Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214305.roa
File:                     AS214305.roa (raw, json)
Hash identifier:          r29AtTsk4/hNgAj/Sa1mGmCpRRMgSjcQ56tvDdpIioY=
Subject key identifier:   85:18:E1:C1:07:72:98:28:9D:E6:78:5F:0D:4F:B3:65:52:02:A6:5D
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       352F52E80B6F26028198AEE3D7B4E3C37D1BFE8D
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214305.roa
Signing time:             Fri 01 Aug 2025 00:02:53 +0000
ROA not before:           Thu 31 Jul 2025 23:57:53 +0000
ROA not after:            Fri 31 Jul 2026 00:02:53 +0000
asID:                     214305
IP address blocks:        46.203.180.0/24 maxlen: 24
                          91.124.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 11:52:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:2f:52:e8:0b:6f:26:02:81:98:ae:e3:d7:b4:e3:c3:7d:1b:fe:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jul 31 23:57:53 2025 GMT
            Not After : Jul 31 00:02:53 2026 GMT
        Subject: CN=8518E1C1077298289DE6785F0D4FB3655202A65D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:b2:81:66:5c:b6:9b:89:74:7c:86:9c:4a:8b:
                    85:9d:5e:0c:f9:77:5d:5c:21:84:9d:87:d8:05:d2:
                    53:70:1a:47:06:f1:38:1c:60:ea:dc:f7:8b:db:62:
                    3d:29:72:01:63:1e:54:37:cb:e6:89:03:1e:41:73:
                    5c:22:70:c8:90:ce:dc:4f:d2:82:92:c6:5f:95:54:
                    22:7f:ad:1f:50:47:33:7a:da:16:cb:33:c7:0e:e8:
                    df:5c:25:00:46:01:63:71:e8:c9:84:7e:e4:d4:c3:
                    e3:5d:b4:4b:10:29:2c:23:67:5e:88:cb:14:d5:ae:
                    59:84:d2:88:9e:0b:f2:23:7f:68:22:08:0f:f8:c6:
                    9b:69:86:48:41:7b:1c:12:31:12:10:64:61:6e:7c:
                    7c:58:6b:21:3f:ed:a8:bc:98:6a:8c:3b:66:76:16:
                    62:59:46:8e:05:47:ff:2e:4f:33:52:52:d9:b1:2e:
                    54:bf:95:66:90:4e:36:2b:a0:65:25:03:03:ae:f8:
                    1f:dc:b5:47:1b:1d:5b:99:c9:43:f5:4e:66:e5:49:
                    9e:9b:98:ed:47:2a:01:8a:e5:53:ee:0d:74:5f:1c:
                    0c:89:67:85:74:8b:a1:1b:40:3d:39:7f:3a:a6:f5:
                    19:82:d6:86:eb:dd:1e:9f:38:f4:10:5d:2d:9b:75:
                    6c:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:18:E1:C1:07:72:98:28:9D:E6:78:5F:0D:4F:B3:65:52:02:A6:5D
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214305.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.203.180.0/24
                  91.124.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:02:64:4e:f4:06:3a:57:fc:0f:81:52:e6:10:63:0a:da:ad:
         eb:33:c3:48:16:aa:b0:a6:cb:7d:bc:77:c4:d7:65:84:16:72:
         61:46:07:c6:7c:46:f9:6d:4f:08:41:bf:b7:40:fd:d7:6c:c1:
         dc:63:93:16:95:ea:74:d1:7d:80:89:ec:74:eb:98:9a:3f:c3:
         55:0f:c9:83:5b:1b:e8:97:25:77:68:a5:a9:7f:54:18:8a:72:
         71:99:30:f4:de:7d:6d:79:b4:a5:1f:99:e6:05:dc:bf:6b:c9:
         fd:da:fb:61:94:aa:69:65:94:0e:e0:f8:34:16:d6:f4:27:06:
         51:9a:ae:0f:ab:14:15:d0:7c:d1:4c:98:2c:6d:b7:8f:4f:b3:
         dc:68:0a:2e:64:90:47:00:17:c4:6e:ea:1c:a6:a0:2b:2e:22:
         fb:0d:43:0b:58:b6:bc:ee:94:4d:fd:e0:a5:8e:7a:5c:a9:fc:
         50:a8:c9:3f:96:37:7e:e9:fe:0b:1d:2b:cf:38:10:5f:fd:67:
         f7:9e:31:dd:92:22:60:40:e1:5c:a6:56:06:83:85:41:71:3f:
         b6:31:53:2f:5a:85:e6:a4:47:d0:53:8f:f2:fa:f7:62:62:fb:
         40:67:2f:bf:a9:e1:a3:89:3b:47:9c:a5:d1:4c:fd:fa:3e:0d:
         e5:f1:ed:9e
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUNS9S6AtvJgKBmK7j17Tjw30b/o0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA3MzEyMzU3NTNaFw0yNjA3MzEwMDAyNTNaMDMxMTAvBgNV
BAMTKDg1MThFMUMxMDc3Mjk4Mjg5REU2Nzg1RjBENEZCMzY1NTIwMkE2NUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfsoFmXLabiXR8hpxKi4WdXgz5
d11cIYSdh9gF0lNwGkcG8TgcYOrc94vbYj0pcgFjHlQ3y+aJAx5Bc1wicMiQztxP
0oKSxl+VVCJ/rR9QRzN62hbLM8cO6N9cJQBGAWNx6MmEfuTUw+NdtEsQKSwjZ16I
yxTVrlmE0oieC/Ijf2giCA/4xptphkhBexwSMRIQZGFufHxYayE/7ai8mGqMO2Z2
FmJZRo4FR/8uTzNSUtmxLlS/lWaQTjYroGUlAwOu+B/ctUcbHVuZyUP1TmblSZ6b
mO1HKgGK5VPuDXRfHAyJZ4V0i6EbQD05fzqm9RmC1obr3R6fOPQQXS2bdWxtAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUhRjhwQdymCid5nhfDU+zZVICpl0wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE0MzA1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALsu0
AwQAW3yqMA0GCSqGSIb3DQEBCwUAA4IBAQBHAmRO9AY6V/wPgVLmEGMK2q3rM8NI
Fqqwpst9vHfE12WEFnJhRgfGfEb5bU8IQb+3QP3XbMHcY5MWlep00X2Aiex065ia
P8NVD8mDWxvolyV3aKWpf1QYinJxmTD03n1tebSlH5nmBdy/a8n92vthlKppZZQO
4Pg0Ftb0JwZRmq4PqxQV0HzRTJgsbbePT7PcaAouZJBHABfEbuocpqArLiL7DUML
WLa87pRN/eCljnpcqfxQqMk/ljd+6f4LHSvPOBBf/Wf3njHdkiJgQOFcplYGg4VB
cT+2MVMvWoXmpEfQU4/y+vdiYvtAZy+/qeGjiTtHnKXRTP36Pg3l8e2e
-----END CERTIFICATE-----