Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS214026.roa
File:                     AS214026.roa (raw, json)
Hash identifier:          7l0HydtsdSRtIY3fun1tanDa65AzBvEw+R/aXasAsUo=
Subject key identifier:   29:B2:9C:F2:71:F1:F6:18:1C:25:BC:5C:09:31:BD:1C:0A:A3:F5:78
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       0BF8C7925C26D48336A2B6771321AFB485A53375
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS214026.roa
Signing time:             Tue 09 Jun 2026 13:33:27 +0000
ROA not before:           Tue 09 Jun 2026 13:28:27 +0000
ROA not after:            Tue 08 Jun 2027 13:33:27 +0000
asID:                     214026
IP address blocks:        141.11.150.0/23 maxlen: 24
                          141.11.234.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:f8:c7:92:5c:26:d4:83:36:a2:b6:77:13:21:af:b4:85:a5:33:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jun  9 13:28:27 2026 GMT
            Not After : Jun  8 13:33:27 2027 GMT
        Subject: CN=29B29CF271F1F6181C25BC5C0931BD1C0AA3F578
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:7b:dd:44:c0:b7:5a:9a:79:d8:86:7c:91:46:
                    47:7c:d8:31:70:fa:41:5a:15:ec:9b:1f:99:be:96:
                    2b:72:a1:38:46:aa:e1:f7:35:6f:5d:9b:72:42:5e:
                    a7:5a:18:a2:12:c4:d1:66:41:7b:8f:86:12:70:5e:
                    a7:82:a8:06:42:b9:1a:a6:a5:fa:ab:d1:82:58:45:
                    18:33:5a:fc:86:b4:ed:0a:84:84:11:2a:ec:f0:a0:
                    e3:86:1f:b5:75:a9:0f:cd:32:dc:97:28:6b:68:da:
                    c9:a4:dd:bf:40:09:af:42:4d:4f:51:95:e7:3a:72:
                    aa:cd:af:22:26:98:ed:86:fc:62:37:2a:9e:8c:dc:
                    04:58:60:59:8d:cb:4c:06:4f:4a:5c:0b:d0:3a:f3:
                    a2:a4:57:51:88:f7:d0:5b:bf:e0:15:36:1b:94:dd:
                    ac:79:56:ef:1f:5b:96:34:05:70:4a:65:b8:51:45:
                    f7:b8:47:cc:97:05:dd:eb:30:96:38:69:ca:93:cf:
                    97:27:ee:e2:8d:5e:33:aa:e2:2b:29:78:e3:f5:31:
                    9c:08:11:cc:c9:58:31:2c:af:b7:4b:3e:c8:79:02:
                    2e:2a:e7:3b:b6:98:63:16:11:a4:f7:f8:fc:80:57:
                    ed:4b:ff:cc:61:39:90:80:ff:13:e3:23:d3:ac:1b:
                    6c:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:B2:9C:F2:71:F1:F6:18:1C:25:BC:5C:09:31:BD:1C:0A:A3:F5:78
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS214026.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.150.0/23
                  141.11.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a2:02:42:84:5f:a7:80:dd:7d:f3:c8:e1:14:dc:a7:0a:b8:da:
         e9:63:ba:35:08:13:47:ff:86:c9:02:06:89:8a:46:89:5a:3b:
         c4:b0:3a:f8:06:96:3c:8b:01:7f:0b:c5:0c:85:4b:fa:94:6e:
         83:54:f9:2d:31:8f:b2:7a:89:8c:eb:bd:d7:1e:b0:d1:80:4c:
         ae:7b:c0:34:90:f6:b5:8d:c9:e7:51:ab:86:4c:8b:b5:3e:ec:
         d1:a4:bd:c8:43:88:cc:89:36:e3:cb:48:78:70:3f:0d:e8:88:
         03:53:e9:c6:cd:2c:c3:97:05:c1:5a:c5:d3:15:04:ce:ac:83:
         0e:65:74:a2:c3:a1:e9:f3:94:76:18:71:42:d2:b0:d7:05:43:
         fa:22:37:3e:38:09:30:c4:ba:e0:db:9d:39:58:3d:64:27:c4:
         69:60:17:c8:92:5d:35:9f:67:b4:04:03:13:6e:83:ec:9d:92:
         91:97:9b:d9:53:f8:36:a9:2e:ae:79:f5:b9:d8:ba:1a:ae:00:
         3a:a8:50:94:3e:e7:ea:73:ff:fd:74:54:b5:d5:67:a3:6c:db:
         b3:22:2f:ba:c6:59:0e:9c:a4:a5:42:b6:92:84:96:74:e5:66:
         30:81:69:52:15:8d:4f:f1:4a:09:90:af:81:57:05:86:a5:b5:
         35:32:35:70
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUC/jHklwm1IM2orZ3EyGvtIWlM3UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA2MDkxMzI4MjdaFw0yNzA2MDgxMzMzMjdaMDMxMTAvBgNV
BAMTKDI5QjI5Q0YyNzFGMUY2MTgxQzI1QkM1QzA5MzFCRDFDMEFBM0Y1NzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDee91EwLdamnnYhnyRRkd82DFw
+kFaFeybH5m+lityoThGquH3NW9dm3JCXqdaGKISxNFmQXuPhhJwXqeCqAZCuRqm
pfqr0YJYRRgzWvyGtO0KhIQRKuzwoOOGH7V1qQ/NMtyXKGto2smk3b9ACa9CTU9R
lec6cqrNryImmO2G/GI3Kp6M3ARYYFmNy0wGT0pcC9A686KkV1GI99Bbv+AVNhuU
3ax5Vu8fW5Y0BXBKZbhRRfe4R8yXBd3rMJY4acqTz5cn7uKNXjOq4ispeOP1MZwI
EczJWDEsr7dLPsh5Ai4q5zu2mGMWEaT3+PyAV+1L/8xhOZCA/xPjI9OsG2zVAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUKbKc8nHx9hgcJbxcCTG9HAqj9XgwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE0MDI2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBjQuW
AwQBjQvqMA0GCSqGSIb3DQEBCwUAA4IBAQCiAkKEX6eA3X3zyOEU3KcKuNrpY7o1
CBNH/4bJAgaJikaJWjvEsDr4BpY8iwF/C8UMhUv6lG6DVPktMY+yeomM673XHrDR
gEyue8A0kPa1jcnnUauGTIu1PuzRpL3IQ4jMiTbjy0h4cD8N6IgDU+nGzSzDlwXB
WsXTFQTOrIMOZXSiw6Hp85R2GHFC0rDXBUP6Ijc+OAkwxLrg2505WD1kJ8RpYBfI
kl01n2e0BAMTboPsnZKRl5vZU/g2qS6uefW52LoargA6qFCUPufqc//9dFS11Wej
bNuzIi+6xlkOnKSlQraShJZ05WYwgWlSFY1P8UoJkK+BVwWGpbU1MjVw
-----END CERTIFICATE-----