Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214481.roa
File:                     AS214481.roa (raw, json)
Hash identifier:          dSncpBo0zUyTsbTNxUlgASjoB3OVaZQAqKzCdEYuSdY=
Subject key identifier:   ED:65:84:EA:23:3E:13:82:D8:C8:0D:89:9B:B3:C9:9F:A7:E9:20:71
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3509F2DD525A8CD813BCC54939BE121393A44BD9
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214481.roa
Signing time:             Tue 16 Jun 2026 20:47:37 +0000
ROA not before:           Tue 16 Jun 2026 20:42:37 +0000
ROA not after:            Tue 15 Jun 2027 20:47:37 +0000
asID:                     214481
IP address blocks:        191.96.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Jul 2026 07:32:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:09:f2:dd:52:5a:8c:d8:13:bc:c5:49:39:be:12:13:93:a4:4b:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 16 20:42:37 2026 GMT
            Not After : Jun 15 20:47:37 2027 GMT
        Subject: CN=ED6584EA233E1382D8C80D899BB3C99FA7E92071
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:8c:c5:55:10:21:fe:5e:0d:11:ec:31:45:d0:
                    ba:8f:f3:5e:45:3e:c0:c4:1c:55:c2:a2:12:e9:38:
                    fb:ef:9f:c2:18:0e:31:84:54:86:7a:2a:8d:24:13:
                    cb:d9:14:12:6b:6a:2a:63:b9:1d:18:e9:57:1c:62:
                    60:3d:e3:84:d4:79:9a:ea:39:d1:54:18:f1:fc:7d:
                    d1:7e:e7:c0:e2:ea:24:7b:28:82:02:90:6d:57:ab:
                    61:08:95:f3:91:8b:df:48:86:1d:d9:82:53:f8:57:
                    52:44:ba:06:d5:03:c7:9e:4f:81:2d:35:e9:ca:e1:
                    f7:b6:9a:c2:76:25:58:5b:1d:60:b1:b5:c7:8b:24:
                    d7:ba:5b:39:b8:60:be:be:e5:f9:b9:76:aa:41:af:
                    2c:e5:8b:15:e9:0f:4d:d1:96:93:56:57:9a:90:bf:
                    cf:d1:7a:bc:56:d4:f0:2c:ec:30:29:e5:65:34:ea:
                    8d:99:71:5d:1a:da:10:b8:02:40:a9:ac:f9:fb:43:
                    90:87:23:78:4a:bf:3d:08:a2:98:ea:6a:85:bf:f3:
                    07:4c:18:e3:e1:ca:17:12:1b:69:85:c2:e7:d4:cc:
                    7d:c5:de:ba:f4:ed:7d:b8:d0:ea:c7:18:37:5b:1c:
                    5f:c6:16:87:44:b0:5e:72:83:ee:0f:0f:34:e6:eb:
                    17:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:65:84:EA:23:3E:13:82:D8:C8:0D:89:9B:B3:C9:9F:A7:E9:20:71
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214481.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:c3:f6:82:0c:7d:fe:16:8e:4f:e5:f5:13:bf:de:b1:00:8b:
         20:ea:0e:70:7b:7d:66:89:79:e0:5e:f9:88:b6:74:0c:72:25:
         9e:e5:bd:fb:b3:34:f9:96:74:86:56:ed:41:7b:90:38:26:db:
         6b:98:e1:11:be:d6:b9:ea:3c:17:03:0d:cb:62:cf:f1:56:b3:
         d6:85:8b:58:45:e4:4c:81:d4:2f:fb:24:3d:12:e6:c6:8b:d2:
         a4:9c:a6:21:42:45:20:5a:51:3d:4f:f7:b1:f4:59:ce:06:68:
         8d:d7:4a:4d:66:9c:d5:fd:63:dc:47:a8:ed:7c:9b:6a:88:ea:
         e7:db:5f:41:5d:57:eb:c9:dc:44:d4:3a:3d:ae:f1:cf:60:1e:
         b9:b3:5c:e3:b0:bf:18:7c:28:cf:4a:59:2c:8d:ad:01:fa:c1:
         94:53:72:00:82:3e:4f:7a:46:a5:b7:40:7c:99:4d:45:e8:77:
         c3:74:47:d1:32:ec:4d:bb:d7:cb:37:9e:1c:d5:78:2d:19:c7:
         59:e6:27:3e:d5:c0:26:2b:7c:a2:48:5b:72:c8:c6:08:88:99:
         c5:3b:12:31:ba:40:5c:c6:22:c8:e4:bd:25:29:85:00:00:4a:
         1e:90:78:e7:80:80:67:9d:3f:66:b4:8a:cc:83:b1:96:45:64:
         5b:12:05:c2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUNQny3VJajNgTvMVJOb4SE5OkS9kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA2MTYyMDQyMzdaFw0yNzA2MTUyMDQ3MzdaMDMxMTAvBgNV
BAMTKEVENjU4NEVBMjMzRTEzODJEOEM4MEQ4OTlCQjNDOTlGQTdFOTIwNzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyjMVVECH+Xg0R7DFF0LqP815F
PsDEHFXCohLpOPvvn8IYDjGEVIZ6Ko0kE8vZFBJraipjuR0Y6VccYmA944TUeZrq
OdFUGPH8fdF+58Di6iR7KIICkG1Xq2EIlfORi99Ihh3ZglP4V1JEugbVA8eeT4Et
NenK4fe2msJ2JVhbHWCxtceLJNe6Wzm4YL6+5fm5dqpBryzlixXpD03RlpNWV5qQ
v8/RerxW1PAs7DAp5WU06o2ZcV0a2hC4AkCprPn7Q5CHI3hKvz0IopjqaoW/8wdM
GOPhyhcSG2mFwufUzH3F3rr07X240OrHGDdbHF/GFodEsF5yg+4PDzTm6xfnAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU7WWE6iM+E4LYyA2Jm7PJn6fpIHEwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE0NDgxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2AL
MA0GCSqGSIb3DQEBCwUAA4IBAQBhw/aCDH3+Fo5P5fUTv96xAIsg6g5we31miXng
XvmItnQMciWe5b37szT5lnSGVu1Be5A4JttrmOERvta56jwXAw3LYs/xVrPWhYtY
ReRMgdQv+yQ9EubGi9KknKYhQkUgWlE9T/ex9FnOBmiN10pNZpzV/WPcR6jtfJtq
iOrn219BXVfrydxE1Do9rvHPYB65s1zjsL8YfCjPSlksja0B+sGUU3IAgj5Pekal
t0B8mU1F6HfDdEfRMuxNu9fLN54c1XgtGcdZ5ic+1cAmK3yiSFtyyMYIiJnFOxIx
ukBcxiLI5L0lKYUAAEoekHjngIBnnT9mtIrMg7GWRWRbEgXC
-----END CERTIFICATE-----
Generated at Sun Jul 19 16:39:25 2026 by rpki-client