Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214979.roa
File:                     AS214979.roa (raw, json)
Hash identifier:          +Xs61cUhyd1L1/EpgXku6etYQSM6Jy1vVjprhKrQuHw=
Subject key identifier:   85:A6:42:82:F3:17:21:CB:0A:27:AA:51:01:AC:DB:25:7F:72:68:C1
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       3C7E037F603F26A7944F7884E67D274140E83F78
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214979.roa
Signing time:             Thu 13 Mar 2025 08:59:32 +0000
ROA not before:           Thu 13 Mar 2025 08:54:32 +0000
ROA not after:            Thu 12 Mar 2026 08:59:32 +0000
asID:                     214979
IP address blocks:        82.26.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 15:22:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:7e:03:7f:60:3f:26:a7:94:4f:78:84:e6:7d:27:41:40:e8:3f:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar 13 08:54:32 2025 GMT
            Not After : Mar 12 08:59:32 2026 GMT
        Subject: CN=85A64282F31721CB0A27AA5101ACDB257F7268C1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:da:86:70:b5:cd:e5:d1:1f:83:5e:d5:a9:3f:
                    64:de:11:59:98:94:36:bc:89:8f:77:e4:0c:45:3d:
                    a7:99:22:8b:d0:c3:2e:f3:cd:0c:3b:56:45:35:d7:
                    a5:87:ba:b2:b5:11:56:84:68:9a:b9:b8:48:14:81:
                    f5:c1:94:1f:d4:b4:f7:c1:b2:8c:11:4a:2c:d7:c7:
                    42:7e:9c:1a:bf:93:1b:77:8a:a7:be:51:2c:06:46:
                    ab:d9:4e:2f:44:41:c5:c3:5e:08:6d:40:88:92:b3:
                    c2:02:e2:57:53:8c:9e:03:e8:bb:c7:41:9f:b1:6c:
                    d9:6d:8d:30:3b:2b:c9:5d:3b:11:14:81:35:1f:27:
                    be:3e:83:0a:7b:2d:53:a7:93:60:39:c7:d2:28:6f:
                    4b:55:7c:f4:09:52:f2:be:45:66:b0:8f:52:ff:e4:
                    aa:10:d3:a7:b2:4a:10:13:6e:9a:e7:e4:b3:4b:0d:
                    86:b0:23:1c:3d:ba:38:31:bf:29:0f:10:88:c8:f9:
                    4d:dc:44:14:da:c0:32:1b:51:1f:7d:23:f5:f1:e7:
                    dc:e3:c9:de:7a:88:81:51:22:42:19:33:ee:04:bf:
                    99:f8:03:56:03:3c:42:15:d3:b8:3e:d2:21:02:07:
                    96:15:d4:a8:c6:ff:78:f5:16:82:49:25:c8:f1:da:
                    f9:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:A6:42:82:F3:17:21:CB:0A:27:AA:51:01:AC:DB:25:7F:72:68:C1
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214979.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.26.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:3a:72:14:e4:ae:db:41:d7:16:e1:a2:ce:75:c7:65:9c:d7:
         1d:bd:52:9d:a6:09:4f:92:0a:cc:ff:c8:de:fc:8c:ac:69:f6:
         02:56:35:af:94:66:4f:1b:32:4d:6b:e8:60:bb:c9:b7:e8:db:
         3f:47:ec:b6:ce:39:78:21:01:77:46:f4:ac:df:b8:42:e6:bb:
         ea:b4:17:9d:db:9f:c4:d5:46:c3:a9:15:5a:12:c5:83:47:d2:
         14:ca:b9:d5:1f:2f:de:c4:00:01:7f:ab:e7:93:3d:5b:ce:52:
         6f:80:f4:43:f6:d1:dc:8f:80:13:e4:eb:09:4d:e2:df:36:16:
         78:6e:86:80:8b:57:37:90:c7:aa:1e:1d:7d:a3:5d:e3:4d:8f:
         fb:1f:e3:d3:59:c3:df:fa:2d:ae:aa:db:52:59:06:5c:14:3b:
         5d:81:8b:14:7f:16:21:d4:bf:4c:93:8a:df:68:28:65:4b:96:
         6d:60:61:ea:dd:e1:3e:af:d6:08:37:78:64:ed:bc:6b:aa:8c:
         64:a2:1e:c0:de:3f:e5:d9:a4:6b:8e:5c:8d:67:98:a8:69:cc:
         b2:c6:6b:02:9f:1d:12:de:67:ca:8e:fc:1a:70:ae:ca:42:e1:
         19:62:9c:a7:c8:31:0d:06:50:34:0b:a6:b3:a4:a2:b7:d4:fc:
         66:98:3e:79
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUPH4Df2A/JqeUT3iE5n0nQUDoP3gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAzMTMwODU0MzJaFw0yNjAzMTIwODU5MzJaMDMxMTAvBgNV
BAMTKDg1QTY0MjgyRjMxNzIxQ0IwQTI3QUE1MTAxQUNEQjI1N0Y3MjY4QzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC22oZwtc3l0R+DXtWpP2TeEVmY
lDa8iY935AxFPaeZIovQwy7zzQw7VkU116WHurK1EVaEaJq5uEgUgfXBlB/UtPfB
sowRSizXx0J+nBq/kxt3iqe+USwGRqvZTi9EQcXDXghtQIiSs8IC4ldTjJ4D6LvH
QZ+xbNltjTA7K8ldOxEUgTUfJ74+gwp7LVOnk2A5x9Iob0tVfPQJUvK+RWawj1L/
5KoQ06eyShATbprn5LNLDYawIxw9ujgxvykPEIjI+U3cRBTawDIbUR99I/Xx59zj
yd56iIFRIkIZM+4Ev5n4A1YDPEIV07g+0iECB5YV1KjG/3j1FoJJJcjx2vn5AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUhaZCgvMXIcsKJ6pRAazbJX9yaMEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0OTc5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhpD
MA0GCSqGSIb3DQEBCwUAA4IBAQByOnIU5K7bQdcW4aLOdcdlnNcdvVKdpglPkgrM
/8je/IysafYCVjWvlGZPGzJNa+hgu8m36Ns/R+y2zjl4IQF3RvSs37hC5rvqtBed
25/E1UbDqRVaEsWDR9IUyrnVHy/exAABf6vnkz1bzlJvgPRD9tHcj4AT5OsJTeLf
NhZ4boaAi1c3kMeqHh19o13jTY/7H+PTWcPf+i2uqttSWQZcFDtdgYsUfxYh1L9M
k4rfaChlS5ZtYGHq3eE+r9YIN3hk7bxrqoxkoh7A3j/l2aRrjlyNZ5ioacyyxmsC
nx0S3mfKjvwacK7KQuEZYpynyDENBlA0C6azpKK31PxmmD55
-----END CERTIFICATE-----