Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214432.roa
File:                     AS214432.roa (raw, json)
Hash identifier:          9fh+w2gF4jrQ1bUJOvviIK/yrOH6G7z5kp7MlrtOOXo=
Subject key identifier:   9E:90:D6:F4:1C:EE:04:AE:B8:14:3E:B9:B5:17:62:98:C8:6A:EE:65
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       033785CC859F8EDDCFA50B35B4911E89286A94D9
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214432.roa
Signing time:             Tue 22 Jul 2025 00:01:59 +0000
ROA not before:           Mon 21 Jul 2025 23:56:59 +0000
ROA not after:            Tue 21 Jul 2026 00:01:59 +0000
asID:                     214432
IP address blocks:        91.124.18.0/24 maxlen: 24
                          91.124.38.0/24 maxlen: 24
                          91.124.60.0/24 maxlen: 24
                          91.124.186.0/24 maxlen: 24
                          178.92.70.0/24 maxlen: 24
                          178.93.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 13:47:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:37:85:cc:85:9f:8e:dd:cf:a5:0b:35:b4:91:1e:89:28:6a:94:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jul 21 23:56:59 2025 GMT
            Not After : Jul 21 00:01:59 2026 GMT
        Subject: CN=9E90D6F41CEE04AEB8143EB9B5176298C86AEE65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:89:a6:87:85:f2:4f:2a:23:5b:51:3a:ca:e3:
                    1e:da:e9:b4:cd:fe:a7:90:31:0b:39:c4:23:ca:cd:
                    51:8f:a2:b4:a2:f3:2f:61:c2:db:92:8c:c0:be:2b:
                    09:6b:52:d8:7c:b0:9c:68:53:31:fe:cc:75:ef:b5:
                    65:13:b2:65:a8:a6:e2:8a:15:7a:c3:da:d1:ef:6b:
                    97:31:a9:5c:f1:e0:d4:6d:ab:ce:b9:b6:d8:81:6b:
                    0c:39:2c:b5:81:16:00:58:5b:a0:2c:92:df:20:c3:
                    73:58:bc:8c:b8:1a:98:f2:48:40:af:11:0b:70:61:
                    89:18:27:1f:e0:e7:18:27:b3:88:5b:db:23:0d:d8:
                    a2:53:78:7c:24:4c:e5:bc:b2:60:44:b0:e4:c4:af:
                    01:3a:b1:52:05:24:90:40:15:eb:ce:be:fe:68:c7:
                    d0:11:f2:e0:cd:51:e0:15:c6:69:7e:77:2f:c7:33:
                    0f:81:e9:15:17:72:3f:49:9a:3a:28:3c:75:59:2b:
                    68:e5:c1:44:1f:e3:6b:5f:4e:85:7c:8d:61:1d:8b:
                    33:51:47:bb:df:c0:8e:02:19:36:5c:4e:6e:44:ce:
                    7d:0d:19:bd:8b:7b:41:58:17:ba:4b:10:c6:6d:d8:
                    13:94:f6:29:2b:87:0a:62:20:96:73:6e:e8:6e:60:
                    da:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:90:D6:F4:1C:EE:04:AE:B8:14:3E:B9:B5:17:62:98:C8:6A:EE:65
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.18.0/24
                  91.124.38.0/24
                  91.124.60.0/24
                  91.124.186.0/24
                  178.92.70.0/24
                  178.93.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:30:10:12:65:70:1e:ef:24:87:c5:73:b3:f0:38:65:80:9f:
         f8:87:27:d3:cd:fb:47:19:2d:21:f2:5f:8c:58:94:d8:5d:4d:
         9b:de:eb:bc:70:26:0f:a8:65:63:60:f9:72:ad:10:5f:bf:1f:
         80:03:a4:79:17:91:3f:20:14:b5:e5:57:20:06:c2:c1:65:a4:
         0a:c1:f9:2b:34:cc:21:99:2c:f2:5a:62:48:29:3c:f5:b5:8b:
         2e:26:d2:9d:08:66:a8:b0:66:56:81:e8:0a:4c:21:cf:e0:2c:
         c9:72:cf:58:41:f7:09:6a:cc:07:88:b4:94:58:0e:bf:2a:e6:
         ae:fe:3a:57:6c:6f:6b:5e:79:a8:f5:8a:c8:0b:65:58:21:24:
         51:ec:db:0c:cc:75:03:22:3e:c2:2a:d6:fe:be:1c:7a:9d:e9:
         04:40:75:12:a5:04:b4:34:c1:45:21:53:47:43:85:2f:51:54:
         52:66:1b:1a:df:d5:11:ad:53:17:93:7a:2c:b0:a8:35:f5:37:
         b3:16:a7:7c:cd:8e:1c:12:ca:0b:e5:0c:2b:10:8d:e8:3d:fd:
         d5:d8:77:60:22:e2:16:9a:4d:fa:eb:c3:c1:d6:5b:e1:ea:4f:
         30:e9:ec:2e:4e:85:a3:f7:f5:51:d0:3d:77:61:09:3f:a8:80:
         d7:48:db:0d
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgIUAzeFzIWfjt3PpQs1tJEeiShqlNkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA3MjEyMzU2NTlaFw0yNjA3MjEwMDAxNTlaMDMxMTAvBgNV
BAMTKDlFOTBENkY0MUNFRTA0QUVCODE0M0VCOUI1MTc2Mjk4Qzg2QUVFNjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCNiaaHhfJPKiNbUTrK4x7a6bTN
/qeQMQs5xCPKzVGPorSi8y9hwtuSjMC+KwlrUth8sJxoUzH+zHXvtWUTsmWopuKK
FXrD2tHva5cxqVzx4NRtq865ttiBaww5LLWBFgBYW6Askt8gw3NYvIy4GpjySECv
EQtwYYkYJx/g5xgns4hb2yMN2KJTeHwkTOW8smBEsOTErwE6sVIFJJBAFevOvv5o
x9AR8uDNUeAVxml+dy/HMw+B6RUXcj9JmjooPHVZK2jlwUQf42tfToV8jWEdizNR
R7vfwI4CGTZcTm5Ezn0NGb2Le0FYF7pLEMZt2BOU9ikrhwpiIJZzbuhuYNrxAgMB
AAGjggIoMIICJDAdBgNVHQ4EFgQUnpDW9BzuBK64FD65tRdimMhq7mUwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE0NDMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAW3wS
AwQAW3wmAwQAW3w8AwQAW3y6AwQAslxGAwQAsl1ZMA0GCSqGSIb3DQEBCwUAA4IB
AQByMBASZXAe7ySHxXOz8DhlgJ/4hyfTzftHGS0h8l+MWJTYXU2b3uu8cCYPqGVj
YPlyrRBfvx+AA6R5F5E/IBS15VcgBsLBZaQKwfkrNMwhmSzyWmJIKTz1tYsuJtKd
CGaosGZWgegKTCHP4CzJcs9YQfcJaswHiLSUWA6/Kuau/jpXbG9rXnmo9YrIC2VY
ISRR7NsMzHUDIj7CKtb+vhx6nekEQHUSpQS0NMFFIVNHQ4UvUVRSZhsa39URrVMX
k3ossKg19TezFqd8zY4cEsoL5QwrEI3oPf3V2HdgIuIWmk3668PB1lvh6k8w6ewu
ToWj9/VR0D13YQk/qIDXSNsN
-----END CERTIFICATE-----
Generated at Tue Jul 22 19:29:31 2025 by rpki-client