Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214432.roa
File:                     AS214432.roa (raw, json)
Hash identifier:          x8/evtWXrNVsWvdKne/As/tx4NxyBbEnIzjKRShu4OE=
Subject key identifier:   03:BB:94:96:78:28:49:24:10:D8:D9:83:57:B5:72:B6:18:DF:29:DB
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       0F02E149DA2AF30245BE2C21579DDD0439C54738
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214432.roa
Signing time:             Thu 02 Apr 2026 07:53:26 +0000
ROA not before:           Thu 02 Apr 2026 07:48:26 +0000
ROA not after:            Thu 01 Apr 2027 07:53:26 +0000
asID:                     214432
IP address blocks:        5.182.110.0/24 maxlen: 24
                          191.101.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:02:e1:49:da:2a:f3:02:45:be:2c:21:57:9d:dd:04:39:c5:47:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr  2 07:48:26 2026 GMT
            Not After : Apr  1 07:53:26 2027 GMT
        Subject: CN=03BB94967828492410D8D98357B572B618DF29DB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a6:da:eb:e3:dc:11:d9:0e:07:07:1a:ab:ce:
                    f4:df:92:cd:74:db:65:aa:6d:23:d5:ab:b4:bc:51:
                    01:bd:ba:c5:6d:50:86:c2:e4:4d:85:ab:fc:db:5f:
                    d1:b0:b2:18:69:47:6f:7c:7b:73:d7:5b:4a:b6:5f:
                    01:a1:2f:98:1b:51:45:55:94:57:9f:76:5a:cd:f5:
                    bd:f7:e8:d6:05:ef:9b:e1:f2:b1:e3:2e:4f:d9:22:
                    a1:08:a0:2d:e9:a2:f7:5e:c4:29:a7:81:a0:ec:61:
                    f3:70:77:6c:dd:b9:5f:e4:da:0c:b5:41:17:53:35:
                    4a:66:96:88:60:85:a5:1d:07:b5:52:ce:87:4b:95:
                    f8:00:a2:1b:4f:f8:48:ed:d6:9e:e1:b1:f6:50:09:
                    01:e6:be:a6:73:18:0f:85:9a:12:1c:01:67:e2:59:
                    18:a5:17:5b:b2:2c:96:e9:8a:a8:a3:cf:2a:14:d6:
                    9a:e9:43:c2:5a:6b:ad:7a:19:a6:cf:ff:7c:87:b6:
                    42:d0:0b:4f:9d:e1:9b:bb:92:d0:1a:a1:27:ef:5d:
                    42:01:71:02:2e:2d:9a:ac:61:4f:2e:fb:b8:a0:c6:
                    a7:80:bb:2b:de:56:5c:40:81:e9:39:f3:d7:65:a7:
                    fa:37:04:6b:ad:e5:39:82:b1:c4:b0:25:56:f8:d5:
                    a8:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:BB:94:96:78:28:49:24:10:D8:D9:83:57:B5:72:B6:18:DF:29:DB
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.110.0/24
                  191.101.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:fa:f7:87:f1:21:6b:47:51:25:da:4f:44:0f:65:84:15:d3:
         e3:dd:ce:4e:5f:75:b2:92:ad:1e:e0:bc:b9:8e:dc:62:cc:57:
         46:98:11:48:ed:1f:88:50:1d:6e:cf:c5:7f:1a:96:56:a7:8b:
         52:cb:78:96:95:2f:af:54:df:2f:cb:c5:05:8a:8a:1f:cc:ce:
         fe:62:f3:6b:95:1a:8a:56:79:e4:6b:ee:d4:ef:6f:45:ff:bb:
         82:38:7b:68:8f:25:45:9f:3d:11:c2:6b:18:0d:9f:7a:74:3c:
         33:25:21:de:7f:4d:61:76:24:60:bf:77:d5:95:1b:82:ad:1f:
         e7:54:d5:ac:fc:e4:00:2e:45:75:10:71:c7:60:3d:b7:2e:28:
         06:1c:c9:70:d1:29:92:60:9c:0c:1f:8d:a7:13:f8:cc:83:34:
         41:3a:99:d9:30:ff:e3:76:65:a4:8c:5c:fd:65:12:37:71:4c:
         b8:54:93:5b:17:25:e6:e8:92:91:a9:1d:1e:81:f2:0a:f0:5a:
         4d:a9:2a:f3:74:99:38:df:c0:55:73:e6:49:2d:88:76:02:8e:
         bb:ed:93:f8:2b:ed:4e:0e:4f:14:27:4c:30:59:30:5e:f9:67:
         65:60:d2:60:da:55:8d:68:77:d5:25:86:be:23:eb:40:66:37:
         90:0e:7e:56
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUDwLhSdoq8wJFviwhV53dBDnFRzgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA0MDIwNzQ4MjZaFw0yNzA0MDEwNzUzMjZaMDMxMTAvBgNV
BAMTKDAzQkI5NDk2NzgyODQ5MjQxMEQ4RDk4MzU3QjU3MkI2MThERjI5REIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/ptrr49wR2Q4HBxqrzvTfks10
22WqbSPVq7S8UQG9usVtUIbC5E2Fq/zbX9GwshhpR298e3PXW0q2XwGhL5gbUUVV
lFefdlrN9b336NYF75vh8rHjLk/ZIqEIoC3povdexCmngaDsYfNwd2zduV/k2gy1
QRdTNUpmlohghaUdB7VSzodLlfgAohtP+Ejt1p7hsfZQCQHmvqZzGA+FmhIcAWfi
WRilF1uyLJbpiqijzyoU1prpQ8Jaa616GabP/3yHtkLQC0+d4Zu7ktAaoSfvXUIB
cQIuLZqsYU8u+7igxqeAuyveVlxAgek589dlp/o3BGut5TmCscSwJVb41aglAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUA7uUlngoSSQQ2NmDV7VythjfKdswHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE0NDMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABbZu
AwQAv2U/MA0GCSqGSIb3DQEBCwUAA4IBAQBN+veH8SFrR1El2k9ED2WEFdPj3c5O
X3Wykq0e4Ly5jtxizFdGmBFI7R+IUB1uz8V/GpZWp4tSy3iWlS+vVN8vy8UFioof
zM7+YvNrlRqKVnnka+7U729F/7uCOHtojyVFnz0RwmsYDZ96dDwzJSHef01hdiRg
v3fVlRuCrR/nVNWs/OQALkV1EHHHYD23LigGHMlw0SmSYJwMH42nE/jMgzRBOpnZ
MP/jdmWkjFz9ZRI3cUy4VJNbFyXm6JKRqR0egfIK8FpNqSrzdJk438BVc+ZJLYh2
Ao677ZP4K+1ODk8UJ0wwWTBe+WdlYNJg2lWNaHfVJYa+I+tAZjeQDn5W
-----END CERTIFICATE-----