Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214347.roa
File:                     AS214347.roa (raw, json)
Hash identifier:          sd+QSbgT7pMsQV2QTeEjwR4Jt5ERjXfii3yxvqccF50=
Subject key identifier:   B8:E1:D2:3B:67:67:39:F3:BC:8C:9B:A6:A6:D1:54:7C:06:9C:3E:42
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6C199A63E1DFD1E8BFF57829661249D32CA49B64
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214347.roa
Signing time:             Thu 12 Feb 2026 03:21:22 +0000
ROA not before:           Thu 12 Feb 2026 03:16:22 +0000
ROA not after:            Thu 11 Feb 2027 03:21:22 +0000
asID:                     214347
IP address blocks:        191.96.91.0/24 maxlen: 24
                          191.96.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 01:06:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:19:9a:63:e1:df:d1:e8:bf:f5:78:29:66:12:49:d3:2c:a4:9b:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb 12 03:16:22 2026 GMT
            Not After : Feb 11 03:21:22 2027 GMT
        Subject: CN=B8E1D23B676739F3BC8C9BA6A6D1547C069C3E42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:59:c1:7e:cb:b5:b5:9e:5b:8a:45:ca:01:01:
                    8f:d2:0a:e3:ac:7d:e8:e9:f3:12:33:e3:ae:72:fd:
                    6b:08:62:b5:b4:7e:73:78:07:b8:b2:33:13:80:de:
                    13:bc:86:41:a8:2b:79:cb:87:42:60:89:58:86:4d:
                    6a:77:72:7a:73:3f:a6:18:40:1e:a4:f7:62:3d:5c:
                    24:0a:d2:93:c5:73:88:e7:e8:ce:db:7c:a5:10:d5:
                    f1:f4:41:05:68:08:1c:76:8a:3f:43:0d:cc:63:11:
                    6e:c6:7a:f0:8d:14:18:be:57:c9:76:00:93:de:f5:
                    76:dd:96:11:2f:8c:3d:db:19:d5:aa:13:b7:c4:c5:
                    72:62:be:06:54:91:9e:2c:ac:62:fd:a5:17:87:fd:
                    0b:15:72:ce:7f:7e:1f:c9:0d:5d:01:77:ca:a0:94:
                    1a:7c:fa:db:fe:ee:f7:a0:de:49:54:c5:a8:06:6a:
                    7c:18:cf:93:20:22:c8:94:57:03:fc:53:2f:50:88:
                    31:e5:ab:28:fe:60:ff:ac:8d:2b:ab:ee:f0:67:d4:
                    ed:25:46:2d:a5:a8:e0:bd:77:40:ca:07:e0:1b:3c:
                    4f:3b:ce:65:65:3d:3b:b9:ad:7c:14:e1:d6:da:66:
                    03:0c:51:90:c2:c3:88:c4:b6:5b:9e:74:db:0f:79:
                    fc:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:E1:D2:3B:67:67:39:F3:BC:8C:9B:A6:A6:D1:54:7C:06:9C:3E:42
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214347.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.91.0-191.96.92.255

    Signature Algorithm: sha256WithRSAEncryption
         7b:78:55:47:45:3c:87:a0:ac:18:3d:0a:95:f1:ae:52:a1:76:
         c7:d8:7f:da:e2:a1:5b:90:bd:9a:ae:8d:f0:55:db:8e:04:a6:
         f0:bb:66:ff:45:d1:8b:17:c8:4d:d2:4d:0f:04:36:d4:08:50:
         52:fc:15:75:5d:d9:64:ac:ab:65:44:89:91:a7:df:89:5f:2c:
         25:a7:eb:64:3e:5f:69:95:20:fb:6f:fe:1d:bb:54:a1:8c:bc:
         d0:f2:8a:8c:e9:c3:56:a3:8a:a7:12:76:d3:dc:18:2d:2b:42:
         63:70:4f:56:af:fc:c3:68:45:6d:01:bd:ce:9d:4c:ca:ea:c2:
         c4:05:24:5a:d8:9c:a4:0c:84:37:ef:4a:c4:5b:40:28:50:b0:
         73:55:7d:2f:03:8d:66:d6:4c:af:d6:3f:81:0c:00:61:24:eb:
         77:dd:13:7c:e5:f8:ca:80:7f:e5:e7:b4:c6:8e:87:92:1e:d6:
         95:ea:f8:0a:5f:97:89:12:74:2c:d4:6c:e3:fd:f6:60:4b:17:
         50:c0:73:32:00:17:7c:66:f6:57:9f:ae:5a:06:f2:0e:39:32:
         16:51:a9:e5:7c:8e:49:d0:19:8a:97:0c:c9:62:5b:df:c9:e9:
         4e:40:15:b3:2a:d5:2d:85:98:2d:31:cf:a5:b1:fa:f2:09:59:
         c5:e4:60:14
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgIUbBmaY+Hf0ei/9XgpZhJJ0yykm2QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAyMTIwMzE2MjJaFw0yNzAyMTEwMzIxMjJaMDMxMTAvBgNV
BAMTKEI4RTFEMjNCNjc2NzM5RjNCQzhDOUJBNkE2RDE1NDdDMDY5QzNFNDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxWcF+y7W1nluKRcoBAY/SCuOs
fejp8xIz465y/WsIYrW0fnN4B7iyMxOA3hO8hkGoK3nLh0JgiViGTWp3cnpzP6YY
QB6k92I9XCQK0pPFc4jn6M7bfKUQ1fH0QQVoCBx2ij9DDcxjEW7GevCNFBi+V8l2
AJPe9XbdlhEvjD3bGdWqE7fExXJivgZUkZ4srGL9pReH/QsVcs5/fh/JDV0Bd8qg
lBp8+tv+7veg3klUxagGanwYz5MgIsiUVwP8Uy9QiDHlqyj+YP+sjSur7vBn1O0l
Ri2lqOC9d0DKB+AbPE87zmVlPTu5rXwU4dbaZgMMUZDCw4jEtluedNsPefyBAgMB
AAGjggISMIICDjAdBgNVHQ4EFgQUuOHSO2dnOfO8jJumptFUfAacPkIwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE0MzQ3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC/
YFsDBAC/YFwwDQYJKoZIhvcNAQELBQADggEBAHt4VUdFPIegrBg9CpXxrlKhdsfY
f9rioVuQvZqujfBV244EpvC7Zv9F0YsXyE3STQ8ENtQIUFL8FXVd2WSsq2VEiZGn
34lfLCWn62Q+X2mVIPtv/h27VKGMvNDyiozpw1ajiqcSdtPcGC0rQmNwT1av/MNo
RW0Bvc6dTMrqwsQFJFrYnKQMhDfvSsRbQChQsHNVfS8DjWbWTK/WP4EMAGEk63fd
E3zl+MqAf+XntMaOh5Ie1pXq+Apfl4kSdCzUbOP99mBLF1DAczIAF3xm9lefrloG
8g45MhZRqeV8jknQGYqXDMliW9/J6U5AFbMq1S2FmC0xz6Wx+vIJWcXkYBQ=
-----END CERTIFICATE-----