Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214130.roa
File:                     AS214130.roa (raw, json)
Hash identifier:          6ol8nPfPT47LUG0ARC3cMv2izmStHLWd9kXxCmdmPyM=
Subject key identifier:   23:AF:AA:2F:72:9D:F6:6F:97:AF:FF:2D:D7:C2:78:2A:B0:11:60:28
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       39E17775E93F994C73F8EA30909974BEDD773361
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214130.roa
Signing time:             Tue 24 Feb 2026 02:12:00 +0000
ROA not before:           Tue 24 Feb 2026 02:07:00 +0000
ROA not after:            Tue 23 Feb 2027 02:12:00 +0000
asID:                     214130
IP address blocks:        2a0f:85c1:8b2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:e1:77:75:e9:3f:99:4c:73:f8:ea:30:90:99:74:be:dd:77:33:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Feb 24 02:07:00 2026 GMT
            Not After : Feb 23 02:12:00 2027 GMT
        Subject: CN=23AFAA2F729DF66F97AFFF2DD7C2782AB0116028
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:0a:c3:af:a1:29:57:5c:6a:28:bd:f7:55:ab:
                    7f:96:c4:f2:9c:9a:15:8d:8e:94:84:92:2a:80:0b:
                    ac:64:e5:bf:34:a4:16:69:b1:c1:72:fb:35:a7:10:
                    ca:b6:0d:2e:83:b3:6c:c4:92:92:75:3b:dd:4b:5e:
                    30:fd:27:b0:e8:d7:e9:6b:fe:83:35:e5:8f:a5:dc:
                    4d:69:93:4a:0e:81:77:d0:0f:23:dc:59:82:87:a0:
                    17:e1:43:ac:e6:ca:33:49:6d:82:35:ca:45:3e:50:
                    d1:5b:5e:44:ad:73:40:91:29:31:fb:ac:77:d0:cb:
                    a3:8a:fc:8b:46:b7:8f:e6:dd:89:37:4b:3b:ca:18:
                    24:98:0b:85:cc:14:c5:3c:1e:14:3a:aa:65:57:12:
                    f4:22:af:76:21:7f:77:ae:81:2a:10:03:61:2c:8b:
                    dd:45:37:cd:d5:56:6b:0d:2e:25:6e:ca:ee:d1:2f:
                    24:5e:9e:7b:13:d5:f6:f3:32:d2:48:a4:22:99:82:
                    7d:80:d4:07:7c:d0:7b:4d:3f:25:6d:28:1e:8e:c4:
                    8c:c7:15:50:f6:d7:09:a6:f9:24:5f:5e:e8:7e:9f:
                    4e:f3:f9:0d:28:28:fc:12:3a:62:78:64:47:fc:f9:
                    a1:ed:97:7f:8b:e7:9c:4e:ad:30:d0:7b:80:e5:3e:
                    29:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:AF:AA:2F:72:9D:F6:6F:97:AF:FF:2D:D7:C2:78:2A:B0:11:60:28
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214130.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:8b2::/48

    Signature Algorithm: sha256WithRSAEncryption
         96:fb:fa:13:0f:50:7d:54:9b:56:fa:e3:1e:d1:ad:f1:db:d9:
         8a:72:c4:68:0c:00:fe:7b:e2:06:9e:6a:24:ec:8f:f9:b7:b9:
         c0:18:4a:33:6f:16:8f:bb:04:4e:af:ba:ac:95:b0:97:b1:22:
         72:79:bd:ec:e3:49:e1:5b:29:28:44:36:5b:78:3d:e2:81:d5:
         83:53:62:27:f2:c5:c7:f2:e9:c9:e9:a4:e9:3f:01:4a:d2:1b:
         69:45:78:c6:12:b5:61:34:39:24:cb:7a:2d:f5:84:d8:8e:22:
         df:6b:43:4b:80:44:3e:5f:a9:33:21:ce:99:fc:57:b4:bb:9c:
         8b:37:55:0a:95:35:1d:21:25:b9:4b:66:0a:d5:82:46:63:1e:
         88:07:1b:46:79:08:94:ba:ce:ed:46:58:8b:be:6e:9a:88:d3:
         cb:21:f8:98:32:77:3e:a4:b2:44:a9:56:d7:5e:76:3f:76:f6:
         1e:50:c3:eb:15:29:24:5e:04:11:af:90:3d:61:85:ed:90:fb:
         63:b5:99:91:55:45:29:fd:7d:01:d7:06:04:68:73:ae:42:a9:
         e6:46:aa:fc:c8:81:cc:ac:c8:a6:98:48:65:88:b8:bd:2e:c9:
         4c:7e:77:41:32:1f:d3:9a:fc:3d:e1:38:c3:79:6f:d3:3a:0b:
         4b:63:67:b8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUOeF3dek/mUxz+OowkJl0vt13M2EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjAyMjQwMjA3MDBaFw0yNzAyMjMwMjEyMDBaMDMxMTAvBgNV
BAMTKDIzQUZBQTJGNzI5REY2NkY5N0FGRkYyREQ3QzI3ODJBQjAxMTYwMjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoCsOvoSlXXGoovfdVq3+WxPKc
mhWNjpSEkiqAC6xk5b80pBZpscFy+zWnEMq2DS6Ds2zEkpJ1O91LXjD9J7Do1+lr
/oM15Y+l3E1pk0oOgXfQDyPcWYKHoBfhQ6zmyjNJbYI1ykU+UNFbXkStc0CRKTH7
rHfQy6OK/ItGt4/m3Yk3SzvKGCSYC4XMFMU8HhQ6qmVXEvQir3Yhf3eugSoQA2Es
i91FN83VVmsNLiVuyu7RLyRennsT1fbzMtJIpCKZgn2A1Ad80HtNPyVtKB6OxIzH
FVD21wmm+SRfXuh+n07z+Q0oKPwSOmJ4ZEf8+aHtl3+L55xOrTDQe4DlPimfAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUI6+qL3Kd9m+Xr/8t18J4KrARYCgwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0MTMwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQiyMA0GCSqGSIb3DQEBCwUAA4IBAQCW+/oTD1B9VJtW+uMe0a3x29mKcsRoDAD+
e+IGnmok7I/5t7nAGEozbxaPuwROr7qslbCXsSJyeb3s40nhWykoRDZbeD3igdWD
U2In8sXH8unJ6aTpPwFK0htpRXjGErVhNDkky3ot9YTYjiLfa0NLgEQ+X6kzIc6Z
/Fe0u5yLN1UKlTUdISW5S2YK1YJGYx6IBxtGeQiUus7tRliLvm6aiNPLIfiYMnc+
pLJEqVbXXnY/dvYeUMPrFSkkXgQRr5A9YYXtkPtjtZmRVUUp/X0B1wYEaHOuQqnm
Rqr8yIHMrMimmEhliLi9LslMfndBMh/Tmvw94TjDeW/TOgtLY2e4
-----END CERTIFICATE-----