Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214154.roa
File:                     AS214154.roa (raw, json)
Hash identifier:          JAbeD3Xlbu7p37VSwXctfxvnj+kXSYIWy8LQihSg0T4=
Subject key identifier:   84:5C:60:81:48:1E:EC:C5:F8:AB:7E:2A:75:AB:0D:32:AF:B6:5F:D4
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       028011D305028A347A8A7F30E4C0AA735BB37A00
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214154.roa
Signing time:             Sat 16 May 2026 16:47:13 +0000
ROA not before:           Sat 16 May 2026 16:42:13 +0000
ROA not after:            Sat 15 May 2027 16:47:13 +0000
asID:                     214154
IP address blocks:        2a13:9500:93::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:80:11:d3:05:02:8a:34:7a:8a:7f:30:e4:c0:aa:73:5b:b3:7a:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 16 16:42:13 2026 GMT
            Not After : May 15 16:47:13 2027 GMT
        Subject: CN=845C6081481EECC5F8AB7E2A75AB0D32AFB65FD4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:67:58:8c:ad:bb:81:47:64:43:4a:f7:bf:12:
                    a7:a6:41:ed:0e:49:96:5f:4a:af:4c:18:5b:69:5e:
                    70:0d:a9:b6:eb:8a:d9:44:fa:0e:d8:24:0e:0e:82:
                    41:25:78:49:0b:17:3c:9c:df:e1:48:cb:76:5d:45:
                    87:01:7d:b1:cb:d9:8d:b4:7d:12:93:a1:36:ed:70:
                    65:49:16:70:63:8f:1f:44:e0:0f:ff:c0:65:87:4d:
                    8b:d9:5e:20:14:cb:bc:8f:1f:56:78:52:91:6c:96:
                    97:66:95:ca:7d:c4:9d:fb:d2:a0:48:78:d2:81:30:
                    8c:0b:1d:42:0c:38:d8:f1:68:a2:fb:0e:6e:84:15:
                    d8:f9:e4:a1:68:4d:79:f3:25:25:60:7e:bd:f2:2f:
                    a8:11:1b:16:99:31:a0:c7:88:6a:a5:85:93:f1:78:
                    56:b3:11:77:84:12:fb:fe:49:2c:bd:67:31:f2:c6:
                    69:73:a3:3f:04:62:25:b7:b4:a2:40:9c:1c:34:42:
                    14:31:f4:fc:77:db:c3:6e:10:72:98:4b:ab:cc:ff:
                    33:9a:b0:77:88:40:7b:93:b4:be:31:50:ff:51:91:
                    4a:23:1c:99:fe:cf:2d:73:99:2c:ab:ab:77:b2:f2:
                    1a:6b:54:90:60:2f:cc:89:ef:5e:b0:b7:fb:2c:e0:
                    83:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:5C:60:81:48:1E:EC:C5:F8:AB:7E:2A:75:AB:0D:32:AF:B6:5F:D4
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214154.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:93::/48

    Signature Algorithm: sha256WithRSAEncryption
         78:a7:60:3e:75:61:7f:1f:02:9e:22:f6:b4:48:6c:82:cf:11:
         ee:a2:97:be:27:9f:af:66:ef:ff:b3:04:32:93:9a:04:97:dc:
         4a:56:89:4c:3c:c9:b4:c9:7a:de:15:a9:7c:db:e6:77:ab:5f:
         62:d4:b0:53:42:8a:64:12:2b:fb:87:a3:5d:32:f0:b5:e9:36:
         21:f3:05:27:c9:4a:cc:cc:b2:9a:1f:92:d3:13:22:08:d9:d0:
         0e:b6:8e:6b:c1:56:90:5f:8a:74:6c:15:4a:48:be:58:4a:41:
         72:13:c3:a0:cc:58:ff:06:d2:e5:a7:28:0f:3f:01:ea:cb:ce:
         86:a6:d2:df:57:d5:d7:02:23:0c:8a:46:3c:e2:f2:90:af:37:
         3d:31:e9:e7:9e:d0:87:5a:f1:09:7d:f3:a7:30:6d:54:64:d7:
         eb:7b:9d:c1:00:c7:38:95:a4:f1:31:86:cd:55:d9:1a:3a:7d:
         4d:72:b6:74:68:e9:5c:fc:c4:bc:be:83:e9:4a:1d:9f:b1:7e:
         a7:11:0c:d2:37:b4:62:ef:11:fd:30:79:f1:35:67:4a:42:f2:
         c4:2a:c8:e2:76:aa:3e:09:4c:61:42:51:b7:e4:2a:7b:c5:5f:
         f1:bd:7a:2a:64:85:d3:d4:93:c0:56:a1:37:8b:24:b4:95:d4:
         08:b9:00:af
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUAoAR0wUCijR6in8w5MCqc1uzegAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MTYxNjQyMTNaFw0yNzA1MTUxNjQ3MTNaMDMxMTAvBgNV
BAMTKDg0NUM2MDgxNDgxRUVDQzVGOEFCN0UyQTc1QUIwRDMyQUZCNjVGRDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWZ1iMrbuBR2RDSve/EqemQe0O
SZZfSq9MGFtpXnANqbbritlE+g7YJA4OgkEleEkLFzyc3+FIy3ZdRYcBfbHL2Y20
fRKToTbtcGVJFnBjjx9E4A//wGWHTYvZXiAUy7yPH1Z4UpFslpdmlcp9xJ370qBI
eNKBMIwLHUIMONjxaKL7Dm6EFdj55KFoTXnzJSVgfr3yL6gRGxaZMaDHiGqlhZPx
eFazEXeEEvv+SSy9ZzHyxmlzoz8EYiW3tKJAnBw0QhQx9Px328NuEHKYS6vM/zOa
sHeIQHuTtL4xUP9RkUojHJn+zy1zmSyrq3ey8hprVJBgL8yJ716wt/ss4IN5AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUhFxggUge7MX4q34qdasNMq+2X9QwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0MTU0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AACTMA0GCSqGSIb3DQEBCwUAA4IBAQB4p2A+dWF/HwKeIva0SGyCzxHuope+J5+v
Zu//swQyk5oEl9xKVolMPMm0yXreFal82+Z3q19i1LBTQopkEiv7h6NdMvC16TYh
8wUnyUrMzLKaH5LTEyII2dAOto5rwVaQX4p0bBVKSL5YSkFyE8OgzFj/BtLlpygP
PwHqy86GptLfV9XXAiMMikY84vKQrzc9MennntCHWvEJffOnMG1UZNfre53BAMc4
laTxMYbNVdkaOn1NcrZ0aOlc/MS8voPpSh2fsX6nEQzSN7Ri7xH9MHnxNWdKQvLE
Ksjidqo+CUxhQlG35Cp7xV/xvXoqZIXT1JPAVqE3iyS0ldQIuQCv
-----END CERTIFICATE-----