Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS214025.roa
File:                     AS214025.roa (raw, json)
Hash identifier:          qGNnFzYMZR/L6hkDw58Jfu+nxyulPkgMoFqPnx/gFyE=
Subject key identifier:   7A:D0:32:50:6F:C7:EE:79:E2:00:DC:B9:FE:EA:4C:1C:61:C0:F9:17
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       48D8F3E6D5A364A0BEC5B589A3F5C7E8156E889C
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS214025.roa
Signing time:             Tue 21 Oct 2025 08:52:25 +0000
ROA not before:           Tue 21 Oct 2025 08:47:25 +0000
ROA not after:            Tue 20 Oct 2026 08:52:25 +0000
asID:                     214025
IP address blocks:        91.199.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 03:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:d8:f3:e6:d5:a3:64:a0:be:c5:b5:89:a3:f5:c7:e8:15:6e:88:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Oct 21 08:47:25 2025 GMT
            Not After : Oct 20 08:52:25 2026 GMT
        Subject: CN=7AD032506FC7EE79E200DCB9FEEA4C1C61C0F917
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b8:cb:c6:80:69:9b:01:eb:85:ad:a1:03:e8:
                    e3:88:53:28:3c:63:09:e5:21:11:47:8b:6c:22:64:
                    91:66:9d:d2:75:60:4c:83:19:73:a9:1d:98:8f:9c:
                    25:5b:6b:33:2a:25:b3:ae:13:14:ef:7f:f4:1f:a4:
                    ca:4a:b5:6d:c1:55:1c:4d:e3:29:b7:83:43:1d:56:
                    79:a5:61:40:9d:1c:d2:d1:4a:12:52:d9:29:4a:9a:
                    2c:3d:6e:53:1b:b1:31:20:e7:70:e0:f8:d0:5e:6f:
                    1f:e5:64:8f:c5:ce:bc:f6:7a:c7:a1:9e:06:d5:21:
                    c9:d2:a6:6f:07:30:d2:be:34:da:d3:53:a1:d8:58:
                    a8:22:63:49:ef:b6:72:ad:5e:08:5e:01:8c:af:d0:
                    cf:4f:89:5b:76:f6:02:89:ea:6e:28:57:c2:cd:7c:
                    aa:ca:93:d8:d5:d8:8d:57:96:8b:8e:e3:25:aa:90:
                    89:ed:af:d7:31:8f:64:55:fc:9c:4d:81:f2:38:39:
                    48:bf:f6:48:47:f9:04:5b:b3:01:86:45:79:de:fc:
                    5e:6d:5f:81:f1:3a:41:f3:42:55:65:ae:32:36:d9:
                    a7:25:d2:a7:23:6f:a2:d4:73:ac:db:15:80:ea:e1:
                    14:eb:b4:77:1c:66:ca:19:95:40:ad:ad:c3:51:5e:
                    56:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:D0:32:50:6F:C7:EE:79:E2:00:DC:B9:FE:EA:4C:1C:61:C0:F9:17
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS214025.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:21:5f:d4:b2:1c:87:8e:9d:0a:47:b8:f9:1b:3a:62:27:86:
         d2:3e:5f:14:19:da:e9:fb:a7:80:39:3c:d1:b2:73:a0:38:1d:
         36:b9:89:38:6e:21:4e:4a:77:f4:0f:8e:ca:ae:89:42:15:41:
         9f:db:ec:0f:e7:64:41:7d:d9:1a:67:52:b1:85:1f:ec:56:e3:
         fa:96:00:02:52:63:83:5c:4f:81:39:9d:3b:58:99:20:09:f4:
         54:93:49:77:19:0d:9b:05:6f:d3:dd:5a:cd:b8:29:83:bd:82:
         24:3a:78:6d:ba:6b:98:44:45:a8:2c:79:15:8d:a0:ba:c6:f6:
         a9:66:66:dd:e7:a0:2a:3c:7d:06:a7:5f:5e:3e:cd:64:1c:95:
         74:69:65:50:2d:ea:bf:12:dd:59:2c:a1:cd:7e:00:7b:76:8e:
         0d:b6:8f:34:08:77:c8:1a:ac:28:38:be:3a:ce:93:56:4a:89:
         64:03:5f:5c:a7:ee:1b:ea:47:41:d4:3c:d4:9f:aa:3f:c7:97:
         f7:0d:1c:7c:41:a0:06:07:0f:af:62:51:30:2f:10:4d:24:ca:
         76:55:9e:c5:78:20:d8:e9:ff:c5:fa:3a:5f:3c:1d:aa:e2:2f:
         ed:e9:3a:14:8c:8f:e9:24:41:c4:31:bc:6b:74:4e:d7:5b:4a:
         0e:46:6f:cc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUSNjz5tWjZKC+xbWJo/XH6BVuiJwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTEwMjEwODQ3MjVaFw0yNjEwMjAwODUyMjVaMDMxMTAvBgNV
BAMTKDdBRDAzMjUwNkZDN0VFNzlFMjAwRENCOUZFRUE0QzFDNjFDMEY5MTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0uMvGgGmbAeuFraED6OOIUyg8
YwnlIRFHi2wiZJFmndJ1YEyDGXOpHZiPnCVbazMqJbOuExTvf/QfpMpKtW3BVRxN
4ym3g0MdVnmlYUCdHNLRShJS2SlKmiw9blMbsTEg53Dg+NBebx/lZI/Fzrz2eseh
ngbVIcnSpm8HMNK+NNrTU6HYWKgiY0nvtnKtXgheAYyv0M9PiVt29gKJ6m4oV8LN
fKrKk9jV2I1XlouO4yWqkIntr9cxj2RV/JxNgfI4OUi/9khH+QRbswGGRXne/F5t
X4HxOkHzQlVlrjI22acl0qcjb6LUc6zbFYDq4RTrtHccZsoZlUCtrcNRXlbtAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUetAyUG/H7nniANy5/upMHGHA+RcwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjE0MDI1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8eo
MA0GCSqGSIb3DQEBCwUAA4IBAQCMIV/UshyHjp0KR7j5GzpiJ4bSPl8UGdrp+6eA
OTzRsnOgOB02uYk4biFOSnf0D47KrolCFUGf2+wP52RBfdkaZ1KxhR/sVuP6lgAC
UmODXE+BOZ07WJkgCfRUk0l3GQ2bBW/T3VrNuCmDvYIkOnhtumuYREWoLHkVjaC6
xvapZmbd56AqPH0Gp19ePs1kHJV0aWVQLeq/Et1ZLKHNfgB7do4Nto80CHfIGqwo
OL46zpNWSolkA19cp+4b6kdB1DzUn6o/x5f3DRx8QaAGBw+vYlEwLxBNJMp2VZ7F
eCDY6f/F+jpfPB2q4i/t6ToUjI/pJEHEMbxrdE7XW0oORm/M
-----END CERTIFICATE-----