Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214083.roa
File:                     AS214083.roa (raw, json)
Hash identifier:          0HJdNflA44pscOUpk3gR1hFay4k8Mc0NXyLXJ5UOEYk=
Subject key identifier:   2F:A7:1D:D4:D9:5A:23:AB:4D:7B:ED:07:75:35:91:F1:0C:A2:12:B1
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       7A3A18E82DCEC11A95E880103CA8453A9BFA1CB1
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214083.roa
Signing time:             Tue 02 Jun 2026 14:45:47 +0000
ROA not before:           Tue 02 Jun 2026 14:40:47 +0000
ROA not after:            Tue 01 Jun 2027 14:45:47 +0000
asID:                     214083
IP address blocks:        82.47.158.0/24 maxlen: 24
                          2a13:9500:42::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 15:07:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:3a:18:e8:2d:ce:c1:1a:95:e8:80:10:3c:a8:45:3a:9b:fa:1c:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  2 14:40:47 2026 GMT
            Not After : Jun  1 14:45:47 2027 GMT
        Subject: CN=2FA71DD4D95A23AB4D7BED07753591F10CA212B1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:a8:c8:ac:0b:e0:ec:cf:05:d9:be:fc:82:ca:
                    dc:04:43:18:d1:b7:3d:09:fb:43:21:ac:e7:60:c1:
                    55:83:c1:3b:de:22:79:73:1c:f7:3a:d3:73:a3:e3:
                    52:29:b8:0e:1e:e7:af:38:60:8c:70:63:d7:b9:da:
                    aa:f1:fb:aa:61:07:b1:8d:24:da:77:7f:97:dc:9e:
                    67:f1:28:bf:0b:cb:b5:ca:db:01:1f:f1:d2:31:c6:
                    8b:a2:3c:f0:bd:92:a6:89:d2:90:e2:0f:a8:ec:91:
                    bc:1d:e9:ac:28:5a:cd:2f:1f:17:de:b7:5b:1f:48:
                    20:0f:df:de:7b:6a:1b:12:79:32:10:0b:cb:02:d5:
                    bb:78:96:d9:bf:84:f8:33:2c:a3:51:e2:99:fe:62:
                    0d:c5:d7:63:f6:18:45:18:ba:98:9c:f4:cf:06:57:
                    78:45:8f:9d:c5:09:b5:87:8b:b2:7c:12:54:05:6a:
                    e9:3c:35:e9:11:01:91:70:29:f5:3c:81:ae:10:3f:
                    34:ac:d0:af:63:94:31:02:de:c7:6e:f9:29:10:85:
                    bf:d2:5b:d0:7c:c4:0d:c5:13:af:b4:4c:ee:7a:b8:
                    4a:37:f9:41:08:75:5f:4f:b0:00:46:7a:e3:19:ad:
                    9b:14:8f:57:7f:49:83:a7:3f:71:9f:9c:74:b2:85:
                    a7:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:A7:1D:D4:D9:5A:23:AB:4D:7B:ED:07:75:35:91:F1:0C:A2:12:B1
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214083.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.47.158.0/24
                IPv6:
                  2a13:9500:42::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:1c:db:49:38:bf:ca:04:f6:45:ef:fb:70:cc:d6:28:b4:51:
         2c:8f:61:4e:cf:24:50:db:07:af:b1:81:75:1c:6c:6a:3b:d7:
         2b:d2:26:dc:ca:70:fe:df:fa:d2:31:45:6a:16:c3:6b:b5:9e:
         ae:6f:b3:da:8f:12:fe:c8:e9:5f:55:7a:b7:37:46:00:bc:60:
         ed:d1:fb:3d:29:78:34:dc:61:e8:99:0d:49:ba:0e:cd:7f:92:
         78:d0:38:21:b4:b5:95:93:ab:6d:c7:8b:27:3b:7b:d5:9e:28:
         85:65:bb:80:3e:94:60:27:08:4c:29:88:1f:b5:6f:e6:9a:bb:
         fb:a1:74:03:09:ad:df:6d:c1:27:1e:97:eb:8f:45:65:d1:25:
         cd:a6:f5:13:a7:98:d6:53:ca:41:78:20:c7:d1:af:4e:a1:6d:
         53:07:12:e3:92:ce:24:15:a5:4b:1e:a5:de:07:2d:ce:da:7b:
         67:34:60:34:24:5d:b2:c7:75:3d:b8:86:53:2c:d5:86:d1:70:
         f1:69:8a:58:78:42:88:d5:cb:e9:6d:8e:68:82:92:54:28:e9:
         e1:18:87:52:40:95:f8:80:ad:80:8a:fe:84:c3:b3:58:71:66:
         64:86:0e:89:6e:df:d6:0c:09:d0:b8:65:d7:0f:de:51:bd:1b:
         7b:69:a1:75
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIUejoY6C3OwRqV6IAQPKhFOpv6HLEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA2MDIxNDQwNDdaFw0yNzA2MDExNDQ1NDdaMDMxMTAvBgNV
BAMTKDJGQTcxREQ0RDk1QTIzQUI0RDdCRUQwNzc1MzU5MUYxMENBMjEyQjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXqMisC+DszwXZvvyCytwEQxjR
tz0J+0MhrOdgwVWDwTveInlzHPc603Oj41IpuA4e5684YIxwY9e52qrx+6phB7GN
JNp3f5fcnmfxKL8Ly7XK2wEf8dIxxouiPPC9kqaJ0pDiD6jskbwd6awoWs0vHxfe
t1sfSCAP3957ahsSeTIQC8sC1bt4ltm/hPgzLKNR4pn+Yg3F12P2GEUYupic9M8G
V3hFj53FCbWHi7J8ElQFauk8NekRAZFwKfU8ga4QPzSs0K9jlDEC3sdu+SkQhb/S
W9B8xA3FE6+0TO56uEo3+UEIdV9PsABGeuMZrZsUj1d/SYOnP3GfnHSyhaf/AgMB
AAGjggIbMIICFzAdBgNVHQ4EFgQUL6cd1NlaI6tNe+0HdTWR8QyiErEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0MDgzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAUi+e
MA8EAgACMAkDBwAqE5UAAEIwDQYJKoZIhvcNAQELBQADggEBAGwc20k4v8oE9kXv
+3DM1ii0USyPYU7PJFDbB6+xgXUcbGo71yvSJtzKcP7f+tIxRWoWw2u1nq5vs9qP
Ev7I6V9Verc3RgC8YO3R+z0peDTcYeiZDUm6Ds1/knjQOCG0tZWTq23Hiyc7e9We
KIVlu4A+lGAnCEwpiB+1b+aau/uhdAMJrd9twScel+uPRWXRJc2m9ROnmNZTykF4
IMfRr06hbVMHEuOSziQVpUsepd4HLc7ae2c0YDQkXbLHdT24hlMs1YbRcPFpilh4
QojVy+ltjmiCklQo6eEYh1JAlfiArYCK/oTDs1hxZmSGDolu39YMCdC4ZdcP3lG9
G3tpoXU=
-----END CERTIFICATE-----