Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214120.roa
File:                     AS214120.roa (raw, json)
Hash identifier:          gh7pGsTz3ONngWvhvnSoPQRj/1jbhxyjQcM7nA/qyOU=
Subject key identifier:   F3:AD:0D:6B:38:9C:C1:A4:AD:B4:4D:E7:FD:45:F0:0E:A1:20:CA:14
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       2CBD77315B4068C56DA9D99B31C773D46FF29AF9
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214120.roa
Signing time:             Fri 30 Jan 2026 13:51:17 +0000
ROA not before:           Fri 30 Jan 2026 13:46:17 +0000
ROA not after:            Fri 29 Jan 2027 13:51:17 +0000
asID:                     214120
IP address blocks:        143.14.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Feb 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:bd:77:31:5b:40:68:c5:6d:a9:d9:9b:31:c7:73:d4:6f:f2:9a:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jan 30 13:46:17 2026 GMT
            Not After : Jan 29 13:51:17 2027 GMT
        Subject: CN=F3AD0D6B389CC1A4ADB44DE7FD45F00EA120CA14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:39:fe:5f:60:bc:fa:83:cd:b2:b2:63:aa:09:
                    a2:e8:5c:89:61:0e:02:bd:f1:10:9e:8b:06:ff:10:
                    c9:84:51:2b:81:58:b2:06:05:8e:49:2d:99:39:65:
                    5d:cb:01:7d:3e:35:c1:aa:d6:78:cb:10:ce:9a:b7:
                    b2:fc:73:ce:f9:13:61:07:da:c8:76:54:52:a5:59:
                    26:cd:6b:d0:86:7d:96:1d:78:6e:33:b4:fe:3a:78:
                    07:30:3f:c7:8b:21:a1:3b:6b:03:ff:4c:4a:70:08:
                    e7:a1:8a:c6:4b:40:4e:7b:79:d3:2f:02:67:0f:6e:
                    a1:85:18:c4:85:1c:80:9b:9c:8e:d8:49:42:7a:56:
                    88:5c:e2:5f:10:4a:14:68:47:e7:46:f5:db:be:70:
                    d4:e8:71:9e:4c:bf:d0:b2:1c:cf:76:f1:09:25:1a:
                    c9:e4:63:5f:53:c3:91:81:e6:93:13:da:09:8f:9f:
                    b0:90:87:b8:ee:be:ca:c8:98:4a:40:43:40:1a:cc:
                    f2:1f:91:c2:54:b3:38:8e:8b:bb:d7:03:16:ed:4a:
                    13:95:2c:d0:ee:36:b7:2c:8a:e3:dd:d0:07:fe:29:
                    2a:fc:fd:f2:cd:8e:59:a1:82:fe:af:30:96:db:89:
                    54:5b:43:c0:63:0a:cc:bb:a0:d8:78:07:48:af:3d:
                    38:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:AD:0D:6B:38:9C:C1:A4:AD:B4:4D:E7:FD:45:F0:0E:A1:20:CA:14
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214120.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:6c:9e:b7:01:a5:39:99:41:07:95:12:97:43:9b:02:94:9d:
         76:69:a5:7d:a7:6d:76:7f:38:84:ff:be:72:28:31:a5:6f:80:
         3a:5d:b5:f2:77:db:80:9a:ea:df:82:78:37:b7:d0:1d:ea:36:
         0b:e0:db:04:ab:7e:03:b6:73:c4:00:7f:84:ae:31:86:f1:ec:
         3e:af:0f:2e:46:f8:e9:00:64:85:41:bd:a4:aa:91:bf:57:46:
         82:82:6d:e9:ce:90:77:ab:88:35:dd:b6:7a:99:95:3f:31:cc:
         62:ec:94:69:67:1d:9c:36:e1:d6:3f:2c:d1:b9:bb:6f:43:b6:
         e9:63:e6:66:8a:30:09:f2:d0:1c:42:26:fa:f9:ee:08:c3:2d:
         e2:eb:0c:1d:1f:12:44:ea:a8:43:0a:f4:89:0a:77:2e:fe:4d:
         c8:0e:28:86:2a:1c:59:88:b0:7f:a6:9e:68:8f:88:02:5c:f4:
         10:fa:e9:fb:99:d9:a1:54:f6:c9:21:71:34:84:03:a3:06:78:
         65:5b:8f:d5:e1:c9:66:94:02:84:ea:bb:4d:55:04:72:fc:cc:
         02:bf:54:4b:24:47:06:55:53:f2:5d:c8:3d:3c:02:6a:bd:4d:
         a5:2e:8c:6e:62:4e:0f:e9:6a:e9:11:bc:f4:61:94:e3:a1:d0:
         8b:17:00:d6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIULL13MVtAaMVtqdmbMcdz1G/ymvkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAxMzAxMzQ2MTdaFw0yNzAxMjkxMzUxMTdaMDMxMTAvBgNV
BAMTKEYzQUQwRDZCMzg5Q0MxQTRBREI0NERFN0ZENDVGMDBFQTEyMENBMTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOOf5fYLz6g82ysmOqCaLoXIlh
DgK98RCeiwb/EMmEUSuBWLIGBY5JLZk5ZV3LAX0+NcGq1njLEM6at7L8c875E2EH
2sh2VFKlWSbNa9CGfZYdeG4ztP46eAcwP8eLIaE7awP/TEpwCOehisZLQE57edMv
AmcPbqGFGMSFHICbnI7YSUJ6Vohc4l8QShRoR+dG9du+cNTocZ5Mv9CyHM928Qkl
GsnkY19Tw5GB5pMT2gmPn7CQh7juvsrImEpAQ0AazPIfkcJUsziOi7vXAxbtShOV
LNDuNrcsiuPd0Af+KSr8/fLNjlmhgv6vMJbbiVRbQ8BjCsy7oNh4B0ivPThnAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU860NazicwaSttE3n/UXwDqEgyhQwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE0MTIwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjw6T
MA0GCSqGSIb3DQEBCwUAA4IBAQBGbJ63AaU5mUEHlRKXQ5sClJ12aaV9p212fziE
/75yKDGlb4A6XbXyd9uAmurfgng3t9Ad6jYL4NsEq34DtnPEAH+ErjGG8ew+rw8u
RvjpAGSFQb2kqpG/V0aCgm3pzpB3q4g13bZ6mZU/Mcxi7JRpZx2cNuHWPyzRubtv
Q7bpY+ZmijAJ8tAcQib6+e4Iwy3i6wwdHxJE6qhDCvSJCncu/k3IDiiGKhxZiLB/
pp5oj4gCXPQQ+un7mdmhVPbJIXE0hAOjBnhlW4/V4clmlAKE6rtNVQRy/MwCv1RL
JEcGVVPyXcg9PAJqvU2lLoxuYk4P6WrpEbz0YZTjodCLFwDW
-----END CERTIFICATE-----