Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS214838.roa
File:                     AS214838.roa (raw, json)
Hash identifier:          10AL/pDrivaEyFUW/VXTgdjLzLsKujvCmFZXpz+qYrU=
Subject key identifier:   C8:CE:08:E3:AB:04:3F:3C:20:86:EC:A2:8C:80:07:EB:8F:68:01:35
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       29DF3A6B39C93AD29B2271DE8242ACFD9A9B2C51
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS214838.roa
Signing time:             Wed 28 Jan 2026 17:55:36 +0000
ROA not before:           Wed 28 Jan 2026 17:50:36 +0000
ROA not after:            Wed 27 Jan 2027 17:55:36 +0000
asID:                     214838
IP address blocks:        141.11.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:df:3a:6b:39:c9:3a:d2:9b:22:71:de:82:42:ac:fd:9a:9b:2c:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jan 28 17:50:36 2026 GMT
            Not After : Jan 27 17:55:36 2027 GMT
        Subject: CN=C8CE08E3AB043F3C2086ECA28C8007EB8F680135
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:01:28:d4:7c:3b:c0:cc:17:c1:80:3d:97:67:
                    25:bd:9f:a8:48:77:71:15:ee:eb:ee:db:8f:e9:12:
                    35:0f:86:9c:93:3e:ab:ca:f9:21:c7:a3:d6:e0:18:
                    d8:24:1e:32:f9:eb:24:7c:a6:ef:ee:56:2b:a6:f4:
                    e1:7b:86:79:c7:3e:67:41:87:66:bb:02:fc:79:02:
                    14:00:65:5f:3f:c6:1e:5e:d5:cc:7e:de:6b:46:be:
                    ff:0d:19:f9:d0:22:e5:4e:60:b5:a3:ac:08:8c:a0:
                    28:0f:23:52:42:c2:fa:ed:aa:2d:f6:0c:93:a5:41:
                    aa:50:39:2f:3e:b7:3d:fc:4a:9e:a5:42:25:dd:84:
                    b8:37:63:6f:35:6e:e9:e1:86:c6:d3:74:f9:bd:ff:
                    a0:7b:bf:01:58:df:18:c4:a9:d6:a0:28:14:ea:f4:
                    92:e4:5f:53:a6:45:2c:98:f4:7c:45:23:78:d8:2b:
                    af:34:97:da:37:ef:5f:20:ca:41:73:1f:f9:48:3d:
                    26:57:ca:e3:2e:e8:2f:43:03:8b:04:64:09:af:57:
                    d9:bc:3a:a3:b1:b8:cb:25:c0:80:20:19:1d:31:54:
                    2b:ca:d1:e1:e2:91:0e:c3:3a:ca:ef:a1:8e:4d:6f:
                    b4:ec:db:17:8f:2e:fb:24:5c:ef:46:18:18:53:5f:
                    aa:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:CE:08:E3:AB:04:3F:3C:20:86:EC:A2:8C:80:07:EB:8F:68:01:35
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS214838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:86:a4:ce:a7:e1:3b:3f:23:30:e8:ae:94:6e:67:88:96:dd:
         4c:ed:11:36:a8:6c:30:22:5a:5b:dd:85:d8:91:80:86:77:b4:
         bb:c4:d9:59:ae:0b:2e:37:aa:90:04:6d:b2:62:5f:39:ac:48:
         d7:7c:09:e8:c0:bb:ef:1d:40:9c:a8:f0:21:6a:64:8c:c0:f9:
         44:05:52:3b:b1:ec:35:90:29:9b:83:5e:b7:ab:c7:2d:3b:f2:
         d7:5e:cb:bf:6e:89:da:d1:70:6a:b5:29:74:cb:22:d5:3f:44:
         37:2f:70:e0:1a:d3:c8:49:06:df:64:c9:e8:df:e0:c5:e1:37:
         da:df:2a:5b:0e:3f:91:62:19:f4:7f:da:d8:c3:3c:44:de:c2:
         21:7c:76:a1:29:3f:6a:3e:4a:29:79:7d:b2:32:ac:2b:b8:e6:
         7e:f8:28:37:e2:c2:b7:8e:e5:c6:4a:dd:73:9c:0f:da:77:14:
         15:82:c2:65:3b:d5:92:b3:d5:59:59:02:00:22:92:9b:fd:9e:
         ba:f7:c1:2f:4e:df:6f:29:92:5f:fd:97:b9:0a:c4:0a:91:8f:
         b2:fc:4c:79:b0:bb:97:3a:ce:64:09:b6:27:ca:a0:ab:e0:8b:
         2e:7f:75:69:63:44:3e:63:21:a0:4f:e7:70:19:bd:98:ab:1d:
         f9:0d:17:a5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUKd86aznJOtKbInHegkKs/ZqbLFEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjAxMjgxNzUwMzZaFw0yNzAxMjcxNzU1MzZaMDMxMTAvBgNV
BAMTKEM4Q0UwOEUzQUIwNDNGM0MyMDg2RUNBMjhDODAwN0VCOEY2ODAxMzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8ASjUfDvAzBfBgD2XZyW9n6hI
d3EV7uvu24/pEjUPhpyTPqvK+SHHo9bgGNgkHjL56yR8pu/uVium9OF7hnnHPmdB
h2a7Avx5AhQAZV8/xh5e1cx+3mtGvv8NGfnQIuVOYLWjrAiMoCgPI1JCwvrtqi32
DJOlQapQOS8+tz38Sp6lQiXdhLg3Y281bunhhsbTdPm9/6B7vwFY3xjEqdagKBTq
9JLkX1OmRSyY9HxFI3jYK680l9o3718gykFzH/lIPSZXyuMu6C9DA4sEZAmvV9m8
OqOxuMslwIAgGR0xVCvK0eHikQ7DOsrvoY5Nb7Ts2xePLvskXO9GGBhTX6oTAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUyM4I46sEPzwghuyijIAH649oATUwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE0ODM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQub
MA0GCSqGSIb3DQEBCwUAA4IBAQAlhqTOp+E7PyMw6K6UbmeIlt1M7RE2qGwwIlpb
3YXYkYCGd7S7xNlZrgsuN6qQBG2yYl85rEjXfAnowLvvHUCcqPAhamSMwPlEBVI7
sew1kCmbg163q8ctO/LXXsu/bona0XBqtSl0yyLVP0Q3L3DgGtPISQbfZMno3+DF
4Tfa3ypbDj+RYhn0f9rYwzxE3sIhfHahKT9qPkopeX2yMqwruOZ++Cg34sK3juXG
St1znA/adxQVgsJlO9WSs9VZWQIAIpKb/Z6698EvTt9vKZJf/Ze5CsQKkY+y/Ex5
sLuXOs5kCbYnyqCr4Isuf3VpY0Q+YyGgT+dwGb2Yqx35DRel
-----END CERTIFICATE-----