Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214432.roa
File:                     AS214432.roa (raw, json)
Hash identifier:          9oaGNCqvF3m5CJIcrp3nvJUepka/W91RarX8/J9R9oU=
Subject key identifier:   9C:DB:FC:3D:CE:C6:45:21:AD:91:E4:4A:13:9F:97:E4:09:B8:2E:73
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6A91284FFE4E5CD7E8B2E9AEBFFB0CF6E75E1D84
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214432.roa
Signing time:             Wed 25 Feb 2026 07:57:56 +0000
ROA not before:           Wed 25 Feb 2026 07:52:56 +0000
ROA not after:            Wed 24 Feb 2027 07:57:56 +0000
asID:                     214432
IP address blocks:        5.182.110.0/24 maxlen: 24
                          92.242.184.0/24 maxlen: 24
                          191.101.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:91:28:4f:fe:4e:5c:d7:e8:b2:e9:ae:bf:fb:0c:f6:e7:5e:1d:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb 25 07:52:56 2026 GMT
            Not After : Feb 24 07:57:56 2027 GMT
        Subject: CN=9CDBFC3DCEC64521AD91E44A139F97E409B82E73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:58:d2:22:c1:14:b7:32:11:11:73:b2:e2:95:
                    05:f1:90:10:e0:61:40:ec:d6:b3:96:46:67:cc:49:
                    48:7c:30:33:e7:a6:0c:77:28:5c:33:96:63:ed:01:
                    48:c2:42:cf:da:3c:de:08:ec:25:5c:c2:e6:06:dc:
                    cf:e2:d4:8c:02:44:52:c8:48:80:57:a3:f8:67:c5:
                    45:92:2a:10:6e:f8:6b:e5:4a:4e:39:8d:e4:80:9c:
                    ca:a5:b9:39:e3:55:34:87:9b:bb:80:0a:15:44:04:
                    c8:bc:7d:e1:82:f0:6d:11:53:98:39:d7:78:44:1f:
                    08:ce:24:dc:c2:08:88:e2:32:0d:cc:6d:e7:f8:b0:
                    25:8a:18:bf:ec:2a:7c:06:d2:5a:e2:97:78:00:3d:
                    da:71:41:b4:0b:91:c7:27:a4:12:c9:cc:91:1e:72:
                    d6:0c:40:5a:d1:bc:6f:c1:27:bf:37:7f:11:15:70:
                    ba:00:a6:50:61:37:b3:d6:f5:c4:cc:ca:56:77:18:
                    80:be:49:7d:1a:57:d0:9d:a1:e9:e3:0e:9c:b3:0e:
                    10:f8:ae:99:1e:ec:b0:9b:ed:6c:5f:10:e9:31:a0:
                    82:9e:6c:05:f6:c5:7d:0f:52:81:14:35:fc:78:25:
                    6a:7b:b0:ac:8e:41:a8:e8:bc:5b:0c:63:0a:d7:62:
                    98:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:DB:FC:3D:CE:C6:45:21:AD:91:E4:4A:13:9F:97:E4:09:B8:2E:73
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.110.0/24
                  92.242.184.0/24
                  191.101.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:30:9a:d4:b4:56:7f:dd:0e:dd:c0:c2:6b:32:73:e1:67:1b:
         ea:c7:c9:58:3c:dc:23:1e:7c:09:74:b0:cc:47:c9:9e:41:26:
         92:46:c9:23:d4:be:5f:73:77:bf:82:08:b6:d5:d3:e2:b6:20:
         7f:da:43:4f:b0:cc:03:b1:c4:bf:24:f1:6c:fc:d3:6b:2b:81:
         45:f5:14:e4:b6:ff:19:8a:73:0a:d8:85:39:0e:9b:a8:96:15:
         6d:e2:49:4f:94:7d:f6:24:f2:61:a4:14:c2:c3:0c:e9:30:94:
         cb:3c:43:54:89:45:9a:dc:0d:44:a0:59:9b:09:6a:5b:eb:b8:
         71:a6:09:cd:00:aa:7c:5b:21:be:c3:10:cb:51:4b:70:0d:65:
         e6:22:34:2f:ee:cb:74:7b:22:aa:24:bc:1c:fc:29:b0:00:9e:
         9c:7b:96:59:fe:9e:2b:a0:3a:0c:09:44:c0:a4:7a:97:f4:bc:
         9d:88:d2:98:d8:08:10:93:3e:3d:53:54:22:7a:5e:1a:91:33:
         ae:13:ac:32:59:d4:6d:e0:60:09:87:95:ec:8f:15:50:0a:de:
         7f:87:7f:29:97:4f:4a:30:c3:11:28:e8:8e:d6:71:d0:6f:1a:
         0e:bd:93:de:62:84:0d:fe:2b:c4:50:e9:6c:dc:6f:1a:b4:eb:
         4c:ee:5a:64
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUapEoT/5OXNfosumuv/sM9udeHYQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAyMjUwNzUyNTZaFw0yNzAyMjQwNzU3NTZaMDMxMTAvBgNV
BAMTKDlDREJGQzNEQ0VDNjQ1MjFBRDkxRTQ0QTEzOUY5N0U0MDlCODJFNzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvWNIiwRS3MhERc7LilQXxkBDg
YUDs1rOWRmfMSUh8MDPnpgx3KFwzlmPtAUjCQs/aPN4I7CVcwuYG3M/i1IwCRFLI
SIBXo/hnxUWSKhBu+GvlSk45jeSAnMqluTnjVTSHm7uAChVEBMi8feGC8G0RU5g5
13hEHwjOJNzCCIjiMg3Mbef4sCWKGL/sKnwG0lril3gAPdpxQbQLkccnpBLJzJEe
ctYMQFrRvG/BJ783fxEVcLoAplBhN7PW9cTMylZ3GIC+SX0aV9CdoenjDpyzDhD4
rpke7LCb7WxfEOkxoIKebAX2xX0PUoEUNfx4JWp7sKyOQajovFsMYwrXYpg/AgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUnNv8Pc7GRSGtkeRKE5+X5Am4LnMwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE0NDMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABbZu
AwQAXPK4AwQAv2U/MA0GCSqGSIb3DQEBCwUAA4IBAQAdMJrUtFZ/3Q7dwMJrMnPh
Zxvqx8lYPNwjHnwJdLDMR8meQSaSRskj1L5fc3e/ggi21dPitiB/2kNPsMwDscS/
JPFs/NNrK4FF9RTktv8ZinMK2IU5DpuolhVt4klPlH32JPJhpBTCwwzpMJTLPENU
iUWa3A1EoFmbCWpb67hxpgnNAKp8WyG+wxDLUUtwDWXmIjQv7st0eyKqJLwc/Cmw
AJ6ce5ZZ/p4roDoMCUTApHqX9LydiNKY2AgQkz49U1Qiel4akTOuE6wyWdRt4GAJ
h5XsjxVQCt5/h38pl09KMMMRKOiO1nHQbxoOvZPeYoQN/ivEUOls3G8atOtM7lpk
-----END CERTIFICATE-----