Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214203.roa
File:                     AS214203.roa (raw, json)
Hash identifier:          7dVysYrAtiq8ee5AzjKszuBgHdYM/S6xx6wbTIrxyrU=
Subject key identifier:   6A:8A:FC:72:89:73:CB:0C:EC:87:75:22:CD:8F:3B:40:21:61:64:5C
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       668766413D224D83FB2AA9BBF0CE868E2AC5BEEB
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214203.roa
Signing time:             Tue 06 Jan 2026 01:00:46 +0000
ROA not before:           Tue 06 Jan 2026 00:55:46 +0000
ROA not after:            Tue 05 Jan 2027 01:00:46 +0000
asID:                     214203
IP address blocks:        2a14:7584::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:87:66:41:3d:22:4d:83:fb:2a:a9:bb:f0:ce:86:8e:2a:c5:be:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Jan  6 00:55:46 2026 GMT
            Not After : Jan  5 01:00:46 2027 GMT
        Subject: CN=6A8AFC728973CB0CEC877522CD8F3B402161645C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:2f:87:85:63:7f:47:5b:a2:d3:26:49:a2:fa:
                    c2:0e:22:86:ad:d8:84:b2:b8:8c:1e:02:86:6a:92:
                    ac:9a:37:3f:21:5b:50:ec:34:a9:8b:65:70:5f:8b:
                    51:82:47:e8:2a:e3:7f:f7:32:63:b8:4a:77:a9:3e:
                    fb:63:02:35:f9:ed:ed:e8:51:ee:1b:26:2d:bf:fe:
                    40:9c:d1:60:11:5f:8e:6d:34:af:64:b2:c8:1a:84:
                    a2:c5:65:b7:15:81:58:5b:11:47:1f:54:5f:0a:b4:
                    e9:87:1b:81:c1:39:7f:94:90:f1:b3:b7:11:1f:34:
                    e8:6c:c8:2d:fa:67:e5:24:d4:cd:1e:f1:4a:f3:51:
                    d6:2f:77:35:95:9a:93:eb:49:e4:0c:92:85:3e:17:
                    4d:0a:aa:2f:c2:30:c1:20:1c:c7:56:ca:f5:c9:12:
                    9f:3d:1c:96:a7:b1:55:cc:56:4b:37:09:25:e4:17:
                    14:2f:b5:01:17:82:3d:ca:c8:c8:e8:26:6f:73:a2:
                    0c:e4:19:ba:cb:4f:58:24:72:71:8c:b9:4b:61:6c:
                    a2:c9:8b:09:6e:b1:d8:54:cd:dd:75:13:b9:ef:12:
                    10:99:10:7f:f7:f3:f4:5e:5b:6b:65:1b:42:54:96:
                    6e:d1:e3:37:57:37:71:77:18:7c:f5:d3:9c:51:e9:
                    34:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:8A:FC:72:89:73:CB:0C:EC:87:75:22:CD:8F:3B:40:21:61:64:5C
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214203.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7584::/36

    Signature Algorithm: sha256WithRSAEncryption
         7b:03:a7:5b:ce:42:a5:99:78:d0:98:a6:cf:ca:8b:a3:c3:a2:
         4d:14:1c:e8:13:43:b3:27:62:d4:0b:94:fb:bb:e0:ec:62:5e:
         f2:42:9c:cf:22:f3:9d:4e:d9:5d:bf:06:40:a9:e1:2c:6f:1d:
         c2:28:16:a0:11:5c:59:e9:86:b1:ce:fe:47:24:8f:36:36:9e:
         d5:f2:ba:91:4e:24:f7:8a:93:b5:c2:e1:1d:0d:63:df:6f:25:
         03:54:04:d1:bf:81:cf:86:01:83:b4:5e:f6:49:23:88:fa:3f:
         ca:dd:34:db:f8:13:a2:0e:14:44:6b:2b:41:d3:52:8a:9f:24:
         cb:92:64:42:b8:d6:07:d6:8f:ec:7d:cd:74:48:ed:e3:71:7c:
         8f:69:5b:95:63:fb:1d:32:c5:4d:4d:a3:95:14:e5:1b:0a:4d:
         03:d1:07:94:2b:76:bd:ef:8b:8e:c0:ca:91:15:17:3e:5e:62:
         9a:23:5d:c3:e0:25:30:0b:63:26:ab:56:9d:a3:45:d8:09:90:
         af:23:7d:3c:4f:84:15:b9:ff:09:da:a2:ee:ae:ea:39:3d:68:
         7c:cc:b8:27:d5:dd:60:50:5a:07:5e:f2:87:f7:23:a9:0f:2b:
         79:ae:27:b9:54:e4:31:80:03:5c:9f:5e:90:47:31:13:08:54:
         4b:3b:c8:a6
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUZodmQT0iTYP7Kqm78M6GjirFvuswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjAxMDYwMDU1NDZaFw0yNzAxMDUwMTAwNDZaMDMxMTAvBgNV
BAMTKDZBOEFGQzcyODk3M0NCMENFQzg3NzUyMkNEOEYzQjQwMjE2MTY0NUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFL4eFY39HW6LTJkmi+sIOIoat
2ISyuIweAoZqkqyaNz8hW1DsNKmLZXBfi1GCR+gq43/3MmO4SnepPvtjAjX57e3o
Ue4bJi2//kCc0WARX45tNK9kssgahKLFZbcVgVhbEUcfVF8KtOmHG4HBOX+UkPGz
txEfNOhsyC36Z+Uk1M0e8UrzUdYvdzWVmpPrSeQMkoU+F00Kqi/CMMEgHMdWyvXJ
Ep89HJansVXMVks3CSXkFxQvtQEXgj3KyMjoJm9zogzkGbrLT1gkcnGMuUthbKLJ
iwlusdhUzd11E7nvEhCZEH/38/ReW2tlG0JUlm7R4zdXN3F3GHz105xR6TSFAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUaor8colzywzsh3UizY87QCFhZFwwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjE0MjAzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhR1
hAAwDQYJKoZIhvcNAQELBQADggEBAHsDp1vOQqWZeNCYps/Ki6PDok0UHOgTQ7Mn
YtQLlPu74OxiXvJCnM8i851O2V2/BkCp4SxvHcIoFqARXFnphrHO/kckjzY2ntXy
upFOJPeKk7XC4R0NY99vJQNUBNG/gc+GAYO0XvZJI4j6P8rdNNv4E6IOFERrK0HT
UoqfJMuSZEK41gfWj+x9zXRI7eNxfI9pW5Vj+x0yxU1No5UU5RsKTQPRB5Qrdr3v
i47AypEVFz5eYpojXcPgJTALYyarVp2jRdgJkK8jfTxPhBW5/wnaou6u6jk9aHzM
uCfV3WBQWgde8of3I6kPK3muJ7lU5DGAA1yfXpBHMRMIVEs7yKY=
-----END CERTIFICATE-----