Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214209.roa
File:                     AS214209.roa (raw, json)
Hash identifier:          /IPFpcwu/2kk0eB1byWnwmyQUK3ziGXraQMJwWwuLG0=
Subject key identifier:   BE:69:A7:80:76:5D:D0:B5:C8:2E:2E:5F:1A:CE:06:22:E1:A8:3C:8E
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       714FA5C7ECC1AD4ABA91B15F3C6732E35139D13E
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214209.roa
Signing time:             Mon 25 Aug 2025 19:54:13 +0000
ROA not before:           Mon 25 Aug 2025 19:49:13 +0000
ROA not after:            Mon 24 Aug 2026 19:54:13 +0000
asID:                     214209
IP address blocks:        140.233.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Sep 2025 08:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:4f:a5:c7:ec:c1:ad:4a:ba:91:b1:5f:3c:67:32:e3:51:39:d1:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Aug 25 19:49:13 2025 GMT
            Not After : Aug 24 19:54:13 2026 GMT
        Subject: CN=BE69A780765DD0B5C82E2E5F1ACE0622E1A83C8E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:9d:83:71:71:a0:7e:36:e3:5a:d6:86:26:3d:
                    9c:80:1d:c5:da:78:7d:2a:c7:15:da:64:3c:e1:dc:
                    eb:ad:bc:07:03:f8:f4:be:8c:8c:32:b9:a4:23:d2:
                    31:63:b7:58:9f:e6:12:5b:d8:ab:9a:32:c2:1d:dd:
                    66:aa:e9:69:64:55:f4:e0:24:b8:c9:ae:4b:6b:49:
                    da:f5:67:cf:18:66:97:95:1b:e4:6e:7b:64:31:20:
                    e4:1c:99:7f:78:03:25:43:13:42:77:20:65:18:01:
                    3d:99:fa:b2:ba:aa:6d:6e:54:a7:dd:f3:1a:1d:7a:
                    a7:5e:61:1d:8c:03:89:bf:ea:b8:90:c0:a9:23:fa:
                    38:e1:bd:0d:dd:e9:15:2d:e9:73:10:af:01:e5:66:
                    58:4f:51:49:9d:fe:d8:19:c7:91:f6:4b:25:46:87:
                    66:69:72:95:2f:77:66:3a:74:41:49:b9:fa:7c:dd:
                    66:59:4f:c0:ba:f1:08:a4:95:36:45:f3:34:a7:cc:
                    26:99:ed:5b:03:c9:36:ae:f7:2f:b6:e9:e6:6e:d7:
                    bd:95:10:1a:51:84:42:eb:e7:c3:c1:52:17:b9:f5:
                    38:a7:2a:54:c8:8b:d8:bd:78:7a:c8:b9:4b:bd:b9:
                    de:0a:3b:52:b7:62:1e:3e:21:8d:00:08:51:1b:9c:
                    85:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:69:A7:80:76:5D:D0:B5:C8:2E:2E:5F:1A:CE:06:22:E1:A8:3C:8E
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214209.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.233.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:5d:7f:04:fa:65:5e:77:4b:d7:30:a8:a5:e6:ef:48:0b:ea:
         cd:91:31:3f:5a:53:92:12:a9:bd:0c:c3:6a:b1:bd:8f:c8:29:
         fa:ab:53:b9:04:e4:77:49:e8:25:3b:78:f5:d5:a4:09:31:2a:
         68:93:52:80:ce:f1:41:02:1a:37:3b:04:72:55:61:e2:73:03:
         6d:12:e0:3e:c8:17:6b:c3:19:2f:2a:1f:d6:1b:66:7c:0a:06:
         25:47:81:61:4a:45:86:36:6e:7b:63:92:01:53:77:7f:b1:e7:
         82:62:89:89:30:4f:2e:d3:1f:c4:c6:55:b3:b3:1f:a3:6d:f8:
         7b:ef:d3:51:d5:1f:2d:50:c5:c9:b2:c3:67:7e:ca:b0:ce:ea:
         eb:5c:e9:91:de:b1:97:20:16:59:2a:a3:2f:35:d4:52:cd:0f:
         b9:43:1c:05:a5:d4:e6:dd:59:fe:6b:f8:63:8a:f8:f8:f1:8a:
         d4:d0:ed:57:45:bd:89:48:27:a7:e3:58:fe:20:07:72:9f:16:
         ce:15:0f:06:d2:8c:cb:04:ee:78:70:a3:de:e2:38:83:2b:c2:
         89:2e:d0:39:dd:a9:00:b9:4c:35:ee:0c:e3:ab:57:c4:34:a1:
         d0:c4:8e:0b:12:87:8e:0e:37:ac:95:73:85:a1:36:e7:2a:0c:
         98:7c:14:f4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUcU+lx+zBrUq6kbFfPGcy41E50T4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA4MjUxOTQ5MTNaFw0yNjA4MjQxOTU0MTNaMDMxMTAvBgNV
BAMTKEJFNjlBNzgwNzY1REQwQjVDODJFMkU1RjFBQ0UwNjIyRTFBODNDOEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCFnYNxcaB+NuNa1oYmPZyAHcXa
eH0qxxXaZDzh3OutvAcD+PS+jIwyuaQj0jFjt1if5hJb2KuaMsId3Waq6WlkVfTg
JLjJrktrSdr1Z88YZpeVG+Rue2QxIOQcmX94AyVDE0J3IGUYAT2Z+rK6qm1uVKfd
8xodeqdeYR2MA4m/6riQwKkj+jjhvQ3d6RUt6XMQrwHlZlhPUUmd/tgZx5H2SyVG
h2ZpcpUvd2Y6dEFJufp83WZZT8C68QiklTZF8zSnzCaZ7VsDyTau9y+26eZu172V
EBpRhELr58PBUhe59TinKlTIi9i9eHrIuUu9ud4KO1K3Yh4+IY0ACFEbnIUFAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUvmmngHZd0LXILi5fGs4GIuGoPI4wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE0MjA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjOm+
MA0GCSqGSIb3DQEBCwUAA4IBAQB3XX8E+mVed0vXMKil5u9IC+rNkTE/WlOSEqm9
DMNqsb2PyCn6q1O5BOR3SeglO3j11aQJMSpok1KAzvFBAho3OwRyVWHicwNtEuA+
yBdrwxkvKh/WG2Z8CgYlR4FhSkWGNm57Y5IBU3d/seeCYomJME8u0x/ExlWzsx+j
bfh779NR1R8tUMXJssNnfsqwzurrXOmR3rGXIBZZKqMvNdRSzQ+5QxwFpdTm3Vn+
a/hjivj48YrU0O1XRb2JSCen41j+IAdynxbOFQ8G0ozLBO54cKPe4jiDK8KJLtA5
3akAuUw17gzjq1fENKHQxI4LEoeODjeslXOFoTbnKgyYfBT0
-----END CERTIFICATE-----