Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS214024.roa
File:                     AS214024.roa (raw, json)
Hash identifier:          q2tTKp3UiOJakhgD5XFwikKs9itzjoXp45UkJVa6E6c=
Subject key identifier:   78:DA:F7:7A:83:AD:12:B6:1A:0E:37:0F:AF:07:FA:BF:AE:2E:EC:09
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       10A3922B5B822E773835CFA74C89F02479F18DDE
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS214024.roa
Signing time:             Sun 27 Jul 2025 09:29:33 +0000
ROA not before:           Sun 27 Jul 2025 09:24:33 +0000
ROA not after:            Sun 26 Jul 2026 09:29:33 +0000
asID:                     214024
IP address blocks:        141.11.140.0/24 maxlen: 24
                          141.11.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 01:12:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:a3:92:2b:5b:82:2e:77:38:35:cf:a7:4c:89:f0:24:79:f1:8d:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jul 27 09:24:33 2025 GMT
            Not After : Jul 26 09:29:33 2026 GMT
        Subject: CN=78DAF77A83AD12B61A0E370FAF07FABFAE2EEC09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:6e:2a:1f:cf:90:91:fe:20:8f:d3:57:4c:05:
                    dd:99:e9:12:37:cf:01:7a:5f:c1:75:73:e0:04:55:
                    e3:d6:4e:71:ff:dd:f0:bc:20:c5:e9:c4:57:8e:b8:
                    22:c1:ad:5c:4d:f8:fb:89:33:3f:95:0e:c3:a5:e0:
                    78:6e:61:78:69:e4:28:f6:db:45:dd:52:a0:ae:d9:
                    06:26:98:7e:31:8e:58:28:7c:0a:25:3f:28:75:df:
                    79:07:3e:5b:4a:63:38:d2:73:28:27:c3:56:d5:ad:
                    3a:1d:c5:e0:08:ca:68:ad:2c:27:fd:32:cb:d8:6b:
                    fe:14:ac:a0:d5:c7:d2:87:b3:5f:12:13:01:8d:e8:
                    b2:ab:50:5e:aa:57:32:c1:b5:2c:ef:42:a6:01:15:
                    2b:3a:cf:c5:49:f4:f8:af:65:1d:5a:d1:c1:b9:be:
                    60:1b:04:fc:ea:5a:e9:55:b8:62:04:c4:82:dd:3f:
                    cf:11:28:59:08:2f:b8:81:02:fa:c6:b4:31:e8:db:
                    1d:ab:ae:56:07:89:8c:6c:3d:24:06:85:02:79:0c:
                    c0:6e:1d:7e:07:4b:17:ec:0f:98:ec:1c:40:f3:d5:
                    61:06:86:98:f6:ee:8e:52:72:ee:2a:b3:c8:a4:6c:
                    16:d5:c6:83:26:53:42:c8:ed:d2:03:ab:8f:70:16:
                    14:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:DA:F7:7A:83:AD:12:B6:1A:0E:37:0F:AF:07:FA:BF:AE:2E:EC:09
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS214024.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b9:d7:dd:fb:bc:55:48:35:b8:8a:87:91:a9:b4:cb:b0:8a:17:
         53:83:6e:2f:c0:8a:75:05:1e:c3:67:64:59:a6:1f:bb:b0:08:
         b2:38:7b:75:b1:2a:b1:44:bd:ac:99:46:b5:e1:61:2c:d9:1b:
         bb:ed:a3:12:9e:e1:3f:b2:ed:c0:75:11:03:cd:3f:46:0c:6b:
         d6:2d:47:be:d7:10:7d:1a:3e:39:33:d5:39:09:6c:16:ab:1a:
         fb:90:c2:40:f1:b6:46:6c:2a:1d:42:83:44:e5:0f:1b:d4:03:
         db:56:ed:0a:5a:84:9d:15:6e:5b:de:6d:42:61:6e:34:e2:86:
         cd:cd:e4:6a:70:e6:7f:60:20:9b:ee:70:a0:87:24:a6:a1:1f:
         bd:93:99:79:2c:cb:d1:ae:c6:37:0a:9a:66:70:cd:2b:f7:27:
         c6:e5:a3:14:41:8f:93:f3:08:87:00:f8:cb:3f:a9:ed:48:f9:
         8e:58:a1:d6:50:8f:3a:68:77:52:e7:69:75:e4:8a:cb:63:64:
         f5:8d:6c:ad:6b:94:41:0e:5c:e6:57:52:0a:4e:76:88:8d:f0:
         1a:09:02:65:13:10:85:33:b4:0b:00:a3:73:42:77:fe:31:ca:
         6b:dd:1a:d4:35:a0:a5:77:52:60:47:87:6d:69:8f:86:4e:56:
         2e:81:c2:23
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUEKOSK1uCLnc4Nc+nTInwJHnxjd4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA3MjcwOTI0MzNaFw0yNjA3MjYwOTI5MzNaMDMxMTAvBgNV
BAMTKDc4REFGNzdBODNBRDEyQjYxQTBFMzcwRkFGMDdGQUJGQUUyRUVDMDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2biofz5CR/iCP01dMBd2Z6RI3
zwF6X8F1c+AEVePWTnH/3fC8IMXpxFeOuCLBrVxN+PuJMz+VDsOl4HhuYXhp5Cj2
20XdUqCu2QYmmH4xjlgofAolPyh133kHPltKYzjScygnw1bVrTodxeAIymitLCf9
MsvYa/4UrKDVx9KHs18SEwGN6LKrUF6qVzLBtSzvQqYBFSs6z8VJ9PivZR1a0cG5
vmAbBPzqWulVuGIExILdP88RKFkIL7iBAvrGtDHo2x2rrlYHiYxsPSQGhQJ5DMBu
HX4HSxfsD5jsHEDz1WEGhpj27o5Scu4qs8ikbBbVxoMmU0LI7dIDq49wFhQ/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUeNr3eoOtErYaDjcPrwf6v64u7AkwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE0MDI0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjQuM
MA0GCSqGSIb3DQEBCwUAA4IBAQC51937vFVINbiKh5GptMuwihdTg24vwIp1BR7D
Z2RZph+7sAiyOHt1sSqxRL2smUa14WEs2Ru77aMSnuE/su3AdREDzT9GDGvWLUe+
1xB9Gj45M9U5CWwWqxr7kMJA8bZGbCodQoNE5Q8b1APbVu0KWoSdFW5b3m1CYW40
4obNzeRqcOZ/YCCb7nCghySmoR+9k5l5LMvRrsY3CppmcM0r9yfG5aMUQY+T8wiH
APjLP6ntSPmOWKHWUI86aHdS52l15IrLY2T1jWyta5RBDlzmV1IKTnaIjfAaCQJl
ExCFM7QLAKNzQnf+Mcpr3RrUNaCld1JgR4dtaY+GTlYugcIj
-----END CERTIFICATE-----