Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214432.roa
File:                     AS214432.roa (raw, json)
Hash identifier:          wDumawz5n8ftqIm5mHYK0wt7Fqkh6e3UZN61h7LsCdI=
Subject key identifier:   6D:18:E2:D1:7B:25:7D:98:58:CF:F1:8F:65:79:91:67:69:F9:57:3C
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       721854434496F7CC86D6DC1541786F18B1A87062
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214432.roa
Signing time:             Sat 17 May 2025 07:42:57 +0000
ROA not before:           Sat 17 May 2025 07:37:57 +0000
ROA not after:            Sat 16 May 2026 07:42:57 +0000
asID:                     214432
IP address blocks:        155.117.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 05:53:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:18:54:43:44:96:f7:cc:86:d6:dc:15:41:78:6f:18:b1:a8:70:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 17 07:37:57 2025 GMT
            Not After : May 16 07:42:57 2026 GMT
        Subject: CN=6D18E2D17B257D9858CFF18F6579916769F9573C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:d6:2d:42:14:25:14:6f:5c:fc:24:45:4d:95:
                    a7:c4:32:4c:c0:17:17:e2:2d:53:47:9c:e3:c6:13:
                    79:6a:42:69:c0:fb:30:b8:6f:eb:7d:dd:5f:81:4e:
                    15:a5:8c:1b:df:71:04:e0:ee:81:b4:d5:5e:cb:48:
                    a6:e3:eb:ee:d0:0c:4d:d2:a8:61:ce:a8:9f:18:94:
                    95:26:72:99:09:3e:eb:2a:f9:1a:d9:a5:83:41:9f:
                    f2:81:71:48:9c:d0:d0:28:d8:89:0f:94:5f:26:62:
                    6b:ad:13:a7:bb:8a:11:25:0d:30:25:5a:14:e6:5b:
                    c3:78:0d:5c:60:7d:80:be:74:59:c9:99:b0:8d:4f:
                    55:0f:39:02:b6:c7:06:be:64:10:6b:21:be:db:75:
                    75:de:fb:97:f3:29:32:f1:dd:48:2a:e9:68:14:d4:
                    64:5d:0d:d2:c4:49:53:55:1b:fc:52:a6:74:0d:56:
                    50:ea:38:f7:84:86:78:c5:aa:c2:10:af:81:3c:94:
                    63:b1:28:aa:28:06:66:1e:57:29:a9:90:ee:25:d6:
                    ee:b9:e2:53:b1:a8:7f:42:96:36:38:34:62:45:63:
                    56:f3:37:93:5b:66:1a:94:55:fb:85:ff:0e:8f:68:
                    e1:b3:af:60:cc:ad:a3:31:8b:2f:72:97:68:28:96:
                    b9:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:18:E2:D1:7B:25:7D:98:58:CF:F1:8F:65:79:91:67:69:F9:57:3C
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:cf:52:d2:ea:bb:02:ad:25:f3:79:7b:a6:81:3b:30:bf:d0:
         8b:c8:db:d9:91:51:be:c5:48:aa:d1:d1:f9:66:22:12:98:c3:
         fa:83:7d:ce:c6:ac:5b:45:6c:77:11:ce:7d:38:12:52:31:08:
         57:24:cd:05:f5:74:e6:96:2b:78:28:8f:79:b4:3b:59:8d:ed:
         d1:33:13:17:7c:5b:89:f4:48:a8:9c:9d:7e:41:91:ba:b9:3d:
         ae:40:ed:e1:00:07:00:be:e0:dd:44:ec:b5:bc:48:e5:70:88:
         e6:88:be:82:7c:b8:d7:5a:53:a2:f1:81:8c:e7:43:51:d3:27:
         a0:94:7d:02:1c:80:1e:e7:17:23:6e:e4:7f:7c:d8:9b:29:93:
         59:3d:f8:03:ad:15:90:e9:27:4d:96:5f:37:c4:e8:6e:da:34:
         a0:58:b6:e6:33:15:16:80:9c:56:f5:f5:9d:9d:4e:2a:79:51:
         2e:11:0f:4d:e9:68:eb:5f:a5:b1:3f:02:c4:8b:eb:15:f2:8d:
         d0:f4:ea:ec:29:50:82:d9:4d:32:14:e9:7c:af:58:f8:4e:d3:
         e6:3d:6d:64:3e:1c:23:1a:b1:4e:01:06:5d:c6:35:63:e8:38:
         91:84:68:e3:36:f8:fb:96:b1:c1:34:6b:e2:c5:49:fc:66:e1:
         c8:21:87:37
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUchhUQ0SW98yG1twVQXhvGLGocGIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA1MTcwNzM3NTdaFw0yNjA1MTYwNzQyNTdaMDMxMTAvBgNV
BAMTKDZEMThFMkQxN0IyNTdEOTg1OENGRjE4RjY1Nzk5MTY3NjlGOTU3M0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC41i1CFCUUb1z8JEVNlafEMkzA
FxfiLVNHnOPGE3lqQmnA+zC4b+t93V+BThWljBvfcQTg7oG01V7LSKbj6+7QDE3S
qGHOqJ8YlJUmcpkJPusq+RrZpYNBn/KBcUic0NAo2IkPlF8mYmutE6e7ihElDTAl
WhTmW8N4DVxgfYC+dFnJmbCNT1UPOQK2xwa+ZBBrIb7bdXXe+5fzKTLx3Ugq6WgU
1GRdDdLESVNVG/xSpnQNVlDqOPeEhnjFqsIQr4E8lGOxKKooBmYeVympkO4l1u65
4lOxqH9CljY4NGJFY1bzN5NbZhqUVfuF/w6PaOGzr2DMraMxiy9yl2golrlTAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUbRji0XslfZhYz/GPZXmRZ2n5VzwwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE0NDMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAm3Va
MA0GCSqGSIb3DQEBCwUAA4IBAQB7z1LS6rsCrSXzeXumgTswv9CLyNvZkVG+xUiq
0dH5ZiISmMP6g33OxqxbRWx3Ec59OBJSMQhXJM0F9XTmlit4KI95tDtZje3RMxMX
fFuJ9EionJ1+QZG6uT2uQO3hAAcAvuDdROy1vEjlcIjmiL6CfLjXWlOi8YGM50NR
0yeglH0CHIAe5xcjbuR/fNibKZNZPfgDrRWQ6SdNll83xOhu2jSgWLbmMxUWgJxW
9fWdnU4qeVEuEQ9N6WjrX6WxPwLEi+sV8o3Q9OrsKVCC2U0yFOl8r1j4TtPmPW1k
PhwjGrFOAQZdxjVj6DiRhGjjNvj7lrHBNGvixUn8ZuHIIYc3
-----END CERTIFICATE-----