Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214025.roa
File:                     AS214025.roa (raw, json)
Hash identifier:          9nLlXPI+6KVWTu0J2sfDBHCGFwAXa38iNMu1NbICc/4=
Subject key identifier:   78:85:E0:D3:39:5A:D7:54:26:95:39:C6:E0:72:10:43:70:04:5B:EB
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       16BB74669967A3A91FABD8ABED151830B2685CA8
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214025.roa
Signing time:             Wed 04 Mar 2026 11:48:59 +0000
ROA not before:           Wed 04 Mar 2026 11:43:59 +0000
ROA not after:            Wed 03 Mar 2027 11:48:59 +0000
asID:                     214025
IP address blocks:        103.141.68.0/24 maxlen: 24
                          185.141.166.0/24 maxlen: 24
                          185.151.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Mar 2026 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:bb:74:66:99:67:a3:a9:1f:ab:d8:ab:ed:15:18:30:b2:68:5c:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar  4 11:43:59 2026 GMT
            Not After : Mar  3 11:48:59 2027 GMT
        Subject: CN=7885E0D3395AD754269539C6E072104370045BEB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:c4:49:98:3d:73:47:d9:d9:66:7a:02:a0:ef:
                    0a:e9:f6:2a:d1:55:ff:66:b0:04:48:4c:71:08:56:
                    15:c5:12:e0:6a:6b:09:f9:0a:ee:9a:18:9e:db:71:
                    e5:ff:89:6f:c3:78:b8:45:99:4e:96:26:ef:07:0c:
                    a4:df:06:59:67:e7:e2:88:89:6c:5a:27:2a:00:81:
                    85:84:13:f3:5a:4a:c6:71:5d:c0:e2:7b:07:f5:df:
                    a5:03:d9:1c:07:72:e7:08:64:d9:2e:eb:b9:67:e4:
                    69:a9:34:74:17:5e:b1:73:40:da:db:8e:32:b9:52:
                    9f:3b:a4:17:76:52:09:f0:8f:a5:97:1a:3d:d7:2e:
                    4b:30:bb:54:a5:86:bf:57:d1:e9:c0:5e:15:58:1b:
                    7c:2c:e0:1d:67:d8:94:d8:85:bb:a7:c7:1e:29:84:
                    72:52:a9:cf:2e:9c:1f:75:00:36:c8:d9:65:36:d1:
                    9b:61:03:e3:96:e3:dc:81:b5:0c:d3:46:19:29:b0:
                    80:ff:f9:f4:46:87:2e:9e:f5:c7:bf:1a:21:75:9d:
                    1e:f6:dc:e7:4e:b2:82:1b:87:e6:5f:8a:92:d7:77:
                    30:f6:62:15:3a:1d:38:2e:03:74:cb:41:ad:2e:f7:
                    af:50:b6:09:6d:1e:07:4d:7f:cb:3a:e9:b2:c1:8f:
                    2d:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:85:E0:D3:39:5A:D7:54:26:95:39:C6:E0:72:10:43:70:04:5B:EB
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214025.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.141.68.0/24
                  185.141.166.0/24
                  185.151.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:38:5c:f7:26:ca:25:95:c2:96:6e:88:5c:ed:0b:c6:69:1d:
         f9:84:a8:54:df:5f:a3:94:0d:c9:05:d5:c0:9d:4e:3f:f3:06:
         60:62:5f:ef:9a:31:01:cc:76:56:aa:3a:b9:4d:15:84:d2:f0:
         9c:82:eb:9a:35:00:d8:c3:00:36:6a:75:1a:ba:87:69:c9:71:
         20:78:e6:b1:7c:8b:b8:56:89:fb:1d:a8:e0:2a:c7:53:de:4d:
         40:dd:89:c7:63:81:1a:e8:6d:a2:d3:83:6d:3c:5f:7b:bb:d5:
         44:4b:a5:b2:ca:0c:49:6e:ee:e6:88:e7:8d:20:e3:0d:93:5e:
         0e:92:cc:72:80:4d:bc:09:8c:fa:76:af:79:65:ca:4a:01:2c:
         74:f8:b5:0f:02:f7:70:ae:ee:6a:3c:dc:64:9b:db:47:19:1e:
         02:02:92:56:b5:da:84:41:aa:74:ad:5c:28:38:3f:13:d1:43:
         77:ad:a6:1e:a4:65:1f:d5:f0:71:7f:2a:a5:2c:19:2e:b8:92:
         4f:c0:6d:e8:de:cf:d5:b3:4a:8d:49:84:a0:0e:a5:84:2e:ed:
         91:fa:39:e8:fd:4e:04:38:01:4d:a3:2a:a0:c0:5f:94:26:a6:
         b3:61:44:1c:82:47:6d:92:19:17:1e:32:01:8a:13:07:06:03:
         4f:6e:11:66
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUFrt0Zplno6kfq9ir7RUYMLJoXKgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAzMDQxMTQzNTlaFw0yNzAzMDMxMTQ4NTlaMDMxMTAvBgNV
BAMTKDc4ODVFMEQzMzk1QUQ3NTQyNjk1MzlDNkUwNzIxMDQzNzAwNDVCRUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgxEmYPXNH2dlmegKg7wrp9irR
Vf9msARITHEIVhXFEuBqawn5Cu6aGJ7bceX/iW/DeLhFmU6WJu8HDKTfBlln5+KI
iWxaJyoAgYWEE/NaSsZxXcDiewf136UD2RwHcucIZNku67ln5GmpNHQXXrFzQNrb
jjK5Up87pBd2Ugnwj6WXGj3XLkswu1Slhr9X0enAXhVYG3ws4B1n2JTYhbunxx4p
hHJSqc8unB91ADbI2WU20ZthA+OW49yBtQzTRhkpsID/+fRGhy6e9ce/GiF1nR72
3OdOsoIbh+ZfipLXdzD2YhU6HTguA3TLQa0u969QtgltHgdNf8s66bLBjy2LAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUeIXg0zla11QmlTnG4HIQQ3AEW+swHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE0MDI1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAZ41E
AwQAuY2mAwQAuZc6MA0GCSqGSIb3DQEBCwUAA4IBAQCzOFz3JsollcKWbohc7QvG
aR35hKhU31+jlA3JBdXAnU4/8wZgYl/vmjEBzHZWqjq5TRWE0vCcguuaNQDYwwA2
anUauodpyXEgeOaxfIu4Von7HajgKsdT3k1A3YnHY4Ea6G2i04NtPF97u9VES6Wy
ygxJbu7miOeNIOMNk14OksxygE28CYz6dq95ZcpKASx0+LUPAvdwru5qPNxkm9tH
GR4CApJWtdqEQap0rVwoOD8T0UN3raYepGUf1fBxfyqlLBkuuJJPwG3o3s/Vs0qN
SYSgDqWELu2R+jno/U4EOAFNoyqgwF+UJqazYUQcgkdtkhkXHjIBihMHBgNPbhFm
-----END CERTIFICATE-----