Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214654.roa
File:                     AS214654.roa (raw, json)
Hash identifier:          Ox84lXXEwoPonkCMhujaQoo0RXkPbSZyhtvaJCoVXUY=
Subject key identifier:   8F:DC:7E:A8:6F:3D:85:38:8F:DF:54:99:48:CC:2C:19:FA:8A:24:65
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       126F853903A2D9F518C571CAE71B2C3EC7974597
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214654.roa
Signing time:             Thu 17 Jul 2025 16:35:39 +0000
ROA not before:           Thu 17 Jul 2025 16:30:39 +0000
ROA not after:            Thu 16 Jul 2026 16:35:39 +0000
asID:                     214654
IP address blocks:        143.14.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 14:17:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:6f:85:39:03:a2:d9:f5:18:c5:71:ca:e7:1b:2c:3e:c7:97:45:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul 17 16:30:39 2025 GMT
            Not After : Jul 16 16:35:39 2026 GMT
        Subject: CN=8FDC7EA86F3D85388FDF549948CC2C19FA8A2465
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:b3:99:31:5b:9b:ab:a5:af:1d:a8:d4:e2:2a:
                    b4:9c:fc:39:6b:ad:93:ec:ff:cd:b1:c3:07:7c:66:
                    4c:31:9b:d0:41:4e:76:73:2f:a4:80:bd:34:e0:77:
                    a2:6b:8e:fa:5f:9a:29:4f:19:08:85:98:c2:5e:1f:
                    de:c0:3e:6e:15:c5:78:a5:cb:02:b5:14:df:b6:40:
                    89:a9:a6:a7:18:9e:5a:19:c0:cc:f8:13:79:19:ad:
                    5c:3c:85:38:28:c1:b6:0f:14:05:fc:e8:f7:78:13:
                    eb:03:e4:ca:9c:0c:9e:85:af:43:c0:dc:32:30:29:
                    1d:f2:8f:fd:5c:02:26:04:38:8d:12:b0:8f:2a:e8:
                    6a:f6:b4:5c:98:c5:c5:b8:3d:f9:ee:1e:c3:d9:e9:
                    62:c1:fa:50:3c:88:04:ff:bb:39:ae:19:0e:69:17:
                    1c:d8:23:9b:dd:09:93:7f:b8:eb:de:61:e3:2e:6a:
                    cf:0c:15:54:e3:66:02:74:2d:84:ea:54:b6:c5:7c:
                    09:6c:b2:b1:e1:d1:3e:ec:74:e9:bd:2f:bd:d8:d2:
                    61:d1:76:b3:02:5f:c8:fb:dd:04:e4:15:6b:27:51:
                    25:dc:03:89:b8:56:6f:93:43:fc:d7:b4:c4:82:a5:
                    7d:3c:dd:be:5a:ae:65:81:3e:bf:ff:70:11:44:cb:
                    24:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:DC:7E:A8:6F:3D:85:38:8F:DF:54:99:48:CC:2C:19:FA:8A:24:65
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214654.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:18:04:09:73:45:ea:e9:25:82:1c:1c:e4:e4:db:2d:17:2b:
         f6:88:5e:53:c2:ea:18:5a:a8:7c:20:e0:2d:67:63:11:80:3c:
         07:5e:33:20:7b:34:e2:01:2e:55:7b:b0:8b:1c:e6:a3:1c:fb:
         47:37:82:35:92:b6:2e:61:ee:c4:bf:21:3e:2f:39:83:e4:c9:
         da:f0:68:62:2f:98:60:94:7e:d5:f1:ad:ba:10:40:9a:05:a1:
         c4:48:2d:57:c5:7b:c8:99:62:3d:d4:21:6f:03:4f:3c:1f:f9:
         86:26:54:b2:32:c1:9e:db:2a:83:f3:d0:dd:b9:72:43:8f:75:
         c6:36:64:b8:4a:1e:ec:cf:da:b8:0e:ac:17:b0:e8:1b:b5:36:
         a5:d5:5e:f2:76:3c:65:c5:9b:f3:f9:31:3c:37:fc:91:e5:3a:
         2e:11:9d:0e:ac:74:ea:76:b9:d7:dd:95:3f:b0:cc:8b:ee:5f:
         02:de:5a:1e:fb:cd:7e:72:2d:0d:b3:7e:16:dc:ea:4a:8e:0c:
         0c:b1:e7:fe:d3:17:40:a1:34:a9:b4:57:97:35:82:ea:42:45:
         13:16:54:fd:48:34:0c:41:8a:c2:c6:e1:64:ed:48:92:99:de:
         f5:30:25:7d:d5:96:f0:69:ca:8d:fb:1c:49:5f:64:d1:83:4d:
         2a:46:d7:3c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUEm+FOQOi2fUYxXHK5xssPseXRZcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA3MTcxNjMwMzlaFw0yNjA3MTYxNjM1MzlaMDMxMTAvBgNV
BAMTKDhGREM3RUE4NkYzRDg1Mzg4RkRGNTQ5OTQ4Q0MyQzE5RkE4QTI0NjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5s5kxW5urpa8dqNTiKrSc/Dlr
rZPs/82xwwd8Zkwxm9BBTnZzL6SAvTTgd6JrjvpfmilPGQiFmMJeH97APm4VxXil
ywK1FN+2QImppqcYnloZwMz4E3kZrVw8hTgowbYPFAX86Pd4E+sD5MqcDJ6Fr0PA
3DIwKR3yj/1cAiYEOI0SsI8q6Gr2tFyYxcW4PfnuHsPZ6WLB+lA8iAT/uzmuGQ5p
FxzYI5vdCZN/uOveYeMuas8MFVTjZgJ0LYTqVLbFfAlssrHh0T7sdOm9L73Y0mHR
drMCX8j73QTkFWsnUSXcA4m4Vm+TQ/zXtMSCpX083b5armWBPr//cBFEyyQxAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUj9x+qG89hTiP31SZSMwsGfqKJGUwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE0NjU0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjw4B
MA0GCSqGSIb3DQEBCwUAA4IBAQB3GAQJc0Xq6SWCHBzk5NstFyv2iF5TwuoYWqh8
IOAtZ2MRgDwHXjMgezTiAS5Ve7CLHOajHPtHN4I1krYuYe7EvyE+LzmD5Mna8Ghi
L5hglH7V8a26EECaBaHESC1XxXvImWI91CFvA088H/mGJlSyMsGe2yqD89DduXJD
j3XGNmS4Sh7sz9q4DqwXsOgbtTal1V7ydjxlxZvz+TE8N/yR5TouEZ0OrHTqdrnX
3ZU/sMyL7l8C3loe+81+ci0Ns34W3OpKjgwMsef+0xdAoTSptFeXNYLqQkUTFlT9
SDQMQYrCxuFk7UiSmd71MCV91ZbwacqN+xxJX2TRg00qRtc8
-----END CERTIFICATE-----