Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS213488.roa
File:                     AS213488.roa (raw, json)
Hash identifier:          264ffU6TJW391hH+siLL6o23yCWnPYAZHfGMfQQvMeU=
Subject key identifier:   44:61:DD:4D:57:81:35:B4:42:A8:E2:AA:A8:8F:F7:46:AE:7D:BB:5C
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       331C7241471B2149AB1224152AD15FA298F2DF62
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS213488.roa
Signing time:             Fri 29 Aug 2025 13:03:47 +0000
ROA not before:           Fri 29 Aug 2025 12:58:47 +0000
ROA not after:            Fri 28 Aug 2026 13:03:47 +0000
asID:                     213488
IP address blocks:        192.166.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 07:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:1c:72:41:47:1b:21:49:ab:12:24:15:2a:d1:5f:a2:98:f2:df:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Aug 29 12:58:47 2025 GMT
            Not After : Aug 28 13:03:47 2026 GMT
        Subject: CN=4461DD4D578135B442A8E2AAA88FF746AE7DBB5C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:98:71:2a:01:da:d6:f6:bd:0f:00:3c:bd:49:
                    f6:cb:53:ca:95:1d:a5:ea:df:5c:a8:d7:a5:7c:b8:
                    da:95:ae:1f:b0:e4:6c:57:47:ee:c7:3d:af:60:2b:
                    ae:14:a8:12:6c:02:3f:9b:b2:a4:80:26:66:fe:63:
                    37:c1:f6:7a:c2:d9:5b:38:24:df:cc:ec:2b:e9:db:
                    29:50:71:63:94:ca:b4:84:6c:37:d6:f0:22:2e:68:
                    8f:e1:5f:d3:ca:02:6d:33:16:ef:0a:dd:27:93:6c:
                    78:7e:73:a5:8d:1f:79:51:27:e3:df:59:d7:87:78:
                    9a:6f:f3:6c:ae:6e:5c:83:26:b5:fb:a8:b9:74:e5:
                    9e:56:e6:a2:7f:87:db:62:df:25:a7:3b:32:1d:e9:
                    e2:5c:1d:15:1e:65:80:e0:cd:7d:d8:ea:31:2c:3c:
                    b2:60:32:52:ad:11:eb:ca:5d:07:59:9c:3b:07:da:
                    40:3b:f7:b7:c5:4f:54:ce:c3:41:8a:09:28:30:58:
                    07:0a:79:48:2d:24:5c:fb:ce:cf:ff:ff:16:b2:c4:
                    67:87:12:d2:44:3b:1c:01:7e:98:b1:65:b3:2d:e9:
                    70:cc:ad:94:50:9c:32:65:38:d1:99:81:1c:ae:af:
                    73:7b:b6:0f:d3:b9:c2:ec:7c:1a:66:2c:b5:e4:9b:
                    be:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:61:DD:4D:57:81:35:B4:42:A8:E2:AA:A8:8F:F7:46:AE:7D:BB:5C
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS213488.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.166.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:16:1b:85:8a:01:33:b0:82:ab:87:42:69:fe:91:63:e1:04:
         ee:e0:d2:d0:e4:a9:14:29:20:b1:04:0a:5b:16:b9:01:02:de:
         e0:4f:ac:51:29:bd:9e:3f:ad:be:ee:81:39:71:b9:8a:23:5e:
         9d:10:3f:d7:86:ac:e6:e8:29:b3:34:9a:f2:ab:3d:6a:ce:93:
         c4:1d:33:99:08:bf:b9:cb:81:9f:6e:43:9a:d9:9d:f1:fd:9c:
         00:c6:7d:56:95:5a:06:d7:3f:af:76:4e:c3:68:47:bc:ec:ab:
         42:91:3a:50:48:17:0e:fe:f5:d7:e9:7c:63:cd:3f:6d:9d:63:
         6b:15:a1:12:e1:41:23:9f:bc:c3:1d:56:71:2e:8a:1e:f9:ec:
         70:4f:22:6c:59:98:b1:76:18:1e:33:83:7b:70:f6:5a:63:31:
         b0:64:61:34:e6:c8:34:6b:08:ae:c6:8b:4c:1a:9d:84:7c:f9:
         4c:22:68:e7:30:94:ec:a1:50:e4:95:87:01:75:8d:25:21:af:
         8a:91:f0:ff:61:66:c2:6b:38:b6:55:a4:38:44:b9:f6:54:cb:
         0f:a4:08:dd:12:fb:41:ca:de:68:10:cf:83:79:b5:b9:b8:33:
         ae:7b:d3:2d:98:44:3a:95:59:02:df:0c:63:bd:2e:b3:94:03:
         77:f8:e7:a7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUMxxyQUcbIUmrEiQVKtFfopjy32IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA4MjkxMjU4NDdaFw0yNjA4MjgxMzAzNDdaMDMxMTAvBgNV
BAMTKDQ0NjFERDRENTc4MTM1QjQ0MkE4RTJBQUE4OEZGNzQ2QUU3REJCNUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2mHEqAdrW9r0PADy9SfbLU8qV
HaXq31yo16V8uNqVrh+w5GxXR+7HPa9gK64UqBJsAj+bsqSAJmb+YzfB9nrC2Vs4
JN/M7Cvp2ylQcWOUyrSEbDfW8CIuaI/hX9PKAm0zFu8K3SeTbHh+c6WNH3lRJ+Pf
WdeHeJpv82yublyDJrX7qLl05Z5W5qJ/h9ti3yWnOzId6eJcHRUeZYDgzX3Y6jEs
PLJgMlKtEevKXQdZnDsH2kA797fFT1TOw0GKCSgwWAcKeUgtJFz7zs///xayxGeH
EtJEOxwBfpixZbMt6XDMrZRQnDJlONGZgRyur3N7tg/TucLsfBpmLLXkm77DAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQURGHdTVeBNbRCqOKqqI/3Rq59u1wwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjEzNDg4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwKZy
MA0GCSqGSIb3DQEBCwUAA4IBAQC9FhuFigEzsIKrh0Jp/pFj4QTu4NLQ5KkUKSCx
BApbFrkBAt7gT6xRKb2eP62+7oE5cbmKI16dED/Xhqzm6CmzNJryqz1qzpPEHTOZ
CL+5y4GfbkOa2Z3x/ZwAxn1WlVoG1z+vdk7DaEe87KtCkTpQSBcO/vXX6XxjzT9t
nWNrFaES4UEjn7zDHVZxLooe+exwTyJsWZixdhgeM4N7cPZaYzGwZGE05sg0awiu
xotMGp2EfPlMImjnMJTsoVDklYcBdY0lIa+KkfD/YWbCazi2VaQ4RLn2VMsPpAjd
EvtByt5oEM+DebW5uDOue9MtmEQ6lVkC3wxjvS6zlAN3+Oen
-----END CERTIFICATE-----