Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214838.roa
File:                     AS214838.roa (raw, json)
Hash identifier:          c4Z8kMxof+4fgEQnGf0uQCpetCEC+o5PgZLq5glqc50=
Subject key identifier:   25:0A:13:FE:AD:D9:C5:C8:D9:15:8C:16:26:C0:E1:7F:CA:DE:08:98
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       193C05F37EA56A242FABEC91A57BCE1276760534
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214838.roa
Signing time:             Mon 09 Feb 2026 23:08:22 +0000
ROA not before:           Mon 09 Feb 2026 23:03:22 +0000
ROA not after:            Mon 08 Feb 2027 23:08:22 +0000
asID:                     214838
IP address blocks:        2a0f:85c1:bb8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:3c:05:f3:7e:a5:6a:24:2f:ab:ec:91:a5:7b:ce:12:76:76:05:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Feb  9 23:03:22 2026 GMT
            Not After : Feb  8 23:08:22 2027 GMT
        Subject: CN=250A13FEADD9C5C8D9158C1626C0E17FCADE0898
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:8a:e0:1c:24:f5:d5:d3:df:4f:18:e0:ad:be:
                    24:4d:7f:d2:91:88:3d:58:ac:bc:d0:e1:26:c1:3c:
                    93:e1:14:74:54:1b:27:e5:13:c5:84:a2:28:4c:e7:
                    9c:b5:fa:0b:a8:82:5f:a1:f6:d4:1e:51:45:53:92:
                    22:a0:d8:47:1d:7e:69:46:c5:8c:7f:d2:15:d7:80:
                    13:25:c1:2e:93:92:59:23:c8:a1:1a:fd:66:c5:a0:
                    53:78:94:dc:b7:b2:49:bc:3d:11:fd:b4:0a:25:27:
                    27:9a:dd:cf:e6:aa:2a:da:d2:fd:8a:4a:f6:f0:f9:
                    a8:71:ab:91:3b:b9:26:2b:50:81:ea:ea:d7:8e:d3:
                    9c:22:d5:76:a5:a5:86:0b:08:61:c3:1b:65:21:5a:
                    ef:5f:4c:c0:98:56:07:2a:d5:54:ba:22:3f:00:c4:
                    bc:58:7e:a9:04:bb:c5:5b:57:41:7b:4c:79:1d:16:
                    21:ce:d1:f8:2f:34:e9:dd:e8:de:c2:1c:a6:b5:de:
                    89:91:f9:14:16:e4:28:1f:80:8d:08:24:0d:18:b1:
                    b2:80:aa:fb:4b:e8:84:04:72:00:56:92:03:ec:07:
                    68:2d:de:96:f5:15:ec:b0:63:c1:b5:26:3b:1d:d4:
                    d2:ba:6a:9d:eb:b3:7d:74:1a:66:a0:b0:b3:33:38:
                    de:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:0A:13:FE:AD:D9:C5:C8:D9:15:8C:16:26:C0:E1:7F:CA:DE:08:98
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:bb8::/48

    Signature Algorithm: sha256WithRSAEncryption
         c6:70:31:51:bb:9b:1d:17:5a:5a:4f:0d:b1:32:13:41:bb:69:
         f0:d1:34:53:ee:a9:88:df:a2:cf:df:b3:e9:8d:6c:e4:21:0b:
         31:fb:d0:25:e8:f0:a2:3b:dd:44:04:af:bb:6b:75:96:46:d6:
         29:38:c9:b8:b7:68:92:4f:f9:cd:48:37:4f:54:10:8c:9c:03:
         74:a4:fa:7c:d4:3b:d1:35:11:cb:93:0e:7b:65:9d:8b:96:b6:
         3b:84:9d:8c:a5:6c:9b:83:0e:33:f7:96:e3:66:fb:f2:39:e5:
         4f:31:d3:e8:2f:e0:bb:43:55:08:1f:70:cd:db:2e:c9:13:33:
         f0:3c:4b:de:65:a6:60:9d:57:17:76:e3:cc:a9:22:6d:b9:b9:
         72:d3:56:58:42:d3:61:f2:8c:a4:19:ba:6d:f5:7f:00:1b:38:
         68:e4:7f:2d:56:60:47:04:dc:f0:19:f1:03:fe:56:32:32:3f:
         1c:cb:4a:6a:d0:e6:ce:75:8a:3a:36:73:a3:69:b9:bc:b5:e4:
         15:f3:cc:72:9c:51:1e:ff:e6:d1:d1:42:f1:68:13:92:60:fe:
         6a:27:17:76:dc:8e:30:3f:69:85:2b:26:1c:a6:1f:af:68:f9:
         db:20:a3:12:b8:08:3b:be:e9:6a:9d:6d:50:48:7f:c0:ca:bb:
         ce:bb:92:0b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUGTwF836laiQvq+yRpXvOEnZ2BTQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjAyMDkyMzAzMjJaFw0yNzAyMDgyMzA4MjJaMDMxMTAvBgNV
BAMTKDI1MEExM0ZFQUREOUM1QzhEOTE1OEMxNjI2QzBFMTdGQ0FERTA4OTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIiuAcJPXV099PGOCtviRNf9KR
iD1YrLzQ4SbBPJPhFHRUGyflE8WEoihM55y1+guogl+h9tQeUUVTkiKg2EcdfmlG
xYx/0hXXgBMlwS6TklkjyKEa/WbFoFN4lNy3skm8PRH9tAolJyea3c/mqira0v2K
Svbw+ahxq5E7uSYrUIHq6teO05wi1XalpYYLCGHDG2UhWu9fTMCYVgcq1VS6Ij8A
xLxYfqkEu8VbV0F7THkdFiHO0fgvNOnd6N7CHKa13omR+RQW5CgfgI0IJA0YsbKA
qvtL6IQEcgBWkgPsB2gt3pb1FeywY8G1Jjsd1NK6ap3rs310GmagsLMzON5zAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUJQoT/q3ZxcjZFYwWJsDhf8reCJgwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0ODM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQu4MA0GCSqGSIb3DQEBCwUAA4IBAQDGcDFRu5sdF1paTw2xMhNBu2nw0TRT7qmI
36LP37PpjWzkIQsx+9Al6PCiO91EBK+7a3WWRtYpOMm4t2iST/nNSDdPVBCMnAN0
pPp81DvRNRHLkw57ZZ2LlrY7hJ2MpWybgw4z95bjZvvyOeVPMdPoL+C7Q1UIH3DN
2y7JEzPwPEveZaZgnVcXduPMqSJtubly01ZYQtNh8oykGbpt9X8AGzho5H8tVmBH
BNzwGfED/lYyMj8cy0pq0ObOdYo6NnOjabm8teQV88xynFEe/+bR0ULxaBOSYP5q
Jxd23I4wP2mFKyYcph+vaPnbIKMSuAg7vulqnW1QSH/AyrvOu5IL
-----END CERTIFICATE-----