Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214669.roa
File:                     AS214669.roa (raw, json)
Hash identifier:          jJBOz60BGXEzQtBDf9XzfnpZzcUw607rcLYutin6s+Y=
Subject key identifier:   0A:4F:09:01:5B:4D:A9:61:60:C3:AE:49:06:E0:36:76:11:35:A1:15
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       5DE47449400AEBCFEBAB4F30CAD90DA8A66631CC
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214669.roa
Signing time:             Wed 01 Oct 2025 09:47:27 +0000
ROA not before:           Wed 01 Oct 2025 09:42:27 +0000
ROA not after:            Wed 30 Sep 2026 09:47:27 +0000
asID:                     214669
IP address blocks:        143.14.151.0/24 maxlen: 24
                          150.241.237.0/24 maxlen: 24
                          155.117.163.0/24 maxlen: 24
                          167.148.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 18:49:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:e4:74:49:40:0a:eb:cf:eb:ab:4f:30:ca:d9:0d:a8:a6:66:31:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Oct  1 09:42:27 2025 GMT
            Not After : Sep 30 09:47:27 2026 GMT
        Subject: CN=0A4F09015B4DA96160C3AE4906E036761135A115
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:49:9b:42:3f:f7:51:5c:31:42:0b:72:3a:a3:
                    b6:f3:30:b2:2a:4f:49:6d:98:fd:59:99:d9:c5:c4:
                    34:24:1d:ba:6e:3e:6a:f7:fe:11:6c:c6:aa:50:91:
                    7b:90:7b:7e:91:2c:54:a4:5d:45:11:ea:43:b2:b3:
                    1a:4f:b7:b4:66:29:bf:32:ce:fc:86:d6:15:14:8b:
                    b8:bd:97:50:75:1b:5b:90:00:a4:1c:ab:08:1b:03:
                    2c:cf:0f:83:82:b3:a1:ae:08:c9:3a:0a:3d:ae:2c:
                    57:a2:4f:24:97:22:f3:ef:98:46:99:58:46:a9:5f:
                    09:16:f5:f8:d8:fe:55:c2:f4:2f:69:8d:0f:64:08:
                    66:11:5f:5f:ac:f3:ff:9a:04:34:2d:58:47:b3:eb:
                    70:69:b7:0e:e9:36:53:5f:43:50:58:db:eb:dd:99:
                    a7:28:ec:29:83:e6:8f:e5:fa:f1:17:c9:19:12:7a:
                    a1:2b:e5:f9:0a:06:f1:3e:0c:63:27:a0:dc:48:cd:
                    b2:fa:c7:0b:bb:98:d3:fd:13:86:b1:45:ea:3f:e5:
                    fc:05:20:ed:77:19:26:c0:dc:66:57:d6:2e:cb:16:
                    7d:62:81:e5:e0:13:28:97:35:98:4d:81:91:16:4a:
                    22:51:be:31:fe:87:d3:37:9d:7e:c3:6c:fd:bf:40:
                    1c:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:4F:09:01:5B:4D:A9:61:60:C3:AE:49:06:E0:36:76:11:35:A1:15
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214669.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.151.0/24
                  150.241.237.0/24
                  155.117.163.0/24
                  167.148.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:4a:8e:2a:63:d2:a2:0b:00:a2:48:f2:b4:63:da:4a:65:64:
         09:31:6d:8f:0c:21:52:11:a7:fb:c3:1e:28:1f:6f:26:97:75:
         5c:9a:6b:93:8b:f0:50:7f:4a:b5:34:a1:e6:f0:d4:e5:ef:83:
         d3:f3:c4:e8:1e:37:83:2d:c7:6c:57:e0:52:ce:ff:b8:3f:ff:
         16:ca:82:b1:de:cb:9f:46:d8:e3:ae:e2:c1:b1:1f:65:cf:1a:
         aa:a7:a1:82:c1:ea:a4:b9:d6:16:b7:ad:1d:7e:a6:e5:f6:c8:
         0f:c4:46:d0:6f:d8:3a:f6:ac:b5:c9:bf:a6:b8:88:ed:59:ea:
         3c:89:7a:e2:d7:86:5c:d2:43:7d:d6:d5:83:a1:95:9e:12:5a:
         de:cf:84:9b:18:ff:cb:ef:3a:75:e2:2a:c2:e9:97:1c:2d:e8:
         50:32:de:5d:24:ad:ce:d4:99:de:aa:89:62:46:f7:26:f8:55:
         0b:a2:a5:4c:75:a7:69:9e:0d:08:40:b3:68:3d:1a:ab:e6:75:
         e0:0c:b5:28:ac:c5:d3:5f:c3:74:b1:cf:ae:20:30:fa:43:5e:
         e8:61:33:05:55:55:8e:f9:9d:5d:23:14:64:82:0d:b3:7c:28:
         72:2b:71:e8:c2:9b:f9:cf:96:16:77:da:38:d7:4b:6a:c8:3d:
         b2:fc:5c:2d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgIUXeR0SUAK68/rq08wytkNqKZmMcwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEwMDEwOTQyMjdaFw0yNjA5MzAwOTQ3MjdaMDMxMTAvBgNV
BAMTKDBBNEYwOTAxNUI0REE5NjE2MEMzQUU0OTA2RTAzNjc2MTEzNUExMTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWSZtCP/dRXDFCC3I6o7bzMLIq
T0ltmP1ZmdnFxDQkHbpuPmr3/hFsxqpQkXuQe36RLFSkXUUR6kOysxpPt7RmKb8y
zvyG1hUUi7i9l1B1G1uQAKQcqwgbAyzPD4OCs6GuCMk6Cj2uLFeiTySXIvPvmEaZ
WEapXwkW9fjY/lXC9C9pjQ9kCGYRX1+s8/+aBDQtWEez63Bptw7pNlNfQ1BY2+vd
maco7CmD5o/l+vEXyRkSeqEr5fkKBvE+DGMnoNxIzbL6xwu7mNP9E4axReo/5fwF
IO13GSbA3GZX1i7LFn1igeXgEyiXNZhNgZEWSiJRvjH+h9M3nX7DbP2/QBwLAgMB
AAGjggIcMIICGDAdBgNVHQ4EFgQUCk8JAVtNqWFgw65JBuA2dhE1oRUwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE0NjY5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAjw6X
AwQAlvHtAwQAm3WjAwQAp5R1MA0GCSqGSIb3DQEBCwUAA4IBAQCVSo4qY9KiCwCi
SPK0Y9pKZWQJMW2PDCFSEaf7wx4oH28ml3VcmmuTi/BQf0q1NKHm8NTl74PT88To
HjeDLcdsV+BSzv+4P/8WyoKx3sufRtjjruLBsR9lzxqqp6GCweqkudYWt60dfqbl
9sgPxEbQb9g69qy1yb+muIjtWeo8iXri14Zc0kN91tWDoZWeElrez4SbGP/L7zp1
4irC6ZccLehQMt5dJK3O1JneqoliRvcm+FULoqVMdadpng0IQLNoPRqr5nXgDLUo
rMXTX8N0sc+uIDD6Q17oYTMFVVWO+Z1dIxRkgg2zfChyK3Howpv5z5YWd9o410tq
yD2y/Fwt
-----END CERTIFICATE-----
Generated at Tue Oct 21 11:01:42 2025 by rpki-client