Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214496.roa
File:                     AS214496.roa (raw, json)
Hash identifier:          6uG0xD9MuyP4emElk5LrCNr6+V+KYAkH11mSOUnIuYE=
Subject key identifier:   37:54:26:35:37:C0:B7:E9:A0:14:96:8F:1F:83:05:4A:52:C0:8E:8A
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       0718FE4D942AC202FB4D5CA7F4BCA142E546E8E1
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214496.roa
Signing time:             Tue 06 Jan 2026 01:00:47 +0000
ROA not before:           Tue 06 Jan 2026 00:55:47 +0000
ROA not after:            Tue 05 Jan 2027 01:00:47 +0000
asID:                     214496
IP address blocks:        2a14:7581:9a00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:18:fe:4d:94:2a:c2:02:fb:4d:5c:a7:f4:bc:a1:42:e5:46:e8:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Jan  6 00:55:47 2026 GMT
            Not After : Jan  5 01:00:47 2027 GMT
        Subject: CN=3754263537C0B7E9A014968F1F83054A52C08E8A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:6e:19:5e:c7:2c:1a:4a:ab:00:4e:18:61:4a:
                    db:6c:72:20:2c:27:d1:c5:3c:9e:3c:ae:f8:ac:dc:
                    52:bb:86:18:8e:f7:fb:5c:f3:2c:cb:da:ae:a8:38:
                    6b:9a:d0:4f:76:b3:e1:6b:f3:c5:de:7d:b3:bd:e3:
                    dc:80:b4:39:c1:e8:bb:a5:a3:b8:13:fc:1d:42:98:
                    e5:b5:da:0d:e4:38:d6:c2:4d:8d:4b:58:4e:b3:15:
                    3f:5b:76:98:6e:56:c6:8e:15:9b:7e:40:b4:65:16:
                    b0:99:54:cd:0c:a0:c2:73:5c:c0:9e:44:6d:77:44:
                    a2:39:39:41:6b:85:eb:6c:7d:f3:4e:74:0f:37:f6:
                    30:54:bd:ad:78:fc:dd:14:07:28:1b:27:aa:15:21:
                    49:3b:28:23:cf:25:45:fd:ee:a1:f6:ce:81:dc:ea:
                    e0:ce:f4:5b:61:1f:f7:62:ee:29:21:f1:ab:71:42:
                    5e:f5:40:da:61:1c:2b:35:b2:5c:da:1f:4a:46:89:
                    63:69:54:45:55:c3:e5:83:ba:89:00:20:fe:92:13:
                    24:e8:5b:12:ca:01:e9:39:e0:99:3e:db:13:8d:89:
                    39:61:ca:ef:9c:6c:2e:5b:db:b3:c3:4c:16:5e:00:
                    2d:91:3a:15:a0:ea:97:68:74:63:8e:71:71:7a:97:
                    a8:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:54:26:35:37:C0:B7:E9:A0:14:96:8F:1F:83:05:4A:52:C0:8E:8A
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214496.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:9a00::/40

    Signature Algorithm: sha256WithRSAEncryption
         89:4c:45:a9:15:75:81:f7:97:17:51:a0:c3:21:2f:c2:3c:a3:
         af:83:59:ce:ae:83:4f:9f:05:7d:5c:7b:50:5a:4d:69:92:4a:
         16:15:4d:c1:89:72:01:2f:24:68:07:51:25:c6:2f:c4:07:43:
         45:3d:a0:9f:6d:83:aa:e3:71:51:97:74:8a:cd:86:96:ff:ab:
         b2:ec:ef:3e:ea:45:ed:1e:57:e6:95:2a:a4:bf:12:ee:b3:77:
         72:7e:61:fe:40:83:89:5d:35:23:41:a1:69:88:a6:5e:64:45:
         05:69:b9:0e:9d:32:35:91:d0:dd:f3:29:b8:ce:47:cb:8f:33:
         c1:b0:72:3a:45:c7:78:34:a5:39:86:eb:b1:4c:a2:aa:7a:03:
         ad:66:38:bb:28:77:82:22:bc:7d:78:c8:f4:5a:86:f5:6d:a4:
         b7:87:9d:4a:2d:69:32:9d:52:ce:5e:66:67:db:2c:50:fb:39:
         c9:14:15:40:a9:9f:5e:dd:82:ec:c1:4a:3a:dd:1b:1d:e3:20:
         ef:26:6a:e6:af:96:5c:5c:6f:d4:1b:51:ef:7a:64:54:6e:e8:
         4f:4b:d2:94:2b:b8:60:16:6b:7c:44:97:76:ec:49:ae:23:c7:
         58:37:8f:4b:dd:7a:0a:67:cb:90:56:16:84:04:41:05:9c:f1:
         91:11:47:ee
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUBxj+TZQqwgL7TVyn9LyhQuVG6OEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjAxMDYwMDU1NDdaFw0yNzAxMDUwMTAwNDdaMDMxMTAvBgNV
BAMTKDM3NTQyNjM1MzdDMEI3RTlBMDE0OTY4RjFGODMwNTRBNTJDMDhFOEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnbhlexywaSqsAThhhSttsciAs
J9HFPJ48rvis3FK7hhiO9/tc8yzL2q6oOGua0E92s+Fr88XefbO949yAtDnB6Lul
o7gT/B1CmOW12g3kONbCTY1LWE6zFT9bdphuVsaOFZt+QLRlFrCZVM0MoMJzXMCe
RG13RKI5OUFrhetsffNOdA839jBUva14/N0UBygbJ6oVIUk7KCPPJUX97qH2zoHc
6uDO9FthH/di7ikh8atxQl71QNphHCs1slzaH0pGiWNpVEVVw+WDuokAIP6SEyTo
WxLKAek54Jk+2xONiTlhyu+cbC5b27PDTBZeAC2ROhWg6pdodGOOcXF6l6iRAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUN1QmNTfAt+mgFJaPH4MFSlLAjoowHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjE0NDk2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhR1
gZowDQYJKoZIhvcNAQELBQADggEBAIlMRakVdYH3lxdRoMMhL8I8o6+DWc6ug0+f
BX1ce1BaTWmSShYVTcGJcgEvJGgHUSXGL8QHQ0U9oJ9tg6rjcVGXdIrNhpb/q7Ls
7z7qRe0eV+aVKqS/Eu6zd3J+Yf5Ag4ldNSNBoWmIpl5kRQVpuQ6dMjWR0N3zKbjO
R8uPM8GwcjpFx3g0pTmG67FMoqp6A61mOLsod4IivH14yPRahvVtpLeHnUotaTKd
Us5eZmfbLFD7OckUFUCpn17dguzBSjrdGx3jIO8mauavllxcb9QbUe96ZFRu6E9L
0pQruGAWa3xEl3bsSa4jx1g3j0vdegpny5BWFoQEQQWc8ZERR+4=
-----END CERTIFICATE-----