Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214848.roa
File:                     AS214848.roa (raw, json)
Hash identifier:          E8RSn0wFDxo/7BonODzef+DDgPIiJMAGzQbesgBS8bk=
Subject key identifier:   63:6A:C7:F7:FC:22:3A:A0:10:3D:E9:0A:3F:4F:CB:AE:D2:DC:5F:E4
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       1ED1262BAF06A800C74710E728A12E58E12BDE39
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214848.roa
Signing time:             Wed 20 May 2026 03:21:25 +0000
ROA not before:           Wed 20 May 2026 03:16:25 +0000
ROA not after:            Wed 19 May 2027 03:21:25 +0000
asID:                     214848
IP address blocks:        96.62.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 May 2026 08:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:d1:26:2b:af:06:a8:00:c7:47:10:e7:28:a1:2e:58:e1:2b:de:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 20 03:16:25 2026 GMT
            Not After : May 19 03:21:25 2027 GMT
        Subject: CN=636AC7F7FC223AA0103DE90A3F4FCBAED2DC5FE4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:20:13:af:0e:60:00:02:b5:44:af:aa:17:b1:
                    2a:05:fe:cc:24:66:08:ad:4f:31:da:3d:86:55:9e:
                    ea:c8:27:8b:f4:6e:11:12:1f:d6:6e:57:62:c1:75:
                    44:6b:2c:23:5c:d2:d7:14:5c:c6:aa:ae:c6:e2:bc:
                    a4:35:47:82:51:b2:2d:ca:9c:58:89:1c:96:da:91:
                    97:6c:74:77:50:5f:ca:05:cf:0c:12:26:c3:60:2f:
                    89:38:12:3f:89:fc:d9:5e:ff:1a:18:c1:bd:c5:97:
                    c6:72:a2:d4:5c:5c:2c:c6:16:2a:f3:d5:5a:dc:76:
                    31:b5:c7:c3:2e:c3:39:27:41:01:5a:1b:90:d0:7a:
                    17:a0:e8:37:9a:e4:41:09:08:73:54:8c:61:65:e3:
                    28:1d:41:0e:76:f3:d5:67:9a:9c:1b:e0:6d:ff:bc:
                    55:4c:8a:b6:94:ca:d7:60:49:ce:75:9c:a1:6f:3f:
                    79:d1:bd:5c:40:97:33:30:da:1a:a2:61:c5:72:42:
                    24:03:b8:44:00:4e:e5:10:31:ea:cd:34:44:ec:7d:
                    10:fa:59:5a:ec:b3:2c:06:59:1e:f7:f8:3c:81:78:
                    c7:1c:95:dc:df:7f:ed:86:a6:2e:44:b3:94:38:3a:
                    dc:c6:76:16:e5:8e:51:a2:51:43:a1:6a:ce:89:9c:
                    4d:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:6A:C7:F7:FC:22:3A:A0:10:3D:E9:0A:3F:4F:CB:AE:D2:DC:5F:E4
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214848.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:45:77:4a:e4:d4:2b:a4:ef:1d:32:c1:a1:31:7a:97:2d:2e:
         39:fe:df:ca:58:87:1e:62:8c:0d:45:3f:66:b9:e9:2b:4e:c9:
         07:1a:03:38:40:8a:48:0a:4a:8c:84:dc:5d:92:8c:a6:b6:3a:
         19:15:d4:d0:5b:85:d9:b2:ec:4c:87:e5:49:82:8c:6f:7d:08:
         99:5e:da:5f:3f:5d:74:fe:52:b0:68:e5:6f:40:d4:d1:e5:17:
         97:d6:0d:09:12:0c:1d:33:f6:f6:9f:c3:85:13:03:53:ae:2a:
         e6:56:17:e2:5d:2a:b7:85:fe:74:6e:82:d2:ee:ab:11:31:4b:
         c1:be:04:c7:24:89:0b:ac:51:a2:5c:5a:bd:8f:52:e3:f9:b0:
         65:5c:86:ab:4c:d8:6a:8e:c8:be:8d:9b:41:46:3a:b0:0d:8b:
         6b:a5:f6:08:d9:20:3b:bb:2a:4c:d2:9c:27:d2:ca:a0:57:36:
         cc:43:c7:82:46:5a:a6:1f:f4:4b:98:82:0f:77:45:48:ca:cf:
         99:1f:b2:65:db:8d:97:89:aa:4b:bd:1d:f3:c6:37:40:11:16:
         38:d8:28:95:49:5b:63:df:9e:16:d2:cd:9e:a1:a9:a5:ba:09:
         10:90:5f:40:ea:28:de:fb:06:4c:42:61:94:de:98:d1:5a:8d:
         03:c4:4d:82
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUHtEmK68GqADHRxDnKKEuWOEr3jkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MjAwMzE2MjVaFw0yNzA1MTkwMzIxMjVaMDMxMTAvBgNV
BAMTKDYzNkFDN0Y3RkMyMjNBQTAxMDNERTkwQTNGNEZDQkFFRDJEQzVGRTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAIBOvDmAAArVEr6oXsSoF/swk
ZgitTzHaPYZVnurIJ4v0bhESH9ZuV2LBdURrLCNc0tcUXMaqrsbivKQ1R4JRsi3K
nFiJHJbakZdsdHdQX8oFzwwSJsNgL4k4Ej+J/Nle/xoYwb3Fl8ZyotRcXCzGFirz
1VrcdjG1x8MuwzknQQFaG5DQeheg6Dea5EEJCHNUjGFl4ygdQQ5289Vnmpwb4G3/
vFVMiraUytdgSc51nKFvP3nRvVxAlzMw2hqiYcVyQiQDuEQATuUQMerNNETsfRD6
WVrssywGWR73+DyBeMccldzff+2Gpi5Es5Q4OtzGdhbljlGiUUOhas6JnE3zAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUY2rH9/wiOqAQPekKP0/LrtLcX+QwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE0ODQ4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAYD5/
MA0GCSqGSIb3DQEBCwUAA4IBAQAiRXdK5NQrpO8dMsGhMXqXLS45/t/KWIceYowN
RT9muekrTskHGgM4QIpICkqMhNxdkoymtjoZFdTQW4XZsuxMh+VJgoxvfQiZXtpf
P110/lKwaOVvQNTR5ReX1g0JEgwdM/b2n8OFEwNTrirmVhfiXSq3hf50boLS7qsR
MUvBvgTHJIkLrFGiXFq9j1Lj+bBlXIarTNhqjsi+jZtBRjqwDYtrpfYI2SA7uypM
0pwn0sqgVzbMQ8eCRlqmH/RLmIIPd0VIys+ZH7Jl242XiapLvR3zxjdAERY42CiV
SVtj354W0s2eoamlugkQkF9A6ije+wZMQmGU3pjRWo0DxE2C
-----END CERTIFICATE-----