Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214478.roa
File:                     AS214478.roa (raw, json)
Hash identifier:          E8LNsymkTTWQZ+HlnXcOCndeXCF43ASP6gwV93dT8o8=
Subject key identifier:   06:28:38:8C:B4:7F:E2:78:D0:39:2B:20:37:E4:50:76:9F:A1:34:F4
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       2AB0291FEA8851567AB403B5648ADF2CD393D46C
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214478.roa
Signing time:             Mon 09 Feb 2026 23:08:22 +0000
ROA not before:           Mon 09 Feb 2026 23:03:22 +0000
ROA not after:            Mon 08 Feb 2027 23:08:22 +0000
asID:                     214478
IP address blocks:        2a0f:85c1:841::/48 maxlen: 48
                          2a0f:85c1:860::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:b0:29:1f:ea:88:51:56:7a:b4:03:b5:64:8a:df:2c:d3:93:d4:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Feb  9 23:03:22 2026 GMT
            Not After : Feb  8 23:08:22 2027 GMT
        Subject: CN=0628388CB47FE278D0392B2037E450769FA134F4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:60:5c:c0:96:2d:22:1b:49:70:40:54:a7:22:
                    e1:f9:15:bc:36:7f:47:1b:2c:dd:b4:b5:e1:8e:3f:
                    e4:ff:0a:76:59:f6:c1:c8:59:d8:bf:ed:02:ac:76:
                    d5:3a:5a:f1:14:7f:f7:79:86:01:7b:20:fc:d7:74:
                    7b:7f:6a:b9:ab:7c:75:7a:b0:a9:ce:f8:69:2a:9b:
                    62:68:df:8f:73:4d:ca:94:2d:0a:4f:21:06:d5:ab:
                    b8:da:9a:68:15:54:59:1b:67:6c:0f:d8:18:0f:cd:
                    d0:10:1c:42:f3:d9:7f:7f:63:25:12:73:ab:13:8a:
                    78:17:69:1b:09:e8:16:29:7c:41:be:ef:57:89:f8:
                    4c:72:f8:d0:d3:f7:37:43:e4:1c:3f:f2:0b:26:d8:
                    e1:d0:f3:24:e6:29:f5:5d:2f:81:af:e2:4d:5f:e5:
                    f8:2b:43:6a:65:64:47:57:1f:78:86:05:87:f5:de:
                    21:49:34:7a:b5:82:1b:02:a3:d6:8e:91:5c:1e:8d:
                    6b:16:b5:b8:8b:a7:70:63:96:61:bd:e9:e8:5d:ba:
                    c3:72:7e:10:66:0e:d0:4c:37:47:95:47:47:15:8a:
                    fe:81:a2:a3:4a:0a:db:fe:97:aa:fd:dd:aa:5b:4f:
                    09:e2:c6:8e:37:29:b1:f2:f4:54:42:8f:3d:0f:d7:
                    a4:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:28:38:8C:B4:7F:E2:78:D0:39:2B:20:37:E4:50:76:9F:A1:34:F4
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214478.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:841::/48
                  2a0f:85c1:860::/48

    Signature Algorithm: sha256WithRSAEncryption
         9b:64:05:4b:23:02:bb:94:83:d1:9e:a2:f9:48:c0:6f:f8:0b:
         15:a7:43:b2:5d:77:a3:ee:d0:b1:3a:c3:85:9e:6c:83:d7:3b:
         0f:65:82:76:22:ae:ef:66:44:48:7d:a2:37:ed:7f:d1:90:df:
         66:cc:80:9e:ba:5f:11:96:fe:47:99:c9:2a:c0:fd:6c:e3:58:
         56:71:7a:ce:af:92:93:3b:aa:ca:30:a9:8e:e4:95:64:c2:a6:
         b7:81:56:e7:8a:72:8a:20:9a:f8:6e:7b:ef:d1:6b:86:f4:d7:
         d3:5d:b9:f3:47:83:16:f9:bc:d3:9b:b0:bf:86:9a:78:a5:0d:
         d9:2c:eb:8d:a9:8c:35:57:5d:30:f2:64:cc:7e:4d:30:4a:c5:
         1c:15:42:41:8d:4c:92:3e:6b:f4:77:11:93:51:dc:75:de:c1:
         fa:7c:25:f1:ee:4a:61:0c:2a:ce:2d:51:61:19:e9:11:db:87:
         19:52:11:95:51:e4:8b:3b:66:8f:bd:60:b8:09:ed:c0:a0:bd:
         0b:3f:fb:ab:35:91:35:92:b9:22:19:31:0c:e1:c6:65:cf:94:
         ca:c9:47:30:5e:4c:6b:11:bb:f6:82:29:ed:f5:10:9c:25:c3:
         75:62:3f:dd:1f:8c:7c:b1:32:16:6f:4d:d7:4e:39:a0:33:36:
         14:91:43:b5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUKrApH+qIUVZ6tAO1ZIrfLNOT1GwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjAyMDkyMzAzMjJaFw0yNzAyMDgyMzA4MjJaMDMxMTAvBgNV
BAMTKDA2MjgzODhDQjQ3RkUyNzhEMDM5MkIyMDM3RTQ1MDc2OUZBMTM0RjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhYFzAli0iG0lwQFSnIuH5Fbw2
f0cbLN20teGOP+T/CnZZ9sHIWdi/7QKsdtU6WvEUf/d5hgF7IPzXdHt/armrfHV6
sKnO+Gkqm2Jo349zTcqULQpPIQbVq7jammgVVFkbZ2wP2BgPzdAQHELz2X9/YyUS
c6sTingXaRsJ6BYpfEG+71eJ+Exy+NDT9zdD5Bw/8gsm2OHQ8yTmKfVdL4Gv4k1f
5fgrQ2plZEdXH3iGBYf13iFJNHq1ghsCo9aOkVwejWsWtbiLp3BjlmG96ehdusNy
fhBmDtBMN0eVR0cViv6BoqNKCtv+l6r93apbTwnixo43KbHy9FRCjz0P16THAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUBig4jLR/4njQOSsgN+RQdp+hNPQwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NDc4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg+F
wQhBAwcAKg+FwQhgMA0GCSqGSIb3DQEBCwUAA4IBAQCbZAVLIwK7lIPRnqL5SMBv
+AsVp0OyXXej7tCxOsOFnmyD1zsPZYJ2Iq7vZkRIfaI37X/RkN9mzICeul8Rlv5H
mckqwP1s41hWcXrOr5KTO6rKMKmO5JVkwqa3gVbninKKIJr4bnvv0WuG9NfTXbnz
R4MW+bzTm7C/hpp4pQ3ZLOuNqYw1V10w8mTMfk0wSsUcFUJBjUySPmv0dxGTUdx1
3sH6fCXx7kphDCrOLVFhGekR24cZUhGVUeSLO2aPvWC4Ce3AoL0LP/urNZE1krki
GTEM4cZlz5TKyUcwXkxrEbv2gint9RCcJcN1Yj/dH4x8sTIWb03XTjmgMzYUkUO1
-----END CERTIFICATE-----