Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS214016.roa
File:                     AS214016.roa (raw, json)
Hash identifier:          QnO7bhsMXcFeBOxaXggnDLRBNi9XGxNkfzhAKprsgkk=
Subject key identifier:   92:88:59:B0:B7:04:1B:FC:D1:BE:F2:BC:D3:D4:C9:75:89:95:62:04
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       539BCAC19D49A6AD21070CFFD13A3BBB964B0298
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS214016.roa
Signing time:             Sat 28 Feb 2026 05:46:33 +0000
ROA not before:           Sat 28 Feb 2026 05:41:33 +0000
ROA not after:            Sat 27 Feb 2027 05:46:33 +0000
asID:                     214016
IP address blocks:        141.11.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 04:42:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:9b:ca:c1:9d:49:a6:ad:21:07:0c:ff:d1:3a:3b:bb:96:4b:02:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Feb 28 05:41:33 2026 GMT
            Not After : Feb 27 05:46:33 2027 GMT
        Subject: CN=928859B0B7041BFCD1BEF2BCD3D4C97589956204
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:05:5c:3e:59:53:f7:aa:00:18:dd:cb:3b:02:
                    df:62:37:1a:f6:e3:cb:80:e1:aa:66:b1:6a:83:bd:
                    8e:63:38:e6:ec:73:db:fe:d4:38:a4:0e:76:24:b3:
                    a6:13:03:e0:ad:a9:24:15:02:f9:d1:d3:d4:1a:90:
                    8f:19:e2:bf:b1:7a:04:3f:68:72:a3:f0:8b:19:0b:
                    30:c1:40:23:55:f7:94:f2:0e:c1:74:a5:41:ff:83:
                    c1:4d:a6:2b:de:66:c2:c7:01:5d:d6:61:e8:7f:8a:
                    69:ff:f2:9a:79:6d:6f:34:ce:45:9e:2a:09:ea:73:
                    0e:a5:bc:5a:89:44:97:99:f4:83:d0:3c:df:db:06:
                    93:cc:74:55:a6:61:aa:68:64:fa:80:02:c3:c5:4e:
                    21:90:81:0a:ea:41:e4:39:68:65:e3:e6:77:ac:40:
                    be:88:d5:f7:c3:01:5f:e1:f9:fc:77:cb:3e:61:4f:
                    77:4c:37:da:ed:23:4a:88:0d:68:f0:95:13:31:74:
                    dc:82:84:37:94:0b:dc:66:28:f7:39:1e:cd:44:e3:
                    12:a5:42:c8:1b:9e:65:ee:2b:6a:53:94:2e:9f:2d:
                    0b:2c:da:9b:3c:79:1c:6e:2a:d1:4b:3d:7c:21:af:
                    51:d1:0a:1a:74:e8:3b:2c:b1:cb:a7:bb:9a:17:a6:
                    eb:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:88:59:B0:B7:04:1B:FC:D1:BE:F2:BC:D3:D4:C9:75:89:95:62:04
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS214016.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:7e:6a:99:ae:07:c8:5f:ea:97:16:a1:34:9d:f7:d1:17:00:
         7f:e6:ab:1f:7f:f5:d0:98:b5:af:6e:e6:00:f4:7c:2b:9a:0e:
         8f:72:8b:0b:a7:76:3e:eb:e9:ee:99:21:4f:d9:42:2b:0a:8a:
         92:81:9a:0d:f5:2f:49:4c:18:55:1c:35:31:60:f3:10:67:70:
         d2:1b:a6:fc:f7:a8:6f:9f:9b:3a:09:5c:6e:e1:2d:0d:f2:08:
         95:15:75:e6:61:54:50:3b:de:fb:d6:9c:8b:6b:ee:cd:3e:45:
         9b:b2:7f:c6:e1:dd:94:c0:86:f0:b5:c5:40:8c:88:b4:61:c0:
         4b:26:03:4e:08:13:88:c8:9b:12:20:08:95:de:d7:3f:70:35:
         59:a0:db:3c:7e:be:06:a4:0a:3d:24:33:a6:59:79:35:d9:4e:
         c5:c3:97:65:64:cc:0e:6b:13:52:9e:66:3b:d8:db:93:69:f0:
         94:9b:00:ad:7e:a9:a3:da:49:6b:df:b3:9d:fa:ca:6a:a1:7b:
         75:4b:e8:09:a1:f7:9a:b1:99:42:07:a1:b5:e8:a4:35:bc:3e:
         54:d3:23:a7:38:58:1f:65:54:0c:18:33:3c:30:94:17:38:bd:
         fd:1b:56:a3:7c:10:5f:70:38:76:75:c3:9f:c5:fb:bc:d7:86:
         5b:db:49:38
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUU5vKwZ1Jpq0hBwz/0To7u5ZLApgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjAyMjgwNTQxMzNaFw0yNzAyMjcwNTQ2MzNaMDMxMTAvBgNV
BAMTKDkyODg1OUIwQjcwNDFCRkNEMUJFRjJCQ0QzRDRDOTc1ODk5NTYyMDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3BVw+WVP3qgAY3cs7At9iNxr2
48uA4apmsWqDvY5jOObsc9v+1DikDnYks6YTA+CtqSQVAvnR09QakI8Z4r+xegQ/
aHKj8IsZCzDBQCNV95TyDsF0pUH/g8FNpiveZsLHAV3WYeh/imn/8pp5bW80zkWe
Kgnqcw6lvFqJRJeZ9IPQPN/bBpPMdFWmYapoZPqAAsPFTiGQgQrqQeQ5aGXj5nes
QL6I1ffDAV/h+fx3yz5hT3dMN9rtI0qIDWjwlRMxdNyChDeUC9xmKPc5Hs1E4xKl
QsgbnmXuK2pTlC6fLQss2ps8eRxuKtFLPXwhr1HRChp06Dssscunu5oXputxAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUkohZsLcEG/zRvvK809TJdYmVYgQwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE0MDE2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQvN
MA0GCSqGSIb3DQEBCwUAA4IBAQCifmqZrgfIX+qXFqE0nffRFwB/5qsff/XQmLWv
buYA9Hwrmg6PcosLp3Y+6+numSFP2UIrCoqSgZoN9S9JTBhVHDUxYPMQZ3DSG6b8
96hvn5s6CVxu4S0N8giVFXXmYVRQO9771pyLa+7NPkWbsn/G4d2UwIbwtcVAjIi0
YcBLJgNOCBOIyJsSIAiV3tc/cDVZoNs8fr4GpAo9JDOmWXk12U7Fw5dlZMwOaxNS
nmY72NuTafCUmwCtfqmj2klr37Od+spqoXt1S+gJofeasZlCB6G16KQ1vD5U0yOn
OFgfZVQMGDM8MJQXOL39G1ajfBBfcDh2dcOfxfu814Zb20k4
-----END CERTIFICATE-----