Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214578.roa
File:                     AS214578.roa (raw, json)
Hash identifier:          EggvaWb8CoJtZH2rqkBfVevnp5P+SCYMPrYQYeLf49c=
Subject key identifier:   2E:C9:21:DF:13:49:4C:9E:1E:C7:F2:C9:DF:0E:5C:42:5E:61:C8:CE
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       03E917F545B250A3DABCD3BF74D361D59525F8FB
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214578.roa
Signing time:             Thu 14 May 2026 07:44:31 +0000
ROA not before:           Thu 14 May 2026 07:39:31 +0000
ROA not after:            Thu 13 May 2027 07:44:31 +0000
asID:                     214578
IP address blocks:        82.41.168.0/24 maxlen: 24
                          82.41.170.0/24 maxlen: 24
                          82.41.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:e9:17:f5:45:b2:50:a3:da:bc:d3:bf:74:d3:61:d5:95:25:f8:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 14 07:39:31 2026 GMT
            Not After : May 13 07:44:31 2027 GMT
        Subject: CN=2EC921DF13494C9E1EC7F2C9DF0E5C425E61C8CE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:77:c5:69:30:7e:9d:73:4d:e9:65:8f:55:cc:
                    09:b8:b5:a8:73:0b:c7:98:85:a3:07:8d:8a:01:08:
                    38:7d:6d:16:07:b6:e1:fa:d5:64:16:ef:d6:37:3a:
                    e3:75:76:69:e0:ad:ff:63:9a:c7:18:84:da:83:aa:
                    d3:42:5b:57:24:59:2b:e6:8e:11:2f:f1:ce:a1:25:
                    40:6e:e1:ec:8b:35:75:dd:f1:86:09:19:18:54:ae:
                    ec:18:6d:d0:79:99:c1:c0:58:8a:38:40:86:ff:5b:
                    fe:f2:9d:28:22:a6:8c:69:b7:3c:36:ec:1f:75:5e:
                    78:ee:b8:e7:d9:3d:07:7d:c9:73:b5:88:53:a4:47:
                    c0:f4:7e:84:df:99:38:91:df:7c:6c:23:0b:11:ac:
                    60:49:2d:ff:2c:e2:36:7d:1d:04:4f:2f:d8:ac:7d:
                    56:44:78:91:71:d5:d4:98:a0:1a:2b:30:3a:07:9c:
                    f7:16:5f:d6:0b:d3:a7:ef:f1:dc:a4:65:f3:0c:68:
                    2d:1e:75:8b:e5:8b:07:51:7c:32:91:2d:d3:4f:27:
                    0a:9e:16:21:1f:77:bc:22:e5:aa:c3:8d:41:4e:d7:
                    44:3a:91:16:2a:89:5a:07:94:03:78:dc:1b:38:11:
                    33:eb:9c:ef:8b:94:85:6c:3f:bd:65:35:21:ad:82:
                    5f:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:C9:21:DF:13:49:4C:9E:1E:C7:F2:C9:DF:0E:5C:42:5E:61:C8:CE
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214578.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.41.168.0/24
                  82.41.170.0/23

    Signature Algorithm: sha256WithRSAEncryption
         69:05:c3:af:e0:fd:32:d5:ef:39:58:81:36:63:22:6a:4d:38:
         91:22:8b:9b:54:d7:3e:30:8a:ad:d1:4b:c2:4a:56:97:0a:99:
         ca:02:d2:9c:5c:e4:cb:98:e8:94:8b:d3:a4:59:98:77:35:e1:
         a0:b5:9a:82:72:bc:e0:e4:17:86:0d:40:56:44:82:ee:70:df:
         5b:6f:af:6f:1a:3f:6b:d3:7c:07:e6:9e:8f:32:f6:65:51:f6:
         c5:24:99:4d:ad:e1:76:83:ca:ae:90:a1:71:0b:bc:a3:fb:36:
         e5:03:44:02:1a:7f:e1:74:58:5f:f5:e1:7b:6e:27:38:70:f4:
         2f:2f:af:6e:15:fb:cf:a1:0c:4c:a8:d3:e7:fa:eb:d3:60:c2:
         1d:b1:33:7b:38:fc:7c:87:40:d1:d0:55:40:70:bd:2c:26:da:
         dd:41:dd:24:13:41:4b:2b:7e:33:37:fe:2b:89:a1:d4:ad:91:
         6a:fc:c1:ce:4d:2b:de:9d:26:2e:9f:7e:90:d3:7f:9a:89:56:
         ef:e2:54:0b:23:58:12:b2:ca:b7:b1:d0:d5:96:0f:ac:4f:78:
         70:93:fc:f3:e9:54:d1:d0:04:b5:6f:53:a6:94:d8:41:d7:81:
         1e:03:05:0c:43:00:00:ca:01:53:f1:48:61:a9:de:db:d0:19:
         3a:b6:1c:6b
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUA+kX9UWyUKPavNO/dNNh1ZUl+PswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MTQwNzM5MzFaFw0yNzA1MTMwNzQ0MzFaMDMxMTAvBgNV
BAMTKDJFQzkyMURGMTM0OTRDOUUxRUM3RjJDOURGMEU1QzQyNUU2MUM4Q0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8d8VpMH6dc03pZY9VzAm4tahz
C8eYhaMHjYoBCDh9bRYHtuH61WQW79Y3OuN1dmngrf9jmscYhNqDqtNCW1ckWSvm
jhEv8c6hJUBu4eyLNXXd8YYJGRhUruwYbdB5mcHAWIo4QIb/W/7ynSgipoxptzw2
7B91XnjuuOfZPQd9yXO1iFOkR8D0foTfmTiR33xsIwsRrGBJLf8s4jZ9HQRPL9is
fVZEeJFx1dSYoBorMDoHnPcWX9YL06fv8dykZfMMaC0edYvliwdRfDKRLdNPJwqe
FiEfd7wi5arDjUFO10Q6kRYqiVoHlAN43Bs4ETPrnO+LlIVsP71lNSGtgl9dAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQULskh3xNJTJ4ex/LJ3w5cQl5hyM4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0NTc4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUimo
AwQBUimqMA0GCSqGSIb3DQEBCwUAA4IBAQBpBcOv4P0y1e85WIE2YyJqTTiRIoub
VNc+MIqt0UvCSlaXCpnKAtKcXOTLmOiUi9OkWZh3NeGgtZqCcrzg5BeGDUBWRILu
cN9bb69vGj9r03wH5p6PMvZlUfbFJJlNreF2g8qukKFxC7yj+zblA0QCGn/hdFhf
9eF7bic4cPQvL69uFfvPoQxMqNPn+uvTYMIdsTN7OPx8h0DR0FVAcL0sJtrdQd0k
E0FLK34zN/4riaHUrZFq/MHOTSvenSYun36Q03+aiVbv4lQLI1gSssq3sdDVlg+s
T3hwk/zz6VTR0AS1b1OmlNhB14EeAwUMQwAAygFT8Uhhqd7b0Bk6thxr
-----END CERTIFICATE-----