Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS214432.roa
File:                     AS214432.roa (raw, json)
Hash identifier:          ZOZVU0gaB1zLrogTsATuG/tPO3vQAEUVKlSRdlaQ6PY=
Subject key identifier:   FE:3F:78:55:B2:33:7E:19:8B:31:C4:C0:74:97:80:88:68:3B:C9:7B
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       39CC9EEC4E842C90BC8BC7E295D922BEFE3D3933
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS214432.roa
Signing time:             Sun 24 May 2026 16:24:13 +0000
ROA not before:           Sun 24 May 2026 16:19:13 +0000
ROA not after:            Sun 23 May 2027 16:24:13 +0000
asID:                     214432
IP address blocks:        212.60.149.0/24 maxlen: 24
                          212.60.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 04:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:cc:9e:ec:4e:84:2c:90:bc:8b:c7:e2:95:d9:22:be:fe:3d:39:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: May 24 16:19:13 2026 GMT
            Not After : May 23 16:24:13 2027 GMT
        Subject: CN=FE3F7855B2337E198B31C4C074978088683BC97B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:3d:9b:f0:cc:9b:8b:49:18:32:ce:08:19:b4:
                    77:20:b5:da:dc:48:36:a0:ca:86:47:95:97:d2:33:
                    df:d2:0b:a9:0a:28:7c:b6:79:4d:6c:17:7f:56:d8:
                    96:0d:6a:bf:fe:fb:1c:e8:4d:05:19:61:cc:c4:0b:
                    69:b3:ca:6b:b1:87:0e:0d:b8:e9:ce:20:10:be:92:
                    a9:06:13:d0:e8:d3:29:1c:75:be:85:87:a5:07:ab:
                    41:6b:75:b9:65:ca:33:04:b0:b9:7b:0d:bd:22:5f:
                    2a:98:c4:58:b7:eb:d7:23:5b:8a:3f:6e:8a:4b:c1:
                    8a:e6:fe:b1:c8:ab:94:98:bd:48:f3:00:6f:94:84:
                    d3:7f:24:7b:e6:4d:37:53:42:c2:cb:9a:37:3b:05:
                    71:d7:01:2e:e8:ee:d0:b9:48:21:01:60:6a:75:d8:
                    5f:ef:96:c9:47:4c:20:50:3e:d6:52:50:8d:a5:c3:
                    c6:ac:da:d4:d2:59:ac:77:13:36:19:ee:bc:d1:2d:
                    dd:16:05:ed:13:55:2b:49:d8:a1:2d:8c:ea:fb:1f:
                    76:d4:41:5a:99:a0:65:77:ea:52:a5:12:fc:11:80:
                    bb:30:2b:36:fc:1b:aa:df:86:ae:61:74:96:87:c7:
                    a2:6a:85:47:11:90:a9:77:9a:92:2a:ef:d6:41:70:
                    7b:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:3F:78:55:B2:33:7E:19:8B:31:C4:C0:74:97:80:88:68:3B:C9:7B
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS214432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.60.149.0-212.60.150.255

    Signature Algorithm: sha256WithRSAEncryption
         60:4a:9b:5b:4f:92:2e:e9:29:f1:61:4f:bc:c5:6e:0b:ef:b9:
         94:77:c3:9d:39:87:21:84:36:67:72:3d:d1:e1:22:0a:ba:59:
         fe:06:c7:3d:e8:bd:55:29:5d:6e:f2:5c:06:6d:de:46:7c:ec:
         40:8b:5a:da:25:66:2b:76:0a:4e:dc:61:d5:f2:f5:74:f6:c7:
         21:02:d5:a1:7d:5b:83:7d:be:5d:ac:df:32:c0:06:be:5f:e5:
         b2:b8:ca:b9:be:15:eb:11:f7:22:eb:3c:f2:91:5e:0c:16:03:
         5b:97:3f:c2:bc:19:e9:c0:e1:e0:ab:72:3b:86:9c:57:e9:81:
         50:27:4e:05:4d:9f:dd:ed:d1:c0:02:2e:97:da:9a:23:62:fb:
         e5:31:9c:89:55:33:a9:9e:9a:80:29:de:3e:84:87:6d:59:ba:
         07:f1:2c:71:37:63:2e:23:73:d2:0f:7c:02:a5:f4:75:61:9b:
         5a:20:6c:01:f1:6a:21:aa:37:89:d5:e2:8d:e4:57:06:40:6a:
         fb:18:18:29:bf:c8:6a:10:17:28:c5:e6:42:df:44:35:f4:eb:
         2f:2f:fc:ec:be:4f:5e:bc:dc:81:f1:25:57:06:ab:be:58:3a:
         94:52:b9:02:05:fd:2a:55:e1:23:1d:22:37:6f:dd:d5:ff:63:
         55:3b:91:08
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgIUOcye7E6ELJC8i8fildkivv49OTMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNjA1MjQxNjE5MTNaFw0yNzA1MjMxNjI0MTNaMDMxMTAvBgNV
BAMTKEZFM0Y3ODU1QjIzMzdFMTk4QjMxQzRDMDc0OTc4MDg4NjgzQkM5N0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyPZvwzJuLSRgyzggZtHcgtdrc
SDagyoZHlZfSM9/SC6kKKHy2eU1sF39W2JYNar/++xzoTQUZYczEC2mzymuxhw4N
uOnOIBC+kqkGE9Do0ykcdb6Fh6UHq0FrdbllyjMEsLl7Db0iXyqYxFi369cjW4o/
bopLwYrm/rHIq5SYvUjzAG+UhNN/JHvmTTdTQsLLmjc7BXHXAS7o7tC5SCEBYGp1
2F/vlslHTCBQPtZSUI2lw8as2tTSWax3EzYZ7rzRLd0WBe0TVStJ2KEtjOr7H3bU
QVqZoGV36lKlEvwRgLswKzb8G6rfhq5hdJaHx6JqhUcRkKl3mpIq79ZBcHt5AgMB
AAGjggISMIICDjAdBgNVHQ4EFgQU/j94VbIzfhmLMcTAdJeAiGg7yXswHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMjE0NDMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADU
PJUDBADUPJYwDQYJKoZIhvcNAQELBQADggEBAGBKm1tPki7pKfFhT7zFbgvvuZR3
w505hyGENmdyPdHhIgq6Wf4Gxz3ovVUpXW7yXAZt3kZ87ECLWtolZit2Ck7cYdXy
9XT2xyEC1aF9W4N9vl2s3zLABr5f5bK4yrm+FesR9yLrPPKRXgwWA1uXP8K8GenA
4eCrcjuGnFfpgVAnTgVNn93t0cACLpfamiNi++UxnIlVM6memoAp3j6Eh21Zugfx
LHE3Yy4jc9IPfAKl9HVhm1ogbAHxaiGqN4nV4o3kVwZAavsYGCm/yGoQFyjF5kLf
RDX06y8v/Oy+T1683IHxJVcGq75YOpRSuQIF/SpV4SMdIjdv3dX/Y1U7kQg=
-----END CERTIFICATE-----