Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214083.roa
File:                     AS214083.roa (raw, json)
Hash identifier:          yKNfy7ekwWvzT1xADFAR/Ueo7rxn+jY1dFMA/JY5p9Y=
Subject key identifier:   A3:0A:8A:96:E0:F6:46:46:E1:B5:59:E9:89:A6:04:F6:05:CC:08:FE
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       574939877B0A620EBC5F765C7A69585D15863E40
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214083.roa
Signing time:             Tue 27 May 2025 00:00:06 +0000
ROA not before:           Mon 26 May 2025 23:55:06 +0000
ROA not after:            Tue 26 May 2026 00:00:06 +0000
asID:                     214083
IP address blocks:        146.103.22.0/24 maxlen: 24
                          146.103.48.0/24 maxlen: 24
                          147.79.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:49:39:87:7b:0a:62:0e:bc:5f:76:5c:7a:69:58:5d:15:86:3e:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 26 23:55:06 2025 GMT
            Not After : May 26 00:00:06 2026 GMT
        Subject: CN=A30A8A96E0F64646E1B559E989A604F605CC08FE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:7f:4b:e7:3f:3e:a6:88:30:07:87:18:fa:62:
                    f4:9f:ac:24:a6:80:a8:6b:cd:0a:6d:60:6b:20:30:
                    64:7f:e2:82:be:bd:ec:de:bc:d8:d2:cb:f2:51:1a:
                    85:8c:1c:b0:12:36:16:21:e3:9d:9f:11:40:1e:5d:
                    b1:b5:99:9a:20:b6:54:3d:e9:af:19:d4:b2:f6:0f:
                    92:f2:f7:49:8d:8b:bf:5e:ee:fe:42:88:cf:8d:8c:
                    3d:4a:ec:1a:83:7f:8b:a2:35:da:7c:f4:bf:0f:b7:
                    ba:f0:f6:eb:79:7c:1d:10:f0:c4:b2:fc:3f:ab:22:
                    9e:04:90:1c:08:0c:64:f2:69:45:e3:ed:f7:41:3a:
                    72:5a:76:c4:c8:d0:83:15:a8:f8:da:bb:92:92:47:
                    dc:b5:cb:af:fc:b6:52:76:f3:26:89:21:bc:e3:6b:
                    c5:25:d4:6a:20:cc:bf:ed:4d:ab:0a:24:33:0a:7b:
                    31:16:23:b1:c6:6f:8e:16:aa:8c:6a:84:94:3b:c1:
                    08:41:20:34:a2:72:e4:85:3e:51:ca:c1:67:dd:fa:
                    c3:a6:fe:53:75:b3:d3:69:a9:33:97:36:30:99:8f:
                    e2:68:cb:31:9b:e2:be:8a:6e:79:9b:2e:79:1d:10:
                    11:f3:72:71:08:69:db:43:23:07:3f:30:dd:17:37:
                    8f:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:0A:8A:96:E0:F6:46:46:E1:B5:59:E9:89:A6:04:F6:05:CC:08:FE
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214083.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.22.0/24
                  146.103.48.0/24
                  147.79.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:19:39:8f:72:9f:eb:dc:a4:59:90:4d:68:4d:45:a1:83:10:
         5c:3d:e9:f3:67:37:ef:02:a2:4d:94:a7:71:97:98:2a:ef:d7:
         2e:b2:1d:36:78:d2:bc:d5:8a:e7:33:70:a8:2e:b3:4f:e7:cc:
         59:00:9e:36:5f:a5:8d:d3:30:eb:b3:c9:86:23:07:a2:c3:f8:
         9a:24:0c:be:12:0c:bd:96:f9:9c:d2:0b:7a:b3:a3:55:9f:f2:
         43:81:18:15:43:84:e1:a2:85:08:2f:ed:39:9e:ac:8d:00:77:
         3e:0d:1c:b9:fc:04:e8:95:7c:dd:75:0c:dc:c5:9c:e1:ac:7a:
         99:12:b4:63:93:7b:35:6e:f8:bf:c9:95:db:e8:db:b0:6e:7e:
         af:48:2f:1f:4a:2d:ad:f1:2c:b5:55:af:37:34:8c:fa:b3:9b:
         78:4b:78:d0:d6:eb:7d:41:f2:d8:c8:34:bc:f7:ca:18:70:1d:
         f3:c3:4c:34:c1:7c:dd:3d:b9:7f:16:b8:93:27:66:e7:ca:ad:
         11:ea:09:52:5e:26:d4:d2:ba:df:55:c2:c0:3a:a9:fa:f8:76:
         83:d9:28:93:24:cb:ad:a7:d1:f0:a7:cf:a0:82:10:b3:10:9c:
         59:2f:81:3a:74:90:20:84:3f:04:ec:36:22:3f:c2:82:6b:36:
         89:46:8c:73
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUV0k5h3sKYg68X3ZcemlYXRWGPkAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA1MjYyMzU1MDZaFw0yNjA1MjYwMDAwMDZaMDMxMTAvBgNV
BAMTKEEzMEE4QTk2RTBGNjQ2NDZFMUI1NTlFOTg5QTYwNEY2MDVDQzA4RkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEf0vnPz6miDAHhxj6YvSfrCSm
gKhrzQptYGsgMGR/4oK+vezevNjSy/JRGoWMHLASNhYh452fEUAeXbG1mZogtlQ9
6a8Z1LL2D5Ly90mNi79e7v5CiM+NjD1K7BqDf4uiNdp89L8Pt7rw9ut5fB0Q8MSy
/D+rIp4EkBwIDGTyaUXj7fdBOnJadsTI0IMVqPjau5KSR9y1y6/8tlJ28yaJIbzj
a8Ul1GogzL/tTasKJDMKezEWI7HGb44WqoxqhJQ7wQhBIDSicuSFPlHKwWfd+sOm
/lN1s9NpqTOXNjCZj+JoyzGb4r6KbnmbLnkdEBHzcnEIadtDIwc/MN0XN48HAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUowqKluD2RkbhtVnpiaYE9gXMCP4wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE0MDgzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAkmcW
AwQAkmcwAwQAk08eMA0GCSqGSIb3DQEBCwUAA4IBAQAwGTmPcp/r3KRZkE1oTUWh
gxBcPenzZzfvAqJNlKdxl5gq79cush02eNK81YrnM3CoLrNP58xZAJ42X6WN0zDr
s8mGIweiw/iaJAy+Egy9lvmc0gt6s6NVn/JDgRgVQ4ThooUIL+05nqyNAHc+DRy5
/ATolXzddQzcxZzhrHqZErRjk3s1bvi/yZXb6Nuwbn6vSC8fSi2t8Sy1Va83NIz6
s5t4S3jQ1ut9QfLYyDS898oYcB3zw0w0wXzdPbl/FriTJ2bnyq0R6glSXibU0rrf
VcLAOqn6+HaD2SiTJMutp9Hwp8+gghCzEJxZL4E6dJAghD8E7DYiP8KCazaJRoxz
-----END CERTIFICATE-----