Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214305.roa
File:                     AS214305.roa (raw, json)
Hash identifier:          UHorwEdctjZJhpHoe1uVf/HA3PxdIp+Q6s1hv2jFZMc=
Subject key identifier:   3F:10:96:41:5B:F3:18:B7:BA:06:06:FC:A9:1F:31:C5:27:B9:F0:91
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       4961675ED3924E2CBD6F1BCB00DABD7841C327B9
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214305.roa
Signing time:             Tue 15 Apr 2025 18:18:32 +0000
ROA not before:           Tue 15 Apr 2025 18:13:32 +0000
ROA not after:            Tue 14 Apr 2026 18:18:32 +0000
asID:                     214305
IP address blocks:        46.203.180.0/24 maxlen: 24
                          91.124.170.0/24 maxlen: 24
                          91.124.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:18:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:61:67:5e:d3:92:4e:2c:bd:6f:1b:cb:00:da:bd:78:41:c3:27:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Apr 15 18:13:32 2025 GMT
            Not After : Apr 14 18:18:32 2026 GMT
        Subject: CN=3F1096415BF318B7BA0606FCA91F31C527B9F091
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:47:b6:0b:7f:3c:b0:14:46:49:15:ed:57:45:
                    32:5e:80:04:5c:d0:38:7d:9f:1f:61:c8:b5:b0:6f:
                    ac:99:cd:1c:51:6b:25:dd:c1:08:65:d1:be:e4:cb:
                    40:f2:76:bf:a9:3c:a3:0b:ff:8e:81:86:8a:2d:a8:
                    28:26:4a:5e:49:58:6e:44:7a:b2:77:67:18:df:ea:
                    c1:21:00:b1:39:1f:3a:52:a5:b3:27:80:be:c4:96:
                    94:1e:d6:cd:03:04:0e:a0:ad:69:5d:65:69:93:dc:
                    cd:01:29:02:9a:77:8b:c6:af:22:97:a4:2f:b8:69:
                    ba:1f:29:5e:42:40:7f:dd:0c:be:18:ab:b7:87:9a:
                    35:0d:63:06:4a:3f:3d:c1:45:9f:ae:5e:92:43:e9:
                    1c:6a:78:84:be:da:e1:b8:f4:48:7f:80:f2:f1:f9:
                    a6:65:5f:da:57:11:6a:6f:1b:51:72:92:f9:b5:93:
                    8b:f6:b6:71:6e:f9:89:97:d9:f4:41:7b:92:98:53:
                    55:9f:22:1b:81:1f:fd:0b:30:68:86:30:3e:22:48:
                    24:50:b5:11:d8:09:6f:ac:3e:53:ff:a6:72:c7:20:
                    2b:ab:82:7e:94:35:28:c6:b7:2d:44:04:99:02:81:
                    69:5a:04:4e:c8:8e:c1:ac:dc:94:11:71:0c:b1:39:
                    c5:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:10:96:41:5B:F3:18:B7:BA:06:06:FC:A9:1F:31:C5:27:B9:F0:91
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214305.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.203.180.0/24
                  91.124.170.0/24
                  91.124.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:6d:92:de:81:52:43:17:3c:39:58:39:d9:eb:12:e4:c9:1d:
         59:5d:a5:d4:bd:fd:2d:ec:53:81:df:fe:f6:e9:32:e9:c3:a4:
         f0:29:ae:9c:83:86:e4:24:e5:4a:d7:a2:a7:67:f7:92:f2:5e:
         8e:ed:28:45:61:17:19:c0:9c:8d:a5:70:63:f5:e6:b0:ee:04:
         8b:2e:26:0f:45:ef:3b:aa:1c:11:13:da:29:22:22:a3:d0:73:
         d5:9a:08:b3:b2:2c:a0:84:12:ae:09:a3:b0:54:21:ac:de:a9:
         52:c4:46:12:6e:d1:96:29:9f:7b:2d:bd:76:51:25:aa:ad:5d:
         31:2a:d9:fb:e5:41:27:f0:e7:88:e2:ec:09:bb:f6:76:89:c1:
         f3:cc:13:bd:b9:b2:aa:10:26:5d:15:35:70:ce:f3:80:b2:be:
         89:88:73:87:9d:98:85:f5:f3:9d:6b:19:d9:0d:61:33:a2:a6:
         e7:83:ba:ed:70:03:66:d2:e8:dc:de:94:97:68:f1:bf:30:fa:
         ec:87:26:1d:b1:ec:ca:57:a7:04:29:2d:a5:f8:c8:1f:60:48:
         97:2f:a7:27:73:b9:c6:27:77:65:e0:12:10:fb:c2:2d:b2:87:
         7f:a4:44:a5:ea:eb:ae:95:3a:98:12:01:73:07:bb:d5:4c:6f:
         43:86:fa:cd
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUSWFnXtOSTiy9bxvLANq9eEHDJ7kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA0MTUxODEzMzJaFw0yNjA0MTQxODE4MzJaMDMxMTAvBgNV
BAMTKDNGMTA5NjQxNUJGMzE4QjdCQTA2MDZGQ0E5MUYzMUM1MjdCOUYwOTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcR7YLfzywFEZJFe1XRTJegARc
0Dh9nx9hyLWwb6yZzRxRayXdwQhl0b7ky0Dydr+pPKML/46BhootqCgmSl5JWG5E
erJ3Zxjf6sEhALE5HzpSpbMngL7ElpQe1s0DBA6grWldZWmT3M0BKQKad4vGryKX
pC+4abofKV5CQH/dDL4Yq7eHmjUNYwZKPz3BRZ+uXpJD6RxqeIS+2uG49Eh/gPLx
+aZlX9pXEWpvG1Fykvm1k4v2tnFu+YmX2fRBe5KYU1WfIhuBH/0LMGiGMD4iSCRQ
tRHYCW+sPlP/pnLHICurgn6UNSjGty1EBJkCgWlaBE7IjsGs3JQRcQyxOcXjAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUPxCWQVvzGLe6Bgb8qR8xxSe58JEwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE0MzA1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALsu0
AwQAW3yqAwQAW3zuMA0GCSqGSIb3DQEBCwUAA4IBAQA8bZLegVJDFzw5WDnZ6xLk
yR1ZXaXUvf0t7FOB3/726TLpw6TwKa6cg4bkJOVK16KnZ/eS8l6O7ShFYRcZwJyN
pXBj9eaw7gSLLiYPRe87qhwRE9opIiKj0HPVmgizsiyghBKuCaOwVCGs3qlSxEYS
btGWKZ97Lb12USWqrV0xKtn75UEn8OeI4uwJu/Z2icHzzBO9ubKqECZdFTVwzvOA
sr6JiHOHnZiF9fOdaxnZDWEzoqbng7rtcANm0ujc3pSXaPG/MPrshyYdsezKV6cE
KS2l+MgfYEiXL6cnc7nGJ3dl4BIQ+8Itsod/pESl6uuulTqYEgFzB7vVTG9DhvrN
-----END CERTIFICATE-----