Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS2914.roa
File:                     AS2914.roa (raw, json)
Hash identifier:          hYB9WSuKfZfGSfWT5keIuhAelfhgBozR1daK1Huaf20=
Subject key identifier:   75:B9:EC:06:49:DB:BD:1D:88:3C:6A:73:FF:BA:4C:83:DA:72:A5:13
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       6E1185B18FFF0782F9A5DFF23AC60DEA04E22737
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS2914.roa
Signing time:             Tue 28 Oct 2025 00:04:52 +0000
ROA not before:           Mon 27 Oct 2025 23:59:52 +0000
ROA not after:            Tue 27 Oct 2026 00:04:52 +0000
asID:                     2914
IP address blocks:        141.11.39.0/24 maxlen: 24
                          141.11.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 15:28:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:11:85:b1:8f:ff:07:82:f9:a5:df:f2:3a:c6:0d:ea:04:e2:27:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct 27 23:59:52 2025 GMT
            Not After : Oct 27 00:04:52 2026 GMT
        Subject: CN=75B9EC0649DBBD1D883C6A73FFBA4C83DA72A513
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:9b:d9:0a:68:47:77:2a:af:7c:8d:d2:28:d3:
                    82:99:3c:89:78:7e:c8:6d:93:15:10:f0:6d:e9:82:
                    89:0a:19:59:28:0a:4c:ec:c7:95:62:cc:1c:6b:a4:
                    a0:3d:b3:6e:49:8e:53:b1:d8:cb:21:92:b9:af:65:
                    68:65:0f:70:a9:d9:b6:ae:30:8d:d6:3a:73:f2:61:
                    0c:bf:f3:3c:6a:fe:d0:fd:1d:93:1f:e5:19:89:08:
                    ac:2d:f3:d6:5f:b2:27:8d:7a:8d:4d:f3:f3:01:53:
                    a0:c2:ef:53:7a:ce:d7:8d:23:bb:e1:a8:14:93:66:
                    40:eb:43:0d:cd:30:8e:0e:26:31:fb:8d:85:97:2d:
                    f6:78:88:66:cc:fc:ea:50:fb:e2:3f:9f:a1:df:e8:
                    93:31:60:39:8b:da:81:da:2f:f8:ec:5d:73:2e:8d:
                    0b:8b:65:eb:7e:cd:da:b1:cf:79:c3:85:a7:70:56:
                    d7:79:0f:c3:59:c4:d1:f0:79:37:6b:3e:1e:9b:0a:
                    d0:ce:35:cd:a1:84:df:07:20:0b:fa:8b:d4:b7:88:
                    78:b0:8e:b1:e8:5e:89:d2:c7:1c:56:d5:5c:5a:1d:
                    4c:37:ab:98:56:c2:da:8c:39:78:1b:4b:fa:cd:4f:
                    d8:85:28:27:86:75:d6:1d:c6:29:9e:40:db:56:76:
                    00:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:B9:EC:06:49:DB:BD:1D:88:3C:6A:73:FF:BA:4C:83:DA:72:A5:13
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS2914.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.39.0/24
                  141.11.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:6d:90:ec:24:a1:f3:a9:57:91:62:38:e0:52:81:39:c9:7d:
         11:df:56:15:9e:fc:f6:34:ce:6f:2c:48:3d:38:fe:9d:11:18:
         50:3c:e9:ca:63:56:65:f2:ff:b3:77:90:1e:c1:94:01:62:37:
         3f:ac:bf:88:1b:af:b1:88:4d:94:53:95:62:6b:41:31:41:08:
         c0:ea:56:76:17:71:e9:56:7c:17:de:41:86:d9:fa:21:2d:e4:
         7a:96:57:6c:68:14:e6:23:62:ae:45:55:0f:0b:8b:87:2d:81:
         c6:f9:98:6f:44:d4:90:f9:26:24:63:2f:ed:6b:cc:e3:f8:3a:
         fb:b1:ed:f1:9f:46:e1:c3:c6:b5:88:46:41:0a:78:5e:91:9a:
         e7:9e:32:86:57:bf:69:44:cd:e6:ae:b8:f9:6a:c1:6f:92:74:
         60:98:90:9e:f0:01:59:0b:ce:65:61:3e:7a:e6:40:af:71:38:
         49:b8:6f:d9:4a:65:b1:8e:96:70:a5:b4:45:b7:1e:b8:74:89:
         60:02:ba:bc:f8:df:11:56:a6:c5:84:c0:c8:2f:92:37:6e:33:
         98:69:b7:2b:5f:3f:8b:1b:de:9b:01:1d:b4:05:64:24:29:94:
         eb:07:da:4e:02:5e:47:81:b5:75:53:de:1a:d5:45:bd:3f:6f:
         f7:17:25:fd
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIUbhGFsY//B4L5pd/yOsYN6gTiJzcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTEwMjcyMzU5NTJaFw0yNjEwMjcwMDA0NTJaMDMxMTAvBgNV
BAMTKDc1QjlFQzA2NDlEQkJEMUQ4ODNDNkE3M0ZGQkE0QzgzREE3MkE1MTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZm9kKaEd3Kq98jdIo04KZPIl4
fshtkxUQ8G3pgokKGVkoCkzsx5VizBxrpKA9s25JjlOx2MshkrmvZWhlD3Cp2bau
MI3WOnPyYQy/8zxq/tD9HZMf5RmJCKwt89ZfsieNeo1N8/MBU6DC71N6zteNI7vh
qBSTZkDrQw3NMI4OJjH7jYWXLfZ4iGbM/OpQ++I/n6Hf6JMxYDmL2oHaL/jsXXMu
jQuLZet+zdqxz3nDhadwVtd5D8NZxNHweTdrPh6bCtDONc2hhN8HIAv6i9S3iHiw
jrHoXonSxxxW1VxaHUw3q5hWwtqMOXgbS/rNT9iFKCeGddYdximeQNtWdgBvAgMB
AAGjggIOMIICCjAdBgNVHQ4EFgQUdbnsBknbvR2IPGpz/7pMg9pypRMwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjkxNC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAI0LJwME
AI0LtDANBgkqhkiG9w0BAQsFAAOCAQEARW2Q7CSh86lXkWI44FKBOcl9Ed9WFZ78
9jTObyxIPTj+nREYUDzpymNWZfL/s3eQHsGUAWI3P6y/iBuvsYhNlFOVYmtBMUEI
wOpWdhdx6VZ8F95Bhtn6IS3kepZXbGgU5iNirkVVDwuLhy2BxvmYb0TUkPkmJGMv
7WvM4/g6+7Ht8Z9G4cPGtYhGQQp4XpGa554yhle/aUTN5q64+WrBb5J0YJiQnvAB
WQvOZWE+euZAr3E4Sbhv2UplsY6WcKW0RbceuHSJYAK6vPjfEVamxYTAyC+SN24z
mGm3K18/ixvemwEdtAVkJCmU6wfaTgJeR4G1dVPeGtVFvT9v9xcl/Q==
-----END CERTIFICATE-----