Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214834.roa
File:                     AS214834.roa (raw, json)
Hash identifier:          jADjMm/CHUF1Dkf8mE9XoyKQqgwwik0I0gErHIYVaXg=
Subject key identifier:   DE:28:C1:A4:73:34:B0:BF:F2:2B:F9:E3:91:1A:42:17:57:09:26:69
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       598C4244056EC546A0D17210338011B181391B6A
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214834.roa
Signing time:             Tue 07 Jul 2026 07:48:57 +0000
ROA not before:           Tue 07 Jul 2026 07:43:57 +0000
ROA not after:            Tue 06 Jul 2027 07:48:57 +0000
asID:                     214834
IP address blocks:        2a13:9500:63::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Jul 2026 16:14:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:8c:42:44:05:6e:c5:46:a0:d1:72:10:33:80:11:b1:81:39:1b:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul  7 07:43:57 2026 GMT
            Not After : Jul  6 07:48:57 2027 GMT
        Subject: CN=DE28C1A47334B0BFF22BF9E3911A421757092669
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:f9:e1:4a:dd:03:6a:ad:6e:3e:0b:c3:44:36:
                    9e:39:5b:10:f9:db:de:60:4e:10:56:dc:ef:a7:83:
                    79:d4:cc:97:df:d7:52:38:90:72:2a:cf:a0:3b:a2:
                    80:82:b8:62:00:e1:ad:f4:e1:0f:d6:05:85:5f:94:
                    ff:82:9d:ed:e7:06:24:cc:a9:50:6a:28:fb:7b:5a:
                    8a:36:7e:b9:14:cb:4c:e5:1e:e7:7c:a6:40:2a:70:
                    38:14:38:a9:e5:17:55:a8:b2:93:37:5c:fa:d2:f2:
                    b7:7c:bf:8a:a1:c8:d3:55:e3:90:47:cc:6f:32:91:
                    83:00:06:1f:8d:05:25:01:31:0e:79:8d:c8:2e:df:
                    40:0d:9b:1c:ff:37:27:7c:13:01:63:f5:4d:b4:15:
                    1a:5f:f3:58:18:b4:20:c7:20:b6:67:ba:00:0e:42:
                    11:11:a8:dd:3e:3f:6f:64:83:35:e5:b9:f8:51:5c:
                    31:05:7d:2c:0d:f8:87:97:2b:eb:54:b4:8b:b3:64:
                    cf:ae:47:5f:b6:f0:10:14:da:6a:0d:e1:cb:2c:9d:
                    0c:14:6e:dd:9b:ea:27:f9:90:38:cd:d8:e5:3b:38:
                    87:f1:d7:20:e5:8e:2b:44:27:ed:10:4e:bd:c5:01:
                    59:2a:c3:4c:ec:b9:45:53:59:96:92:10:62:1f:84:
                    60:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:28:C1:A4:73:34:B0:BF:F2:2B:F9:E3:91:1A:42:17:57:09:26:69
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:63::/48

    Signature Algorithm: sha256WithRSAEncryption
         92:54:39:e2:50:5d:b3:ea:ec:cd:f3:05:a1:de:1c:03:32:f2:
         2b:1b:3d:b5:c4:69:cd:34:3b:f8:10:9a:17:cc:3f:d6:f4:0c:
         1a:ab:4a:01:c2:c0:ee:48:40:8b:6c:1a:19:f6:55:2f:0c:64:
         fb:5e:69:c9:3e:f6:e6:a2:c8:f1:0d:a2:ff:b1:27:4a:04:b5:
         c3:ac:d8:1e:ea:14:6d:45:23:5c:e9:50:93:35:58:50:98:36:
         df:61:8a:dd:3c:a5:f0:e4:08:d2:55:34:c5:af:93:dc:24:52:
         8c:d8:95:d7:9e:cb:be:98:64:57:ff:a6:4c:8b:54:db:b7:97:
         57:9d:c7:cb:fd:ad:d7:08:dd:d1:97:ac:26:01:9f:b8:13:c6:
         e3:93:ca:c0:6c:3f:94:7f:10:64:b3:9f:f5:10:48:2c:d3:70:
         d7:92:cd:a5:64:bb:fe:dd:40:f0:d6:9b:7b:50:9a:e0:94:e2:
         e6:74:6c:2a:35:5a:ac:4b:74:f1:f4:f7:9f:a1:52:7b:7c:cd:
         bc:2a:59:eb:9f:05:52:13:3f:97:d1:4c:f1:b7:83:f4:72:5c:
         19:b4:7f:c4:8c:91:d4:a8:1c:87:9d:dd:e2:53:0a:c0:0e:e3:
         d0:1f:c3:f9:db:11:ba:c4:76:28:b9:5f:a4:4e:c8:87:da:ff:
         71:f3:a5:a1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUWYxCRAVuxUag0XIQM4ARsYE5G2owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA3MDcwNzQzNTdaFw0yNzA3MDYwNzQ4NTdaMDMxMTAvBgNV
BAMTKERFMjhDMUE0NzMzNEIwQkZGMjJCRjlFMzkxMUE0MjE3NTcwOTI2NjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf+eFK3QNqrW4+C8NENp45WxD5
295gThBW3O+ng3nUzJff11I4kHIqz6A7ooCCuGIA4a304Q/WBYVflP+Cne3nBiTM
qVBqKPt7Woo2frkUy0zlHud8pkAqcDgUOKnlF1WospM3XPrS8rd8v4qhyNNV45BH
zG8ykYMABh+NBSUBMQ55jcgu30ANmxz/Nyd8EwFj9U20FRpf81gYtCDHILZnugAO
QhERqN0+P29kgzXlufhRXDEFfSwN+IeXK+tUtIuzZM+uR1+28BAU2moN4cssnQwU
bt2b6if5kDjN2OU7OIfx1yDljitEJ+0QTr3FAVkqw0zsuUVTWZaSEGIfhGCLAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU3ijBpHM0sL/yK/njkRpCF1cJJmkwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0ODM0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AABjMA0GCSqGSIb3DQEBCwUAA4IBAQCSVDniUF2z6uzN8wWh3hwDMvIrGz21xGnN
NDv4EJoXzD/W9Awaq0oBwsDuSECLbBoZ9lUvDGT7XmnJPvbmosjxDaL/sSdKBLXD
rNge6hRtRSNc6VCTNVhQmDbfYYrdPKXw5AjSVTTFr5PcJFKM2JXXnsu+mGRX/6ZM
i1Tbt5dXncfL/a3XCN3Rl6wmAZ+4E8bjk8rAbD+UfxBks5/1EEgs03DXks2lZLv+
3UDw1pt7UJrglOLmdGwqNVqsS3Tx9PefoVJ7fM28KlnrnwVSEz+X0Uzxt4P0clwZ
tH/EjJHUqByHnd3iUwrADuPQH8P52xG6xHYouV+kTsiH2v9x86Wh
-----END CERTIFICATE-----
Generated at Fri Jul 17 23:05:58 2026 by rpki-client