa:00:49:a1:81:2a:5d:80:b8:36:a7:19:81:72:
         05:dc:ba:70:a4:c5:71:ba:ed:3f:86:e9:5d:08:fa:fe:f7:0a:
         44:d2:84:e6:71:1f:6d:2d:38:16:7a:87:56:1e:f2:f6:3d:94:
         a2:16:07:11:a1:6c:41:59:59:b3:2e:c2:1f:f0:c7:d4:ef:29:
         98:a8:0d:5b:81:cf:eb:a3:31:91:de:f9:39:4f:78:de:0d:96:
         26:aa:9b:c6:48:65:62:0c:d8:7b:f5:66:96:5c:55:1a:e7:06:
         13:41:74:8c:74:96:06:89:11:32:10:a5:0c:14:ef:40:87:14:
         48:63:12:cd:f2:fe:b7:5e:19:00:2a:6d:a5:81:f0:38:58:79:
         7b:b1:0c:d1:0e:12:03:5d:06:2d:d8:dc:3d:98:20:3a:3c:62:
         df:3e:c8:c3
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgIUE0yqqq4zwV3SCM+7rI66ImFB1a4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA2MTEwNzQzNDlaFw0yNzA2MTAwNzQ4NDlaMDMxMTAvBgNV
BAMTKEZGRkJCNkY3MjIxMjg4NzhGNTE5NkU3QTU1QkMxNTZBQjcyOEFDM0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC04XwRBtUElIJBPPM9RgVb3p2Q
cquWSYUF8nKe5C/ObXGnc26I0oZrcfjXmoEgGVIgcUZTYA3OUmcgu5MGyeMVQGzB
WFCJFcKf4pjsJAyJINp0Ex90BtT5vaMFYUW5/HyT8wpBnnk4UlV8J4Vl+TRfzqMA
ipQAPnR/M9HTYMVYwfDoIuiI7ohXcPfFcHFfu0nL+kHGHflcJsFXceY5Cyq/V/hy
dqLjW4OmDA7+DCkEQEN6jOgAF+sAPoNFjfRIRqCez5Uz3BEUHMXxQbeq6Giw3SNr
uME5OnR538Cw4VK7qmXLj7rvQ72kDLUHuF9hIVIk6u3fmrSS7fiBCiRRgSgVAgMB
AAGjggISMIICDjAdBgNVHQ4EFgQU//u29yISiHj1GW56VbwVarcorDswHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE0MjY2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKglL
QAMFAyoLNwAwDQYJKoZIhvcNAQELBQADggEBAGJ6cUnh4H39UU4rxtdAvLzHHwQy
8FVeIkWyvpGrdLQvkWjo9XoL79IMpFudQEXYuGiaysyrjM98stgknvAz6TMaaaj+
mwwn2np9mAbxSkdRsySiO7wQSb11A/YOAdr6AEmhgSpdgLg2pxmBcgXcunCkxXG6
7T+G6V0I+v73CkTShOZxH20tOBZ6h1Ye8vY9lKIWBxGhbEFZWbMuwh/wx9TvKZio
DVuBz+ujMZHe+TlPeN4Nliaqm8ZIZWIM2Hv1ZpZcVRrnBhNBdIx0lgaJETIQpQwU
70CHFEhjEs3y/rdeGQAqbaWB8DhYeXuxDNEOEgNdBi3Y3D2YIDo8Yt8+yMM=
-----END CERTIFICATE-----