Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214159.roa
File:                     AS214159.roa (raw, json)
Hash identifier:          7clcvUsJ4yUZK3Sd3meNla/qvmpW+QO95BF60xJCJBk=
Subject key identifier:   F4:65:96:3B:22:DE:AA:20:BF:EE:A5:53:FD:5A:D9:86:C9:F2:1D:02
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       28C89F43EB6032B225306FC0DF6552C214C0558D
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214159.roa
Signing time:             Wed 04 Mar 2026 11:01:29 +0000
ROA not before:           Wed 04 Mar 2026 10:56:29 +0000
ROA not after:            Wed 03 Mar 2027 11:01:29 +0000
asID:                     214159
IP address blocks:        178.83.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:c8:9f:43:eb:60:32:b2:25:30:6f:c0:df:65:52:c2:14:c0:55:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar  4 10:56:29 2026 GMT
            Not After : Mar  3 11:01:29 2027 GMT
        Subject: CN=F465963B22DEAA20BFEEA553FD5AD986C9F21D02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:b8:0a:af:e8:e3:3d:a4:be:f5:a6:89:64:f4:
                    92:2e:2d:e1:e6:47:d9:09:81:2c:06:bb:cc:af:74:
                    0e:01:65:1b:6b:9b:ba:b2:1f:2f:aa:0b:26:fe:f0:
                    31:3a:8a:32:f9:ff:72:9d:f4:81:33:d1:4a:aa:70:
                    92:72:e1:9a:4e:06:77:b0:c7:73:ec:87:e4:59:ec:
                    6c:bd:66:49:16:1a:99:f0:38:29:3e:b5:54:db:6e:
                    8d:64:0b:e4:ed:3a:3e:89:46:09:a5:e9:e0:f5:2a:
                    51:3b:46:84:b5:f6:ba:09:95:61:0d:f8:57:68:a2:
                    1f:15:7a:a3:1f:f9:f4:19:99:f2:71:50:f2:ce:1e:
                    34:06:b6:7b:a1:9c:59:32:18:5e:1d:6e:49:5c:79:
                    68:81:e0:60:13:30:49:d6:95:12:51:b6:e8:52:74:
                    d3:1f:77:91:1e:24:1a:d5:8d:73:16:db:c7:17:6d:
                    59:f7:29:d3:00:2e:fb:ec:1f:46:f8:aa:87:56:02:
                    2f:19:5c:6d:84:27:40:24:56:e4:97:79:bc:df:88:
                    cb:c0:8a:0d:40:e2:77:39:f4:c8:ce:b9:77:c2:ec:
                    0a:24:2a:b1:12:6a:1f:00:52:ee:c4:6e:1d:18:ad:
                    15:3a:5d:8d:c3:1b:21:f4:59:a1:b8:e2:42:8a:0f:
                    74:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:65:96:3B:22:DE:AA:20:BF:EE:A5:53:FD:5A:D9:86:C9:F2:1D:02
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214159.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.83.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:4e:50:15:a4:92:65:b9:c7:62:d1:4e:36:57:c0:8f:4d:d7:
         2d:a4:96:48:aa:c9:e7:66:1d:32:f7:7d:e1:c8:09:e1:e2:46:
         c3:57:90:95:22:7d:07:04:8f:26:ee:08:1b:65:3b:38:4f:c9:
         92:7c:36:b6:d1:39:77:1b:74:d0:99:0d:43:53:3e:44:22:65:
         56:73:c7:3d:78:66:6e:cc:35:08:e8:71:02:24:61:7e:cd:77:
         d0:c4:a1:bc:bc:dd:3e:32:99:5b:36:72:4f:1e:3f:05:1b:d6:
         6b:ad:56:5e:70:39:0e:ab:c3:e7:33:15:27:39:a7:5c:32:ee:
         f6:b8:1c:f5:cc:9c:30:6e:8f:1e:58:ff:28:0a:60:60:8c:e5:
         ac:72:b9:63:e8:a3:f9:b0:22:f8:cf:90:75:41:27:40:69:24:
         74:ea:15:a0:9d:0b:73:87:2a:36:3f:b7:21:7f:db:9b:48:f6:
         d6:d2:06:dd:a4:2a:b0:87:48:62:13:53:6a:34:02:40:06:e5:
         f2:9c:25:d0:04:78:79:db:a8:07:95:73:6a:ae:a8:21:31:f8:
         1a:56:71:3d:b2:3b:6c:0f:a6:71:26:3b:0e:0b:02:1f:b8:76:
         b0:61:fa:11:e1:86:f1:44:1a:d7:04:8e:64:ff:2f:43:02:70:
         4a:98:e4:9f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUKMifQ+tgMrIlMG/A32VSwhTAVY0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMDQxMDU2MjlaFw0yNzAzMDMxMTAxMjlaMDMxMTAvBgNV
BAMTKEY0NjU5NjNCMjJERUFBMjBCRkVFQTU1M0ZENUFEOTg2QzlGMjFEMDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPuAqv6OM9pL71polk9JIuLeHm
R9kJgSwGu8yvdA4BZRtrm7qyHy+qCyb+8DE6ijL5/3Kd9IEz0UqqcJJy4ZpOBnew
x3Psh+RZ7Gy9ZkkWGpnwOCk+tVTbbo1kC+TtOj6JRgml6eD1KlE7RoS19roJlWEN
+Fdooh8VeqMf+fQZmfJxUPLOHjQGtnuhnFkyGF4dbklceWiB4GATMEnWlRJRtuhS
dNMfd5EeJBrVjXMW28cXbVn3KdMALvvsH0b4qodWAi8ZXG2EJ0AkVuSXebzfiMvA
ig1A4nc59MjOuXfC7AokKrESah8AUu7Ebh0YrRU6XY3DGyH0WaG44kKKD3TjAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU9GWWOyLeqiC/7qVT/VrZhsnyHQIwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0MTU5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAslOG
MA0GCSqGSIb3DQEBCwUAA4IBAQAWTlAVpJJlucdi0U42V8CPTdctpJZIqsnnZh0y
933hyAnh4kbDV5CVIn0HBI8m7ggbZTs4T8mSfDa20Tl3G3TQmQ1DUz5EImVWc8c9
eGZuzDUI6HECJGF+zXfQxKG8vN0+MplbNnJPHj8FG9ZrrVZecDkOq8PnMxUnOadc
Mu72uBz1zJwwbo8eWP8oCmBgjOWscrlj6KP5sCL4z5B1QSdAaSR06hWgnQtzhyo2
P7chf9ubSPbW0gbdpCqwh0hiE1NqNAJABuXynCXQBHh526gHlXNqrqghMfgaVnE9
sjtsD6ZxJjsOCwIfuHawYfoR4YbxRBrXBI5k/y9DAnBKmOSf
-----END CERTIFICATE-----