Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214803.roa
File:                     AS214803.roa (raw, json)
Hash identifier:          8lEWUISL4/ZI0WAZH6AVV7jAS0amTLoWseogzmixNtY=
Subject key identifier:   9F:F4:10:BB:65:F6:E4:76:23:37:62:5C:ED:C6:56:14:1E:98:12:9A
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       4E469DED24399F034DDF9A6F0A8BAE2F2BDBBBEF
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214803.roa
Signing time:             Mon 14 Jul 2025 12:25:29 +0000
ROA not before:           Mon 14 Jul 2025 12:20:29 +0000
ROA not after:            Mon 13 Jul 2026 12:25:29 +0000
asID:                     214803
IP address blocks:        146.103.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 13:47:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:46:9d:ed:24:39:9f:03:4d:df:9a:6f:0a:8b:ae:2f:2b:db:bb:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul 14 12:20:29 2025 GMT
            Not After : Jul 13 12:25:29 2026 GMT
        Subject: CN=9FF410BB65F6E4762337625CEDC656141E98129A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ef:1f:87:df:c7:8d:b3:d9:11:34:fe:de:a3:
                    83:41:d1:61:29:ea:67:dd:4e:23:6a:ae:05:a4:b9:
                    8b:b4:b5:4b:89:ff:b8:ac:51:e1:9d:86:d3:54:1f:
                    9a:3d:ee:a7:3c:46:f7:80:9d:04:b4:12:e3:68:35:
                    ae:b4:11:d5:8c:fe:d7:d4:3e:9f:3b:48:b1:1c:7d:
                    7f:61:e5:a9:0a:73:d6:4e:4f:42:c7:fd:1a:bd:a8:
                    80:bd:f3:7f:e5:e4:1b:e9:86:ea:ed:1d:6e:22:53:
                    cc:c9:66:1a:78:5c:86:10:c3:ce:94:36:fe:d5:fd:
                    27:bc:03:ca:b1:aa:e7:41:1d:31:8e:ab:b9:eb:96:
                    88:20:78:86:1b:12:2d:9e:40:6c:e1:71:73:a1:0a:
                    66:22:43:44:c5:90:df:7d:08:2e:f5:c9:90:49:cb:
                    fc:e8:cb:54:74:10:1c:ab:84:39:96:92:c3:52:96:
                    31:fa:0a:46:37:fe:b9:2b:c4:74:74:37:8a:bc:9d:
                    ca:ad:55:5c:2d:74:7a:c1:f8:c7:9f:19:b9:54:f4:
                    36:7b:6e:fc:ec:6d:6a:78:7a:fd:ef:61:b3:f7:21:
                    66:4a:6c:b2:7e:7b:d2:cb:7f:3f:87:f5:ce:c2:13:
                    f1:c5:7f:35:d5:ab:ec:57:b6:bd:1e:cc:5b:50:c2:
                    b1:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:F4:10:BB:65:F6:E4:76:23:37:62:5C:ED:C6:56:14:1E:98:12:9A
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214803.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:3d:28:12:2e:b6:5f:91:54:fe:ae:5a:36:c2:00:f5:f8:ab:
         5e:46:7b:e2:cd:af:66:da:dc:e6:eb:e8:7f:50:3e:6b:91:ab:
         84:c0:e4:9a:ad:16:60:48:94:f6:28:73:c2:88:87:55:38:34:
         2b:c0:61:73:d5:28:f7:a6:8f:8f:a0:38:66:dd:86:da:d3:a0:
         fa:c3:03:f7:44:ce:04:5a:03:17:b4:41:f4:e9:81:80:50:4f:
         77:51:7e:69:8b:65:12:0b:71:5c:0b:fd:60:6d:41:87:b0:37:
         86:80:ca:f2:99:24:b7:31:54:7f:ea:40:4f:f9:66:12:a0:4b:
         ed:03:dc:4f:02:d6:a0:14:35:13:4c:02:b6:40:4a:39:b2:fa:
         99:0d:37:f9:52:e9:3c:8f:52:27:ce:7f:1d:8b:09:6e:2c:45:
         dd:9b:7e:7e:69:e8:56:ee:a0:80:47:cd:dc:57:1d:23:c1:ef:
         2b:01:f8:d0:ac:f8:d1:f3:8a:d6:38:9e:d5:3b:61:5f:ca:cf:
         4f:3b:54:26:60:bf:4d:71:ac:3c:b6:14:28:9b:4a:e2:7f:2f:
         2a:a8:3b:a9:80:65:b9:3d:55:8c:9d:dd:61:18:6c:a0:f7:86:
         e5:a4:f9:f0:b2:62:18:30:99:1f:c8:b2:2d:57:ba:c8:5a:21:
         cc:db:48:cb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUTkad7SQ5nwNN35pvCouuLyvbu+8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA3MTQxMjIwMjlaFw0yNjA3MTMxMjI1MjlaMDMxMTAvBgNV
BAMTKDlGRjQxMEJCNjVGNkU0NzYyMzM3NjI1Q0VEQzY1NjE0MUU5ODEyOUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/7x+H38eNs9kRNP7eo4NB0WEp
6mfdTiNqrgWkuYu0tUuJ/7isUeGdhtNUH5o97qc8RveAnQS0EuNoNa60EdWM/tfU
Pp87SLEcfX9h5akKc9ZOT0LH/Rq9qIC983/l5BvphurtHW4iU8zJZhp4XIYQw86U
Nv7V/Se8A8qxqudBHTGOq7nrloggeIYbEi2eQGzhcXOhCmYiQ0TFkN99CC71yZBJ
y/zoy1R0EByrhDmWksNSljH6CkY3/rkrxHR0N4q8ncqtVVwtdHrB+MefGblU9DZ7
bvzsbWp4ev3vYbP3IWZKbLJ+e9LLfz+H9c7CE/HFfzXVq+xXtr0ezFtQwrEdAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUn/QQu2X25HYjN2Jc7cZWFB6YEpowHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE0ODAzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkmcY
MA0GCSqGSIb3DQEBCwUAA4IBAQBDPSgSLrZfkVT+rlo2wgD1+KteRnviza9m2tzm
6+h/UD5rkauEwOSarRZgSJT2KHPCiIdVODQrwGFz1Sj3po+PoDhm3Yba06D6wwP3
RM4EWgMXtEH06YGAUE93UX5pi2USC3FcC/1gbUGHsDeGgMrymSS3MVR/6kBP+WYS
oEvtA9xPAtagFDUTTAK2QEo5svqZDTf5Uuk8j1Inzn8diwluLEXdm35+aehW7qCA
R83cVx0jwe8rAfjQrPjR84rWOJ7VO2Ffys9PO1QmYL9Ncaw8thQom0rify8qqDup
gGW5PVWMnd1hGGyg94blpPnwsmIYMJkfyLItV7rIWiHM20jL
-----END CERTIFICATE-----