Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214882.roa
File:                     AS214882.roa (raw, json)
Hash identifier:          QeQmD2qE+Wd7UiepxZYEQ20wjiRC4idAM3DiU7kEpyE=
Subject key identifier:   82:8E:60:7A:53:A4:9C:AD:D9:A1:84:A6:71:BA:05:7B:ED:1D:68:75
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       1E29CD28015D77742D3DE0659436A2D1FEF91FC9
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214882.roa
Signing time:             Fri 26 Jun 2026 08:08:43 +0000
ROA not before:           Fri 26 Jun 2026 08:03:43 +0000
ROA not after:            Fri 25 Jun 2027 08:08:43 +0000
asID:                     214882
IP address blocks:        2a0f:85c1:3da::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Jul 2026 17:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:29:cd:28:01:5d:77:74:2d:3d:e0:65:94:36:a2:d1:fe:f9:1f:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jun 26 08:03:43 2026 GMT
            Not After : Jun 25 08:08:43 2027 GMT
        Subject: CN=828E607A53A49CADD9A184A671BA057BED1D6875
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:7c:6c:8c:b3:99:7b:91:18:92:af:57:61:cb:
                    be:d1:85:af:d3:33:23:63:b8:aa:09:1b:61:bd:82:
                    f8:5e:2c:59:2a:3c:ed:98:14:b9:73:a9:38:77:4f:
                    06:82:a3:ba:7c:ab:fd:bd:22:b6:46:c6:99:fa:f9:
                    a7:b3:b1:9a:fa:35:83:1e:57:4f:4b:56:04:d3:05:
                    27:d6:82:cd:da:c7:81:12:5f:92:76:6e:8c:de:05:
                    fc:ef:1b:b2:3c:ce:39:95:c0:08:9a:08:af:99:fb:
                    48:c3:26:05:19:38:15:9b:20:bc:b2:c8:ae:0e:23:
                    9b:a2:ca:9e:2b:b0:c8:23:3b:5c:25:5f:ab:98:94:
                    cc:60:ec:b4:ec:5b:04:6e:d9:83:4f:d8:95:60:b1:
                    85:b5:1f:0b:76:ff:f3:38:b2:f4:a8:f6:d7:54:43:
                    89:2a:f6:be:2d:a6:36:ca:e1:5f:9d:a5:7e:70:37:
                    9b:ec:b2:f3:76:7c:0c:07:5a:c5:e2:d2:af:d6:84:
                    27:2c:92:a0:a5:1e:1c:6d:b7:25:80:8a:ec:d5:c2:
                    29:1d:45:de:c8:40:63:a2:39:d7:44:a2:6e:20:5d:
                    fb:12:bf:ce:28:d5:9d:19:0c:23:b7:03:06:c6:6d:
                    10:4c:e4:58:8e:07:07:0a:bf:8e:74:e5:a0:da:93:
                    2e:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:8E:60:7A:53:A4:9C:AD:D9:A1:84:A6:71:BA:05:7B:ED:1D:68:75
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214882.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:3da::/48

    Signature Algorithm: sha256WithRSAEncryption
         14:68:88:e1:80:ce:53:da:9d:36:91:7a:fe:69:71:3f:2f:b7:
         12:21:77:de:4c:29:36:b7:72:73:c5:61:f3:50:93:9b:ad:b1:
         b6:9a:54:52:6b:38:df:08:9c:60:a8:39:92:f6:d6:57:a3:96:
         01:49:74:af:67:49:82:25:b3:d1:00:16:aa:83:bd:97:51:11:
         5c:47:0b:0f:ce:3f:04:dc:33:bc:e4:58:d0:88:fe:0f:02:83:
         0d:10:0a:62:75:f2:45:40:d6:aa:9b:7f:c3:e8:50:85:2d:a2:
         43:af:42:22:d8:d2:ba:32:bd:38:c2:8f:ff:92:80:31:f4:20:
         73:df:3a:12:37:25:da:00:53:d0:2d:22:92:f7:94:36:d6:7c:
         6f:94:d6:3e:b5:b7:6e:a7:2c:73:d4:96:cc:40:e2:91:43:d4:
         b8:6b:04:a1:46:0e:69:a9:bb:ae:f3:ce:17:af:a2:14:cb:a3:
         cc:fa:ae:7f:a1:fb:ef:69:d2:2a:c4:f1:f8:b8:ca:73:d1:de:
         7b:02:0c:46:f0:4a:39:dc:3a:2c:c3:2f:d9:08:c0:5a:89:0b:
         65:f3:a7:86:bd:80:c7:69:c5:b4:03:90:d9:94:fc:cc:52:66:
         ee:2f:a2:46:62:a4:fa:a1:14:a8:05:b6:2b:da:9c:e0:15:69:
         0d:0f:f5:4c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUHinNKAFdd3QtPeBllDai0f75H8kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjA2MjYwODAzNDNaFw0yNzA2MjUwODA4NDNaMDMxMTAvBgNV
BAMTKDgyOEU2MDdBNTNBNDlDQUREOUExODRBNjcxQkEwNTdCRUQxRDY4NzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrfGyMs5l7kRiSr1dhy77Rha/T
MyNjuKoJG2G9gvheLFkqPO2YFLlzqTh3TwaCo7p8q/29IrZGxpn6+aezsZr6NYMe
V09LVgTTBSfWgs3ax4ESX5J2bozeBfzvG7I8zjmVwAiaCK+Z+0jDJgUZOBWbILyy
yK4OI5uiyp4rsMgjO1wlX6uYlMxg7LTsWwRu2YNP2JVgsYW1Hwt2//M4svSo9tdU
Q4kq9r4tpjbK4V+dpX5wN5vssvN2fAwHWsXi0q/WhCcskqClHhxttyWAiuzVwikd
Rd7IQGOiOddEom4gXfsSv84o1Z0ZDCO3AwbGbRBM5FiOBwcKv4505aDaky4ZAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUgo5gelOknK3ZoYSmcboFe+0daHUwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0ODgyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQPaMA0GCSqGSIb3DQEBCwUAA4IBAQAUaIjhgM5T2p02kXr+aXE/L7cSIXfeTCk2
t3JzxWHzUJObrbG2mlRSazjfCJxgqDmS9tZXo5YBSXSvZ0mCJbPRABaqg72XURFc
RwsPzj8E3DO85FjQiP4PAoMNEApidfJFQNaqm3/D6FCFLaJDr0Ii2NK6Mr04wo//
koAx9CBz3zoSNyXaAFPQLSKS95Q21nxvlNY+tbdupyxz1JbMQOKRQ9S4awShRg5p
qbuu884Xr6IUy6PM+q5/ofvvadIqxPH4uMpz0d57AgxG8Eo53Doswy/ZCMBaiQtl
86eGvYDHacW0A5DZlPzMUmbuL6JGYqT6oRSoBbYr2pzgFWkND/VM
-----END CERTIFICATE-----
Generated at Sat Jul 18 01:15:20 2026 by rpki-client