Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214647.roa
File:                     AS214647.roa (raw, json)
Hash identifier:          ag2iXDonMPjhiuzyCZzpMHEU6GdAECD8uCe/R5rXjQ8=
Subject key identifier:   BF:D4:18:8E:1E:55:4F:E5:AF:E4:11:A3:C9:40:47:51:0F:4E:3F:43
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       09BB8BAAF0D3F397EDF05E4668C08AA5988EDF6F
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214647.roa
Signing time:             Fri 29 May 2026 10:37:40 +0000
ROA not before:           Fri 29 May 2026 10:32:40 +0000
ROA not after:            Fri 28 May 2027 10:37:40 +0000
asID:                     214647
IP address blocks:        178.83.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:bb:8b:aa:f0:d3:f3:97:ed:f0:5e:46:68:c0:8a:a5:98:8e:df:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 29 10:32:40 2026 GMT
            Not After : May 28 10:37:40 2027 GMT
        Subject: CN=BFD4188E1E554FE5AFE411A3C94047510F4E3F43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:95:03:00:88:a7:75:fe:6d:d4:63:8d:37:23:
                    36:ae:c9:ef:bf:d0:38:1d:a6:5c:ea:fd:54:c8:33:
                    cc:9b:72:de:ba:fb:e1:68:f9:65:ec:66:fc:a2:17:
                    6e:b3:e4:9b:5f:2f:7f:3e:34:db:83:95:e1:75:0f:
                    71:f4:aa:6d:a6:49:e3:ab:21:c2:d5:3b:69:04:c9:
                    d7:db:87:92:9f:1f:46:35:8a:51:4e:41:e1:1d:51:
                    58:76:c0:1e:3b:40:6d:b6:85:a5:93:c0:d7:c9:8f:
                    4f:41:50:09:97:12:0d:23:af:db:e1:a9:91:0e:76:
                    28:a1:f0:3c:6c:83:67:47:6d:30:de:c1:1b:25:5c:
                    27:e6:b4:8a:6b:38:44:96:62:1d:96:89:b4:33:bb:
                    01:08:99:8c:e8:a3:af:89:3a:5d:a9:eb:93:86:7b:
                    61:ff:8e:c9:19:df:33:d4:b4:8b:de:7f:62:40:b0:
                    a7:eb:f9:ca:dd:08:c0:2b:b9:c7:fb:1e:f7:01:eb:
                    71:50:75:8f:75:d9:58:b3:b0:ba:d2:bb:38:cb:19:
                    27:b3:74:d3:14:04:78:8f:56:f4:52:7f:e2:a5:3a:
                    a3:c1:b7:16:b4:1d:45:9e:83:b1:77:55:f4:51:1c:
                    7c:e5:14:6b:9c:05:a7:f6:ba:42:07:54:cf:02:f7:
                    a4:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:D4:18:8E:1E:55:4F:E5:AF:E4:11:A3:C9:40:47:51:0F:4E:3F:43
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214647.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.83.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:8b:18:9c:13:1d:11:ba:bc:77:06:d8:21:cf:0a:58:9c:40:
         e4:ab:dc:7f:b9:3e:ba:3f:ca:ae:d4:d6:0f:76:7a:57:86:2c:
         8b:fb:2d:be:4e:01:00:43:f4:ee:92:47:da:18:7f:fc:37:4e:
         59:7d:30:92:0d:d4:f4:ee:d6:9f:9e:4c:66:76:be:47:29:56:
         c6:dc:6e:35:ce:bd:cb:59:e0:d0:f5:8f:b0:02:ab:f4:47:70:
         88:42:56:6c:87:1c:b5:35:31:a0:35:b9:31:d6:75:75:c7:17:
         3e:a1:25:5e:88:6f:1c:33:71:d3:be:98:d8:75:12:5e:fc:3f:
         85:c2:de:48:cd:c5:75:aa:b1:e2:a2:f8:20:a0:6b:f4:4e:87:
         cd:28:de:6c:a7:40:a2:d0:17:df:6d:cf:80:e7:6b:38:c9:6a:
         a7:38:6e:2a:a3:a1:ec:b0:47:03:08:cb:87:43:7e:16:3d:a5:
         f4:1a:48:81:2e:66:4f:71:bf:be:de:aa:26:75:92:9d:5c:99:
         a8:1e:4d:b5:45:b4:d7:43:ab:32:78:6f:63:9b:b3:3a:b1:82:
         07:c8:30:df:05:c5:8e:ef:1a:d4:91:aa:71:2e:8b:4c:ab:24:
         d6:2e:55:27:6c:0e:23:d6:8a:5b:9d:8d:07:de:11:f6:c1:80:
         46:42:82:68
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUCbuLqvDT85ft8F5GaMCKpZiO328wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MjkxMDMyNDBaFw0yNzA1MjgxMDM3NDBaMDMxMTAvBgNV
BAMTKEJGRDQxODhFMUU1NTRGRTVBRkU0MTFBM0M5NDA0NzUxMEY0RTNGNDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjlQMAiKd1/m3UY403Izauye+/
0Dgdplzq/VTIM8ybct66++Fo+WXsZvyiF26z5JtfL38+NNuDleF1D3H0qm2mSeOr
IcLVO2kEydfbh5KfH0Y1ilFOQeEdUVh2wB47QG22haWTwNfJj09BUAmXEg0jr9vh
qZEOdiih8Dxsg2dHbTDewRslXCfmtIprOESWYh2WibQzuwEImYzoo6+JOl2p65OG
e2H/jskZ3zPUtIvef2JAsKfr+crdCMArucf7HvcB63FQdY912VizsLrSuzjLGSez
dNMUBHiPVvRSf+KlOqPBtxa0HUWeg7F3VfRRHHzlFGucBaf2ukIHVM8C96RZAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUv9QYjh5VT+Wv5BGjyUBHUQ9OP0MwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0NjQ3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAslMs
MA0GCSqGSIb3DQEBCwUAA4IBAQAvixicEx0Rurx3BtghzwpYnEDkq9x/uT66P8qu
1NYPdnpXhiyL+y2+TgEAQ/TukkfaGH/8N05ZfTCSDdT07tafnkxmdr5HKVbG3G41
zr3LWeDQ9Y+wAqv0R3CIQlZshxy1NTGgNbkx1nV1xxc+oSVeiG8cM3HTvpjYdRJe
/D+Fwt5IzcV1qrHiovggoGv0TofNKN5sp0Ci0Bffbc+A52s4yWqnOG4qo6HssEcD
CMuHQ34WPaX0GkiBLmZPcb++3qomdZKdXJmoHk21RbTXQ6syeG9jm7M6sYIHyDDf
BcWO7xrUkapxLotMqyTWLlUnbA4j1opbnY0H3hH2wYBGQoJo
-----END CERTIFICATE-----