Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS219503.roa
File:                     AS219503.roa (raw, json)
Hash identifier:          vJsu03zs52pgy/FyzjHLYvS+C3EIwujaKa5mi2PSnZg=
Subject key identifier:   91:E7:4C:78:16:AB:07:A2:49:F4:FC:38:70:6E:82:6A:E4:0C:30:CF
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       2AF6EA398363ED06C037F3602CBEF1754B9D51EA
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS219503.roa
Signing time:             Mon 08 Jun 2026 19:20:52 +0000
ROA not before:           Mon 08 Jun 2026 19:15:52 +0000
ROA not after:            Mon 07 Jun 2027 19:20:52 +0000
asID:                     219503
IP address blocks:        2a14:7583:effd::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:f6:ea:39:83:63:ed:06:c0:37:f3:60:2c:be:f1:75:4b:9d:51:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Jun  8 19:15:52 2026 GMT
            Not After : Jun  7 19:20:52 2027 GMT
        Subject: CN=91E74C7816AB07A249F4FC38706E826AE40C30CF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:db:27:a4:da:65:33:af:f1:bf:a1:bf:d5:22:
                    fb:7e:6a:80:9a:b9:71:dd:2c:8d:aa:c0:04:c8:f5:
                    b9:f7:f4:04:7d:43:d7:2a:d5:ef:cb:14:3e:67:29:
                    e4:ff:be:98:cb:19:47:2d:cd:78:b0:ff:e7:d5:d6:
                    fc:e2:5c:4d:a7:3d:71:27:d1:7a:da:73:fb:95:ce:
                    48:4d:93:63:a2:bb:4e:79:e2:c9:8d:38:cd:9f:ae:
                    49:5e:a3:6d:6c:e4:db:a1:1c:e0:21:0d:eb:d8:12:
                    58:4e:a8:19:46:58:f1:6c:46:92:dc:71:a6:3a:02:
                    ed:78:18:b3:53:d1:f7:a2:39:19:ca:27:ae:2b:5d:
                    14:74:41:70:fd:ff:c7:f0:01:e1:d0:33:9f:3c:58:
                    15:24:7a:10:cc:5b:2c:26:55:c5:ad:4a:51:d7:3a:
                    ad:2e:be:99:fa:81:f1:f2:7a:80:2e:89:d8:ef:47:
                    9b:3b:b0:09:90:f9:d2:1f:77:85:e8:ab:e9:21:6b:
                    80:1c:20:c8:f6:16:21:d4:bf:42:9c:78:bb:dd:e3:
                    59:14:9c:a9:67:8d:92:2c:6b:87:91:ff:f2:4c:50:
                    89:30:22:18:17:8e:76:e6:f2:b6:5a:c7:07:a7:cb:
                    ce:51:a0:9c:ca:01:30:4a:5b:30:95:14:be:db:be:
                    47:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:E7:4C:78:16:AB:07:A2:49:F4:FC:38:70:6E:82:6A:E4:0C:30:CF
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS219503.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7583:effd::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:6e:d6:1e:8c:1f:51:40:93:b7:3e:de:52:3d:7f:49:d4:cc:
         6c:1c:92:1b:f0:23:ff:5f:5c:99:36:e7:d4:30:dd:65:d0:fe:
         51:7a:99:05:d1:c6:12:78:4c:4f:e7:13:3d:a3:00:8c:2c:97:
         3c:fb:f9:e6:aa:7c:3b:31:23:64:0c:7b:34:80:c0:af:aa:88:
         0e:fc:d7:eb:27:85:3f:2c:07:ba:78:58:54:81:92:29:88:49:
         23:07:62:03:a7:47:be:a8:91:bc:22:4a:54:da:30:84:4f:38:
         1d:43:cd:ba:03:f6:61:c2:76:8f:9c:3d:93:13:d8:66:c1:94:
         f7:68:62:82:62:da:cf:ae:78:36:3d:c6:dd:59:08:04:25:bd:
         1b:b5:a4:2c:83:df:ed:aa:6a:99:d1:af:04:54:b1:47:83:a4:
         63:ed:74:50:be:28:3c:94:ef:7c:bc:56:7c:3f:06:de:2c:70:
         50:b1:56:04:bd:63:98:18:b0:74:24:f5:62:f4:75:ad:0e:1d:
         53:a2:6d:10:01:3d:e3:bf:4d:b3:27:45:4b:dc:34:0d:4b:b6:
         9f:f6:d6:f1:98:21:cd:2a:46:4d:c4:72:ee:6d:87:8e:3c:78:
         39:16:d9:68:b7:a6:99:be:b0:d5:c7:dc:9b:ee:06:da:35:10:
         42:50:33:64
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUKvbqOYNj7QbAN/NgLL7xdUudUeowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjA2MDgxOTE1NTJaFw0yNzA2MDcxOTIwNTJaMDMxMTAvBgNV
BAMTKDkxRTc0Qzc4MTZBQjA3QTI0OUY0RkMzODcwNkU4MjZBRTQwQzMwQ0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs2yek2mUzr/G/ob/VIvt+aoCa
uXHdLI2qwATI9bn39AR9Q9cq1e/LFD5nKeT/vpjLGUctzXiw/+fV1vziXE2nPXEn
0Xrac/uVzkhNk2Oiu0554smNOM2frkleo21s5NuhHOAhDevYElhOqBlGWPFsRpLc
caY6Au14GLNT0feiORnKJ64rXRR0QXD9/8fwAeHQM588WBUkehDMWywmVcWtSlHX
Oq0uvpn6gfHyeoAuidjvR5s7sAmQ+dIfd4Xoq+kha4AcIMj2FiHUv0KceLvd41kU
nKlnjZIsa4eR//JMUIkwIhgXjnbm8rZaxweny85RoJzKATBKWzCVFL7bvkdDAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUkedMeBarB6JJ9Pw4cG6CauQMMM8wHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjE5NTAzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhR1
g+/9MA0GCSqGSIb3DQEBCwUAA4IBAQBQbtYejB9RQJO3Pt5SPX9J1MxsHJIb8CP/
X1yZNufUMN1l0P5RepkF0cYSeExP5xM9owCMLJc8+/nmqnw7MSNkDHs0gMCvqogO
/NfrJ4U/LAe6eFhUgZIpiEkjB2IDp0e+qJG8IkpU2jCETzgdQ826A/ZhwnaPnD2T
E9hmwZT3aGKCYtrPrng2PcbdWQgEJb0btaQsg9/tqmqZ0a8EVLFHg6Rj7XRQvig8
lO98vFZ8PwbeLHBQsVYEvWOYGLB0JPVi9HWtDh1Tom0QAT3jv02zJ0VL3DQNS7af
9tbxmCHNKkZNxHLubYeOPHg5Ftlot6aZvrDVx9yb7gbaNRBCUDNk
-----END CERTIFICATE-----