Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214618.roa
File:                     AS214618.roa (raw, json)
Hash identifier:          Q7EZdPGA1myjbCt5E3KOc+2Z6toxthsyAwpMOt46LPw=
Subject key identifier:   E0:BF:C9:91:78:A6:4A:47:D7:0A:42:3D:1D:B4:E1:B8:EC:24:42:33
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       5E77E97F2113C11410C76D6366A4E7EF8F2135CF
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214618.roa
Signing time:             Mon 02 Jun 2025 10:54:08 +0000
ROA not before:           Mon 02 Jun 2025 10:49:08 +0000
ROA not after:            Mon 01 Jun 2026 10:54:08 +0000
asID:                     214618
IP address blocks:        146.103.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 05:53:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:77:e9:7f:21:13:c1:14:10:c7:6d:63:66:a4:e7:ef:8f:21:35:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun  2 10:49:08 2025 GMT
            Not After : Jun  1 10:54:08 2026 GMT
        Subject: CN=E0BFC99178A64A47D70A423D1DB4E1B8EC244233
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:20:0c:e6:0d:7c:57:28:6e:4e:df:47:65:24:
                    3e:88:c4:25:1f:67:e2:09:8a:b4:85:3d:1e:37:79:
                    b1:8b:01:0d:94:ae:b3:4f:cf:29:c9:7e:0b:18:2e:
                    6b:7e:43:e6:ff:51:68:2d:29:8d:07:a9:97:9f:16:
                    22:2b:97:a0:b8:c4:f0:8a:7f:5d:f1:f5:36:b2:be:
                    2b:0f:da:82:9e:22:33:fe:77:75:77:78:7b:19:7d:
                    5d:ba:88:57:00:a6:1e:80:87:22:c6:1e:d4:da:f6:
                    e2:ac:4b:d3:b9:5f:ba:90:45:90:e4:6a:a3:16:20:
                    f0:af:0e:82:19:86:3a:43:2c:71:dd:c7:e2:c8:32:
                    cb:e9:46:e2:45:e3:d0:0c:b5:b6:f5:47:08:a9:3b:
                    09:32:c8:9d:41:03:61:e6:4f:16:58:50:cd:fd:3d:
                    3d:67:69:74:b8:15:b8:bf:1e:96:2c:c7:1e:68:4d:
                    51:36:44:6c:1f:62:3d:61:bd:b7:f5:08:69:49:a7:
                    d2:77:84:57:30:f6:01:44:d0:65:f4:1d:4e:2b:6f:
                    af:91:77:8b:1c:51:0d:1b:e6:75:37:6f:4d:ae:68:
                    45:5e:70:a3:bf:91:eb:c3:51:9b:45:07:6c:ef:bc:
                    6d:1a:69:ea:f5:83:77:0a:76:22:50:31:4e:48:29:
                    ee:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:BF:C9:91:78:A6:4A:47:D7:0A:42:3D:1D:B4:E1:B8:EC:24:42:33
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214618.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:cb:5c:0f:54:81:56:7d:53:eb:d4:7d:a5:94:5d:dc:eb:2d:
         85:07:41:19:e1:82:49:13:d0:8c:42:ad:66:1f:89:4b:0f:61:
         c2:5d:27:d8:37:50:14:1d:be:9b:5b:57:ec:9a:42:c0:07:6d:
         cf:ec:78:b5:fb:b6:6d:19:4c:63:fb:97:b3:64:41:31:37:d0:
         bb:5f:a2:ab:f1:4a:e7:41:c9:e8:a2:2a:aa:79:4f:90:49:26:
         e9:e8:76:b6:e1:a8:a6:d8:54:e0:88:72:58:f9:fd:d0:59:78:
         56:ce:85:6b:b9:9b:88:b4:97:6e:78:3f:ba:f9:2d:26:55:5c:
         13:dd:0b:c8:52:90:e0:4e:ae:ef:90:55:af:a3:c9:7c:9b:13:
         d1:b2:6f:f6:a7:d7:a5:27:39:df:b4:f6:35:87:2f:64:dd:2f:
         cc:ff:5b:97:92:d3:d9:00:5f:47:67:a0:4c:14:c0:43:15:76:
         93:78:16:26:db:af:47:04:39:85:42:d8:da:61:67:bf:9c:be:
         82:3d:5a:29:46:88:32:97:b8:71:73:3f:a3:89:d5:ee:03:92:
         93:6f:51:44:51:83:13:20:28:8c:81:58:49:a4:f1:a8:e1:86:
         5a:1d:04:52:a5:78:80:d5:bd:fc:2b:0d:b8:2a:3c:02:6a:df:
         97:05:55:56
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUXnfpfyETwRQQx21jZqTn748hNc8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA2MDIxMDQ5MDhaFw0yNjA2MDExMDU0MDhaMDMxMTAvBgNV
BAMTKEUwQkZDOTkxNzhBNjRBNDdENzBBNDIzRDFEQjRFMUI4RUMyNDQyMzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvIAzmDXxXKG5O30dlJD6IxCUf
Z+IJirSFPR43ebGLAQ2UrrNPzynJfgsYLmt+Q+b/UWgtKY0HqZefFiIrl6C4xPCK
f13x9TayvisP2oKeIjP+d3V3eHsZfV26iFcAph6AhyLGHtTa9uKsS9O5X7qQRZDk
aqMWIPCvDoIZhjpDLHHdx+LIMsvpRuJF49AMtbb1RwipOwkyyJ1BA2HmTxZYUM39
PT1naXS4Fbi/HpYsxx5oTVE2RGwfYj1hvbf1CGlJp9J3hFcw9gFE0GX0HU4rb6+R
d4scUQ0b5nU3b02uaEVecKO/kevDUZtFB2zvvG0aaer1g3cKdiJQMU5IKe6zAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU4L/JkXimSkfXCkI9HbThuOwkQjMwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE0NjE4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkmc8
MA0GCSqGSIb3DQEBCwUAA4IBAQCmy1wPVIFWfVPr1H2llF3c6y2FB0EZ4YJJE9CM
Qq1mH4lLD2HCXSfYN1AUHb6bW1fsmkLAB23P7Hi1+7ZtGUxj+5ezZEExN9C7X6Kr
8UrnQcnooiqqeU+QSSbp6Ha24aim2FTgiHJY+f3QWXhWzoVruZuItJdueD+6+S0m
VVwT3QvIUpDgTq7vkFWvo8l8mxPRsm/2p9elJznftPY1hy9k3S/M/1uXktPZAF9H
Z6BMFMBDFXaTeBYm269HBDmFQtjaYWe/nL6CPVopRogyl7hxcz+jidXuA5KTb1FE
UYMTICiMgVhJpPGo4YZaHQRSpXiA1b38Kw24KjwCat+XBVVW
-----END CERTIFICATE-----