Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214578.roa
File:                     AS214578.roa (raw, json)
Hash identifier:          9wOb1thnSWcWm6RKjCFDh5a9d1AQaBn9YLEy3ARXRQU=
Subject key identifier:   A2:3B:55:10:89:15:65:33:EF:46:97:32:97:21:94:7F:AA:72:D6:FB
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       7A3CFF4F76161FE2600F77C50B976D852E123225
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214578.roa
Signing time:             Fri 17 Apr 2026 09:48:58 +0000
ROA not before:           Fri 17 Apr 2026 09:43:58 +0000
ROA not after:            Fri 16 Apr 2027 09:48:58 +0000
asID:                     214578
IP address blocks:        82.41.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 Apr 2026 10:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:3c:ff:4f:76:16:1f:e2:60:0f:77:c5:0b:97:6d:85:2e:12:32:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 17 09:43:58 2026 GMT
            Not After : Apr 16 09:48:58 2027 GMT
        Subject: CN=A23B551089156533EF4697329721947FAA72D6FB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:d6:38:93:22:14:65:87:0e:0a:19:78:0c:45:
                    6c:83:92:37:00:76:11:8d:d5:72:96:b0:a2:a2:25:
                    03:bb:17:b3:68:8d:ac:37:23:8f:5a:41:f8:c2:02:
                    78:35:36:76:99:20:34:ad:11:9c:c8:fc:92:96:84:
                    78:41:54:8e:f4:76:bc:6d:0f:bd:9e:22:6a:55:e7:
                    35:3f:05:83:e7:b2:8b:61:87:9d:0b:41:20:4c:fe:
                    c7:8b:a3:2f:34:68:da:fc:87:2b:7b:cf:78:a5:ec:
                    26:37:f6:7d:42:0c:c7:20:eb:02:83:65:8f:1a:f6:
                    6d:c1:f2:7c:70:e0:96:33:7a:fe:a6:ba:5d:c5:c9:
                    8a:a7:c0:42:2b:03:04:04:11:88:02:78:2c:0d:86:
                    3a:4f:1a:7c:29:be:95:a6:f4:f7:8a:4d:6e:31:19:
                    4d:13:bb:9f:37:90:a6:e5:f8:7b:35:95:58:82:ed:
                    de:7b:5b:fc:48:b4:ae:ab:db:25:29:62:cc:0d:13:
                    42:13:8c:94:5c:93:83:4f:24:4f:64:76:8b:77:54:
                    b1:b3:49:ea:10:4e:2a:d2:c9:18:8b:c4:4c:c3:01:
                    ae:48:9b:04:a7:73:0b:d7:37:b5:52:65:13:60:f2:
                    ae:51:71:ca:00:dd:88:b9:bf:25:79:9c:38:f7:f8:
                    c9:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:3B:55:10:89:15:65:33:EF:46:97:32:97:21:94:7F:AA:72:D6:FB
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214578.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.41.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:de:0c:fc:55:2a:7e:00:fa:5b:26:b4:3b:28:01:9f:f5:c8:
         68:a3:0e:a8:7b:88:1a:4d:f1:71:60:8b:ff:37:fe:79:cc:60:
         f5:84:6f:52:4b:64:53:7c:d4:9a:82:86:79:27:0a:01:43:c8:
         c2:3c:0e:5d:08:a0:b5:47:73:e2:60:3b:c8:e0:d3:a3:57:fa:
         f7:0f:db:61:be:59:58:84:af:d2:60:03:12:16:68:e4:1a:08:
         d4:e8:c5:0b:87:eb:55:3e:2b:a4:47:47:23:6e:04:5f:50:fb:
         e0:d8:fb:9a:b3:2e:24:04:e4:8a:cf:11:38:ea:33:3a:f0:4b:
         e9:56:b5:83:db:da:c7:c2:68:5d:d0:b8:db:75:2b:a7:38:77:
         e9:eb:de:cc:91:6a:2a:9b:e9:6c:55:27:f4:c4:b5:fe:06:15:
         25:7f:70:45:9a:fc:49:e1:0a:1c:6f:fb:0c:22:04:2f:aa:27:
         bd:68:37:5d:ec:a8:7c:75:bb:32:49:f7:7d:43:0c:1e:8f:43:
         b2:ab:d1:82:5f:d2:cb:34:36:b5:12:e3:a1:ba:1e:3e:93:d6:
         9d:2d:5d:d4:31:96:d2:88:78:3d:0a:92:fa:66:3c:1f:70:cb:
         ad:02:5e:8f:7e:33:ae:d2:ec:86:d3:9b:83:b5:9b:6d:11:cb:
         ba:4f:59:ff
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUejz/T3YWH+JgD3fFC5dthS4SMiUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MTcwOTQzNThaFw0yNzA0MTYwOTQ4NThaMDMxMTAvBgNV
BAMTKEEyM0I1NTEwODkxNTY1MzNFRjQ2OTczMjk3MjE5NDdGQUE3MkQ2RkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCa1jiTIhRlhw4KGXgMRWyDkjcA
dhGN1XKWsKKiJQO7F7Nojaw3I49aQfjCAng1NnaZIDStEZzI/JKWhHhBVI70drxt
D72eImpV5zU/BYPnsothh50LQSBM/seLoy80aNr8hyt7z3il7CY39n1CDMcg6wKD
ZY8a9m3B8nxw4JYzev6mul3FyYqnwEIrAwQEEYgCeCwNhjpPGnwpvpWm9PeKTW4x
GU0Tu583kKbl+Hs1lViC7d57W/xItK6r2yUpYswNE0ITjJRck4NPJE9kdot3VLGz
SeoQTirSyRiLxEzDAa5ImwSncwvXN7VSZRNg8q5RccoA3Yi5vyV5nDj3+MnrAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUojtVEIkVZTPvRpcylyGUf6py1vswHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0NTc4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUimq
MA0GCSqGSIb3DQEBCwUAA4IBAQB63gz8VSp+APpbJrQ7KAGf9choow6oe4gaTfFx
YIv/N/55zGD1hG9SS2RTfNSagoZ5JwoBQ8jCPA5dCKC1R3PiYDvI4NOjV/r3D9th
vllYhK/SYAMSFmjkGgjU6MULh+tVPiukR0cjbgRfUPvg2Puasy4kBOSKzxE46jM6
8EvpVrWD29rHwmhd0LjbdSunOHfp697MkWoqm+lsVSf0xLX+BhUlf3BFmvxJ4Qoc
b/sMIgQvqie9aDdd7Kh8dbsySfd9Qwwej0Oyq9GCX9LLNDa1EuOhuh4+k9adLV3U
MZbSiHg9CpL6ZjwfcMutAl6PfjOu0uyG05uDtZttEcu6T1n/
-----END CERTIFICATE-----