Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214647.roa
File:                     AS214647.roa (raw, json)
Hash identifier:          JaEU3FMP9TOZ2rfvL49VyMXqrV/toDtk3rgfdUmHJmI=
Subject key identifier:   54:6C:80:9B:DB:0B:40:C7:81:1E:03:8E:A1:B5:D0:1F:71:68:55:D1
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       1430AB94BA628FB1575A93D1FE3B60F9D3F32842
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214647.roa
Signing time:             Wed 03 Jun 2026 15:33:30 +0000
ROA not before:           Wed 03 Jun 2026 15:28:30 +0000
ROA not after:            Wed 02 Jun 2027 15:33:30 +0000
asID:                     214647
IP address blocks:        143.14.122.0/24 maxlen: 24
                          155.117.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:08:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:30:ab:94:ba:62:8f:b1:57:5a:93:d1:fe:3b:60:f9:d3:f3:28:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun  3 15:28:30 2026 GMT
            Not After : Jun  2 15:33:30 2027 GMT
        Subject: CN=546C809BDB0B40C7811E038EA1B5D01F716855D1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:ac:fd:02:70:fb:7c:ef:74:a7:d0:f6:39:64:
                    bb:73:8f:b2:23:40:82:53:44:ae:16:eb:82:a0:0b:
                    3d:6d:74:27:44:d4:01:49:0b:94:55:72:fe:3f:8f:
                    01:f5:9e:8c:1e:62:b6:2e:d2:9a:5b:8f:df:32:86:
                    2f:03:6b:3a:90:d8:bd:84:1b:7d:c5:0b:1b:05:89:
                    7b:fc:52:00:92:31:53:4e:6a:9f:c0:57:e0:42:a9:
                    a6:0e:a3:51:2a:64:92:ce:b7:9c:5c:b6:ab:0c:75:
                    ff:7b:af:d8:3c:4e:da:06:0d:09:34:67:d4:54:2a:
                    19:1c:7f:61:3a:63:88:f5:fd:3f:ab:c9:2b:9c:6c:
                    53:9f:e0:b8:59:f6:e8:83:e1:59:c5:ba:2b:73:c7:
                    4d:86:a2:f6:ce:23:ec:ce:0f:6b:95:03:f3:24:82:
                    46:4f:15:c7:a4:43:25:51:e3:90:9b:9e:97:40:8f:
                    db:70:e7:82:63:f3:21:60:36:8a:52:24:04:2b:49:
                    a5:e5:b1:35:e7:b9:28:c3:b9:a1:96:4f:66:e1:d6:
                    a2:42:a5:4f:49:32:ef:3d:5c:a1:54:af:24:1e:44:
                    3a:65:cb:81:a5:9c:80:b1:e1:9a:17:df:ce:e4:2a:
                    eb:b6:07:9e:e2:a8:f7:3e:e6:4f:84:0b:fb:b6:39:
                    25:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:6C:80:9B:DB:0B:40:C7:81:1E:03:8E:A1:B5:D0:1F:71:68:55:D1
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214647.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.122.0/24
                  155.117.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:49:26:a3:4e:84:c0:d9:07:c1:44:d9:35:1c:9c:41:a8:6a:
         2c:77:ab:ed:45:5a:d1:5c:94:da:df:d9:6d:14:c1:44:b5:7a:
         fa:b9:ba:29:69:8b:1d:51:ec:22:2c:1b:5b:3e:75:cf:e4:89:
         2f:42:46:0d:16:08:a5:15:57:34:3a:94:29:7f:75:55:7b:ea:
         ec:47:0e:c4:1c:fe:c4:c7:b9:47:7e:45:27:0c:22:83:37:96:
         f0:c6:af:d4:e5:8f:5f:af:9e:8c:9a:4a:70:cd:f4:45:24:1e:
         e5:4f:25:a8:c0:ed:50:03:15:22:d5:e6:aa:e8:0b:f9:7c:92:
         d3:8a:1b:9d:39:b7:d7:dd:4f:04:ca:98:26:cb:27:c3:99:cf:
         de:52:5e:62:3c:48:8d:d5:1c:bf:65:0a:65:6b:6a:7d:77:d0:
         32:17:39:a5:6f:b4:7b:93:f8:6f:3f:40:a2:32:a4:ef:59:33:
         88:7c:10:f6:53:df:c4:69:8a:0e:ad:a2:c4:3d:fb:80:d6:8a:
         7a:27:08:5f:71:bf:2b:1d:f9:6d:a3:d3:e5:cf:b1:b8:d2:d8:
         4e:6d:6b:7c:86:94:f6:02:19:6a:ab:36:14:ec:ae:4f:27:9a:
         9d:94:fe:0b:9c:b4:a1:70:ac:52:2b:9e:5f:2a:2e:6f:2c:79:
         5e:85:46:fd
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUFDCrlLpij7FXWpPR/jtg+dPzKEIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MDMxNTI4MzBaFw0yNzA2MDIxNTMzMzBaMDMxMTAvBgNV
BAMTKDU0NkM4MDlCREIwQjQwQzc4MTFFMDM4RUExQjVEMDFGNzE2ODU1RDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLrP0CcPt873Sn0PY5ZLtzj7Ij
QIJTRK4W64KgCz1tdCdE1AFJC5RVcv4/jwH1noweYrYu0ppbj98yhi8DazqQ2L2E
G33FCxsFiXv8UgCSMVNOap/AV+BCqaYOo1EqZJLOt5xctqsMdf97r9g8TtoGDQk0
Z9RUKhkcf2E6Y4j1/T+rySucbFOf4LhZ9uiD4VnFuitzx02GovbOI+zOD2uVA/Mk
gkZPFcekQyVR45CbnpdAj9tw54Jj8yFgNopSJAQrSaXlsTXnuSjDuaGWT2bh1qJC
pU9JMu89XKFUryQeRDply4GlnICx4ZoX387kKuu2B57iqPc+5k+EC/u2OSXJAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUVGyAm9sLQMeBHgOOobXQH3FoVdEwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE0NjQ3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjw56
AwQAm3WJMA0GCSqGSIb3DQEBCwUAA4IBAQAjSSajToTA2QfBRNk1HJxBqGosd6vt
RVrRXJTa39ltFMFEtXr6ubopaYsdUewiLBtbPnXP5IkvQkYNFgilFVc0OpQpf3VV
e+rsRw7EHP7Ex7lHfkUnDCKDN5bwxq/U5Y9fr56MmkpwzfRFJB7lTyWowO1QAxUi
1eaq6Av5fJLTihudObfX3U8EypgmyyfDmc/eUl5iPEiN1Ry/ZQpla2p9d9AyFzml
b7R7k/hvP0CiMqTvWTOIfBD2U9/EaYoOraLEPfuA1op6Jwhfcb8rHflto9Plz7G4
0thObWt8hpT2AhlqqzYU7K5PJ5qdlP4LnLShcKxSK55fKi5vLHlehUb9
-----END CERTIFICATE-----