Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS211407.roa
File:                     AS211407.roa (raw, json)
Hash identifier:          0yWC9ctEKSn0pmUR2B5FEi5zK23InQtJOQ+so8gUIK8=
Subject key identifier:   18:EA:2C:84:35:73:AB:93:25:F5:3F:F9:63:B9:D0:CD:29:99:C6:AD
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       237F21C1DD90B51F09DABF56381D7C6148FB5EE9
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS211407.roa
Signing time:             Fri 05 Sep 2025 19:46:29 +0000
ROA not before:           Fri 05 Sep 2025 19:41:29 +0000
ROA not after:            Fri 04 Sep 2026 19:46:29 +0000
asID:                     211407
IP address blocks:        143.14.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 17:17:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:7f:21:c1:dd:90:b5:1f:09:da:bf:56:38:1d:7c:61:48:fb:5e:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Sep  5 19:41:29 2025 GMT
            Not After : Sep  4 19:46:29 2026 GMT
        Subject: CN=18EA2C843573AB9325F53FF963B9D0CD2999C6AD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:91:cb:e9:2c:5e:aa:35:06:98:92:eb:fe:ef:
                    ba:7c:19:06:61:0a:eb:58:3a:1b:a2:df:03:6b:fe:
                    94:7e:e2:50:23:02:9a:e7:ab:3b:5d:c5:09:d9:a8:
                    12:e2:4d:7d:7d:8a:bb:10:f1:35:f2:e9:01:70:0f:
                    03:2b:ce:6e:0b:f1:42:c6:f6:20:47:15:0b:2a:09:
                    82:62:24:e8:77:c4:17:d8:27:3f:2d:f5:e2:1e:cf:
                    dd:d4:0c:1c:21:42:56:6d:3e:8b:60:25:0c:78:24:
                    21:5b:9b:a4:48:77:fa:c1:79:3c:a4:b4:2a:6a:56:
                    38:b2:67:75:db:40:da:54:0c:da:57:49:d9:7c:08:
                    00:7a:04:2e:71:9e:05:60:73:71:74:90:53:3d:c4:
                    3d:f2:23:2e:1c:66:68:99:20:db:40:0b:ca:fd:11:
                    8e:7a:e2:9a:32:90:b1:38:74:b1:4b:24:91:39:5c:
                    5e:14:94:ac:14:6f:8e:ac:f7:ba:28:c2:3e:a5:bd:
                    4d:c3:ac:c5:8b:bc:55:06:95:79:5c:19:56:76:a3:
                    00:46:75:b1:22:de:21:f4:24:bd:7a:84:1c:e4:aa:
                    cc:6a:40:30:64:d9:74:fd:60:18:fa:17:a2:6b:9c:
                    f0:8b:e2:eb:5d:87:c2:51:10:52:fd:5e:98:07:f0:
                    70:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:EA:2C:84:35:73:AB:93:25:F5:3F:F9:63:B9:D0:CD:29:99:C6:AD
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS211407.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:ab:25:37:0c:fe:ef:61:eb:c7:48:55:ea:25:84:d6:dd:3f:
         f6:87:08:bc:43:50:12:94:8d:0f:9f:0c:0c:15:f5:ae:0b:2c:
         76:c7:01:2e:19:03:a9:89:ac:33:7f:db:1d:2f:49:6a:93:f1:
         61:93:46:1f:08:b5:22:f4:62:5e:50:1c:98:f9:54:a4:23:04:
         86:2c:2e:45:3e:df:96:70:ce:03:d3:09:ec:90:42:62:46:7b:
         da:7a:14:2b:b5:3a:2e:d0:3a:c4:8c:cc:fb:a0:01:f4:ad:34:
         5b:f2:f5:db:c2:c4:1c:aa:e4:24:4a:69:99:ee:01:19:9d:a4:
         40:01:76:9a:ed:4e:1a:e3:c3:f6:cd:2c:4c:53:c2:16:bc:17:
         05:d1:76:4e:a9:6b:53:0e:a6:b0:22:67:71:af:78:0a:b6:2e:
         12:ea:59:b5:d8:22:44:eb:33:f5:54:c7:1c:4e:8e:18:ae:ca:
         c0:9c:ba:ae:17:7d:ce:c7:f0:b9:54:81:d2:6d:b5:17:08:45:
         98:31:cf:fd:45:dc:d8:9b:f0:09:ac:a7:07:d1:d8:ff:96:5d:
         aa:53:97:8f:63:ed:6c:ea:7f:23:5e:b5:80:ba:27:94:38:72:
         dd:39:84:09:6d:de:18:87:48:fb:a2:bd:b8:ac:2b:38:10:4a:
         5b:4c:a7:b2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUI38hwd2QtR8J2r9WOB18YUj7XukwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA5MDUxOTQxMjlaFw0yNjA5MDQxOTQ2MjlaMDMxMTAvBgNV
BAMTKDE4RUEyQzg0MzU3M0FCOTMyNUY1M0ZGOTYzQjlEMENEMjk5OUM2QUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfkcvpLF6qNQaYkuv+77p8GQZh
CutYOhui3wNr/pR+4lAjAprnqztdxQnZqBLiTX19irsQ8TXy6QFwDwMrzm4L8ULG
9iBHFQsqCYJiJOh3xBfYJz8t9eIez93UDBwhQlZtPotgJQx4JCFbm6RId/rBeTyk
tCpqVjiyZ3XbQNpUDNpXSdl8CAB6BC5xngVgc3F0kFM9xD3yIy4cZmiZINtAC8r9
EY564poykLE4dLFLJJE5XF4UlKwUb46s97oowj6lvU3DrMWLvFUGlXlcGVZ2owBG
dbEi3iH0JL16hBzkqsxqQDBk2XT9YBj6F6JrnPCL4utdh8JREFL9XpgH8HAnAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUGOoshDVzq5Ml9T/5Y7nQzSmZxq0wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjExNDA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjw5y
MA0GCSqGSIb3DQEBCwUAA4IBAQCeqyU3DP7vYevHSFXqJYTW3T/2hwi8Q1ASlI0P
nwwMFfWuCyx2xwEuGQOpiawzf9sdL0lqk/Fhk0YfCLUi9GJeUByY+VSkIwSGLC5F
Pt+WcM4D0wnskEJiRnvaehQrtTou0DrEjMz7oAH0rTRb8vXbwsQcquQkSmmZ7gEZ
naRAAXaa7U4a48P2zSxMU8IWvBcF0XZOqWtTDqawImdxr3gKti4S6lm12CJE6zP1
VMccTo4YrsrAnLquF33Ox/C5VIHSbbUXCEWYMc/9RdzYm/AJrKcH0dj/ll2qU5eP
Y+1s6n8jXrWAuieUOHLdOYQJbd4Yh0j7or24rCs4EEpbTKey
-----END CERTIFICATE-----