Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214879.roa
File:                     AS214879.roa (raw, json)
Hash identifier:          xkwd6Odv26RY5w74gmpxvOjVAXRrWGSYCbon1Mrcmqs=
Subject key identifier:   87:C2:D7:F2:BA:92:07:17:54:94:AF:60:98:E7:ED:20:78:5C:7C:5C
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       4C13BBA46DC01FA72C28351F55442902AD3FFDB9
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214879.roa
Signing time:             Thu 24 Jul 2025 03:54:13 +0000
ROA not before:           Thu 24 Jul 2025 03:49:13 +0000
ROA not after:            Thu 23 Jul 2026 03:54:13 +0000
asID:                     214879
IP address blocks:        92.113.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 22:13:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:13:bb:a4:6d:c0:1f:a7:2c:28:35:1f:55:44:29:02:ad:3f:fd:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jul 24 03:49:13 2025 GMT
            Not After : Jul 23 03:54:13 2026 GMT
        Subject: CN=87C2D7F2BA9207175494AF6098E7ED20785C7C5C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:e8:50:d9:69:5c:d5:77:3b:0c:c1:f3:a4:b5:
                    a0:1f:b5:c4:06:32:6b:be:ac:bc:8c:06:0e:20:6b:
                    9d:bc:7c:ab:cf:fd:28:6c:b7:d0:95:ae:2c:a9:1c:
                    b8:77:c4:af:d7:59:04:83:04:bc:44:e1:58:1d:bd:
                    32:ed:43:74:7c:1e:db:dd:24:35:f6:42:3d:0d:52:
                    67:a4:db:25:69:97:ba:20:f4:47:4b:ab:98:fb:32:
                    4b:6f:85:8e:fc:90:7c:9d:2c:0e:f6:97:dc:04:a8:
                    de:e9:46:96:34:78:60:d8:3d:dd:35:37:86:58:c8:
                    35:3f:2d:74:07:e2:d3:ea:8f:b7:9f:1f:0c:d3:88:
                    dc:b3:5d:74:29:75:81:dd:80:b7:70:19:79:8f:7a:
                    59:bf:62:7e:ee:de:1a:53:b7:76:00:fa:ff:f8:82:
                    ee:0d:b8:f5:ce:b5:1a:88:81:55:35:1e:db:80:52:
                    f4:58:14:3d:f6:01:6c:5f:80:82:af:c4:b7:8c:00:
                    d8:da:e9:3e:e8:3c:f9:45:14:d6:10:b8:44:b1:1a:
                    df:b9:2e:1e:54:9d:63:ee:90:39:fe:a9:92:20:c0:
                    65:0a:e6:25:b6:66:45:b4:08:72:07:2f:ce:da:62:
                    b6:5f:73:11:2b:79:38:62:b3:98:00:ae:76:84:57:
                    cb:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:C2:D7:F2:BA:92:07:17:54:94:AF:60:98:E7:ED:20:78:5C:7C:5C
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214879.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.113.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:05:71:b0:11:10:03:8d:9b:e5:66:20:32:93:6f:f4:30:79:
         6d:0a:e7:87:f2:0a:d7:b4:95:b9:a6:fa:e3:4e:16:f8:1e:b8:
         d3:07:f1:7a:51:dd:40:3c:dd:0c:81:b4:63:20:90:6c:c8:ed:
         b9:b9:c8:a8:f6:cc:eb:93:e1:9e:c3:85:cb:f8:15:23:cc:e0:
         9e:1c:ed:ad:0d:f0:cf:c0:ae:d8:02:be:75:f8:99:0d:2d:61:
         a9:96:ea:59:9c:e3:1f:5d:a9:39:7f:d0:81:16:b2:f5:f9:34:
         2e:c3:07:e0:bf:42:9b:f6:b8:bb:80:74:b8:c8:b8:8f:e3:04:
         e9:a4:4a:61:8d:86:20:79:96:eb:38:4b:06:57:33:4b:23:ea:
         ac:06:46:05:80:1e:6a:f3:4f:75:b2:5c:4b:e8:b5:b1:9e:42:
         3a:e2:e8:18:f3:05:87:3c:52:08:df:54:1b:0b:be:7e:76:2b:
         5d:77:56:b4:0a:1f:3a:4f:ee:e4:04:f7:e8:8c:9d:cb:91:c1:
         d7:e7:9b:af:7a:ec:9b:97:cc:bf:30:2d:9a:b2:cd:40:fc:1d:
         23:be:16:8e:da:e6:c2:c5:70:87:fe:ed:f1:64:7b:6c:7d:07:
         c4:27:f8:5c:cb:86:f5:ff:56:06:22:5a:70:a0:62:86:a1:15:
         fa:47:58:87
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUTBO7pG3AH6csKDUfVUQpAq0//bkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA3MjQwMzQ5MTNaFw0yNjA3MjMwMzU0MTNaMDMxMTAvBgNV
BAMTKDg3QzJEN0YyQkE5MjA3MTc1NDk0QUY2MDk4RTdFRDIwNzg1QzdDNUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/6FDZaVzVdzsMwfOktaAftcQG
Mmu+rLyMBg4ga528fKvP/Shst9CVriypHLh3xK/XWQSDBLxE4VgdvTLtQ3R8Htvd
JDX2Qj0NUmek2yVpl7og9EdLq5j7MktvhY78kHydLA72l9wEqN7pRpY0eGDYPd01
N4ZYyDU/LXQH4tPqj7efHwzTiNyzXXQpdYHdgLdwGXmPelm/Yn7u3hpTt3YA+v/4
gu4NuPXOtRqIgVU1HtuAUvRYFD32AWxfgIKvxLeMANja6T7oPPlFFNYQuESxGt+5
Lh5UnWPukDn+qZIgwGUK5iW2ZkW0CHIHL87aYrZfcxEreThis5gArnaEV8sdAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUh8LX8rqSBxdUlK9gmOftIHhcfFwwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE0ODc5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXHF2
MA0GCSqGSIb3DQEBCwUAA4IBAQCIBXGwERADjZvlZiAyk2/0MHltCueH8grXtJW5
pvrjThb4HrjTB/F6Ud1APN0MgbRjIJBsyO25ucio9szrk+Gew4XL+BUjzOCeHO2t
DfDPwK7YAr51+JkNLWGplupZnOMfXak5f9CBFrL1+TQuwwfgv0Kb9ri7gHS4yLiP
4wTppEphjYYgeZbrOEsGVzNLI+qsBkYFgB5q8091slxL6LWxnkI64ugY8wWHPFII
31QbC75+ditdd1a0Ch86T+7kBPfojJ3LkcHX55uveuybl8y/MC2ass1A/B0jvhaO
2ubCxXCH/u3xZHtsfQfEJ/hcy4b1/1YGIlpwoGKGoRX6R1iH
-----END CERTIFICATE-----