Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214648.roa
File:                     AS214648.roa (raw, json)
Hash identifier:          RcELG74BEFCaUv9hgW+8zssyLw9VDZE+Qw/Ese2aJyI=
Subject key identifier:   07:70:B5:F9:9C:80:39:FC:43:7E:5D:B9:E9:8A:CC:67:2F:91:0B:46
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       1ABA91BC083F7DF76907967BB7AE76396D99981A
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214648.roa
Signing time:             Sun 13 Jul 2025 05:18:18 +0000
ROA not before:           Sun 13 Jul 2025 05:13:18 +0000
ROA not after:            Sun 12 Jul 2026 05:18:18 +0000
asID:                     214648
IP address blocks:        143.20.228.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 11:24:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:ba:91:bc:08:3f:7d:f7:69:07:96:7b:b7:ae:76:39:6d:99:98:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 13 05:13:18 2025 GMT
            Not After : Jul 12 05:18:18 2026 GMT
        Subject: CN=0770B5F99C8039FC437E5DB9E98ACC672F910B46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:09:7f:f5:ba:dd:f7:e3:9c:74:64:29:bb:d2:
                    cf:e0:13:66:9b:41:30:40:c6:1d:4b:0b:15:f5:d9:
                    50:de:de:c1:50:a0:26:d1:14:5b:eb:9e:ca:dc:d0:
                    c0:98:30:83:f3:2e:cf:e3:77:7a:01:d6:30:da:b2:
                    71:3d:5b:31:7e:aa:97:1e:f0:cd:1a:ff:23:9f:cf:
                    4b:33:32:8a:1a:62:28:68:db:5c:05:1c:30:96:1f:
                    24:45:96:67:78:9c:e3:28:81:48:bc:08:a6:37:5e:
                    d0:93:49:e7:7d:89:4c:0d:e8:5a:03:03:85:a8:bc:
                    3b:f7:6f:d5:65:26:39:bd:d0:e0:ec:9d:14:32:eb:
                    ea:82:ef:b4:78:01:fd:42:5d:ce:16:f5:59:40:a8:
                    cb:33:ba:06:a8:09:ff:8a:3c:9e:77:0c:e0:b4:cb:
                    e0:e0:0b:97:50:80:17:51:62:9e:94:83:dc:2b:46:
                    08:e7:8e:33:05:2b:36:c2:e9:09:23:62:43:72:cd:
                    d2:b8:f0:d1:dd:6b:cd:8b:75:7f:a9:57:14:7a:74:
                    e1:dd:e3:68:a8:57:0d:5b:90:66:0e:f3:7d:10:e0:
                    95:90:ba:92:3c:e8:0b:1f:53:0c:90:5c:e0:21:92:
                    a8:e7:be:36:0d:f0:ff:c0:74:2d:20:ea:b6:37:12:
                    77:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:70:B5:F9:9C:80:39:FC:43:7E:5D:B9:E9:8A:CC:67:2F:91:0B:46
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214648.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         13:20:de:83:a0:32:b5:37:0f:0c:94:f1:45:8b:c5:a4:74:1f:
         84:32:4a:83:fb:23:67:3b:c8:7f:67:27:63:5a:a5:7a:17:78:
         46:76:d4:de:2b:a7:a4:61:9f:54:5e:a7:9f:c5:fa:a8:80:a4:
         92:a7:6b:ca:bd:09:1d:67:af:07:69:86:6c:6a:32:9e:87:f2:
         17:61:f8:3f:e7:33:ba:e3:d7:26:62:87:d9:99:c5:9e:8b:a6:
         d5:f3:86:2b:93:7a:37:36:d6:fb:46:5c:83:24:85:2d:0c:d5:
         7e:10:5e:bf:e1:b6:24:ae:8a:44:04:7c:6f:b1:44:b6:9a:da:
         30:40:08:94:00:15:31:41:a4:82:c9:76:12:eb:c8:f6:2e:8e:
         73:5e:69:12:16:85:6b:ed:e2:b6:2f:d0:33:76:8f:d4:d5:2f:
         80:76:df:49:9f:ca:7c:10:ef:76:72:da:32:97:12:a6:1f:77:
         00:e7:a7:12:52:eb:4a:6e:81:9d:6f:fc:f5:b3:ea:8f:c9:21:
         0f:09:c4:81:12:67:5d:27:15:9a:35:93:80:f3:0c:e1:f9:40:
         ba:4e:fd:ab:d1:55:e9:a0:8c:ed:8c:e3:2b:dd:0b:12:7c:63:
         0f:17:b1:c2:8f:a3:55:11:1c:83:cc:a3:70:fc:56:3d:ff:da:
         e8:4e:dd:13
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUGrqRvAg/ffdpB5Z7t652OW2ZmBowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MTMwNTEzMThaFw0yNjA3MTIwNTE4MThaMDMxMTAvBgNV
BAMTKDA3NzBCNUY5OUM4MDM5RkM0MzdFNURCOUU5OEFDQzY3MkY5MTBCNDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+CX/1ut3345x0ZCm70s/gE2ab
QTBAxh1LCxX12VDe3sFQoCbRFFvrnsrc0MCYMIPzLs/jd3oB1jDasnE9WzF+qpce
8M0a/yOfz0szMooaYiho21wFHDCWHyRFlmd4nOMogUi8CKY3XtCTSed9iUwN6FoD
A4WovDv3b9VlJjm90ODsnRQy6+qC77R4Af1CXc4W9VlAqMszugaoCf+KPJ53DOC0
y+DgC5dQgBdRYp6Ug9wrRgjnjjMFKzbC6QkjYkNyzdK48NHda82LdX+pVxR6dOHd
42ioVw1bkGYO830Q4JWQupI86AsfUwyQXOAhkqjnvjYN8P/AdC0g6rY3EneRAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUB3C1+ZyAOfxDfl256YrMZy+RC0YwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjE0NjQ4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCjxTk
MA0GCSqGSIb3DQEBCwUAA4IBAQATIN6DoDK1Nw8MlPFFi8WkdB+EMkqD+yNnO8h/
ZydjWqV6F3hGdtTeK6ekYZ9UXqefxfqogKSSp2vKvQkdZ68HaYZsajKeh/IXYfg/
5zO649cmYofZmcWei6bV84Yrk3o3Ntb7RlyDJIUtDNV+EF6/4bYkropEBHxvsUS2
mtowQAiUABUxQaSCyXYS68j2Lo5zXmkSFoVr7eK2L9Azdo/U1S+Adt9Jn8p8EO92
ctoylxKmH3cA56cSUutKboGdb/z1s+qPySEPCcSBEmddJxWaNZOA8wzh+UC6Tv2r
0VXpoIztjOMr3QsSfGMPF7HCj6NVERyDzKNw/FY9/9roTt0T
-----END CERTIFICATE-----