Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214481.roa
File:                     AS214481.roa (raw, json)
Hash identifier:          eKYvbI9ffcllCdC8eQwNQSsQ4g4KsNP3y0Rg0QYmS60=
Subject key identifier:   27:B9:52:72:2A:20:8D:B2:A6:95:3A:0C:71:4A:07:F3:1B:7E:96:64
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       7D3C3DBCC9BD15039071EDB7183A6C1D8D37C982
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214481.roa
Signing time:             Sat 23 May 2026 12:40:42 +0000
ROA not before:           Sat 23 May 2026 12:35:42 +0000
ROA not after:            Sat 22 May 2027 12:40:42 +0000
asID:                     214481
IP address blocks:        2a14:7583:ff2c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 07:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:3c:3d:bc:c9:bd:15:03:90:71:ed:b7:18:3a:6c:1d:8d:37:c9:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: May 23 12:35:42 2026 GMT
            Not After : May 22 12:40:42 2027 GMT
        Subject: CN=27B952722A208DB2A6953A0C714A07F31B7E9664
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:b3:bd:8c:43:a7:f6:9b:dc:a3:69:12:68:3c:
                    f5:aa:4d:26:a2:3e:72:71:17:f0:7b:0e:c9:28:9e:
                    e9:c2:a0:06:e7:42:db:b0:f5:c4:c2:13:b3:2b:c3:
                    31:78:3a:b6:5d:62:a9:0a:03:d2:7b:1f:b5:46:9b:
                    6d:9c:1a:fb:64:f3:44:4b:d8:f4:f3:20:19:ad:fb:
                    fa:d3:44:7c:bb:31:bb:d0:64:3e:61:c4:73:8d:2f:
                    40:96:1b:99:45:dc:c6:1a:ab:2d:1f:3f:ce:cd:a2:
                    0f:49:77:e0:b5:db:2e:3e:ef:59:6d:05:98:0a:ef:
                    a8:70:d4:35:e0:f8:6d:a9:3d:1b:67:4f:8e:32:04:
                    ce:56:5c:3a:02:8e:03:7e:cb:e9:c4:a1:f9:60:77:
                    e8:b4:ed:c2:f2:9d:06:71:b9:a8:7c:69:e2:aa:1c:
                    dc:f5:c9:12:c4:10:97:ae:9f:43:63:69:6a:d5:ec:
                    2e:1e:9f:cf:cd:48:e5:ea:5f:90:f1:7c:50:ee:d8:
                    18:9f:d9:e5:c4:f3:23:65:cd:fd:5a:ae:da:37:d6:
                    ba:c6:a8:37:38:84:8c:a9:44:01:15:1e:cb:e3:d7:
                    c8:c8:33:94:56:2a:c1:71:6c:bb:8d:42:da:37:9f:
                    58:06:0d:48:42:b5:62:1b:9e:df:a1:97:50:6f:71:
                    8a:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:B9:52:72:2A:20:8D:B2:A6:95:3A:0C:71:4A:07:F3:1B:7E:96:64
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214481.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7583:ff2c::/48

    Signature Algorithm: sha256WithRSAEncryption
         2c:c8:b8:e2:6e:2d:57:0d:01:91:e1:95:7f:04:64:c6:13:4e:
         fb:61:21:3c:d9:11:14:c9:31:99:41:eb:a3:fd:b6:08:e9:fb:
         4c:2b:f3:cd:d1:ed:b9:ad:d4:97:7c:2a:e3:8e:21:fe:f7:07:
         33:d9:e2:0b:5d:7f:46:05:2d:09:cc:88:c5:d8:df:c2:56:23:
         c5:bc:66:b9:ef:d5:cc:c6:b3:7d:29:aa:58:87:be:2f:52:b4:
         db:16:a3:5e:c7:4a:7d:f7:56:d8:a1:e3:49:a4:b2:94:16:89:
         9d:05:63:3b:03:36:b7:81:c2:f4:c0:a0:7e:bc:30:7c:fb:7d:
         ef:71:d2:8b:d1:ad:e0:b2:60:2d:d2:9e:d5:f9:8d:c9:84:ef:
         dc:fa:04:17:82:d0:b5:d8:8f:04:ba:bb:06:06:6f:60:d3:50:
         3c:78:54:f6:bf:b1:da:c8:42:0c:14:7e:a4:fc:4b:e6:0a:b7:
         e7:67:45:05:14:85:a5:06:f9:39:fb:1d:89:05:6a:b7:73:15:
         14:87:6d:43:da:a3:8e:e0:0d:97:52:4d:82:77:2d:7b:d0:fe:
         e5:9c:41:32:48:c4:11:9f:99:56:24:f6:22:2a:d3:72:68:76:
         67:a5:11:fa:2d:4a:1c:9b:51:0a:3e:9b:9b:8d:84:82:a0:aa:
         13:76:1b:f8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUfTw9vMm9FQOQce23GDpsHY03yYIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjA1MjMxMjM1NDJaFw0yNzA1MjIxMjQwNDJaMDMxMTAvBgNV
BAMTKDI3Qjk1MjcyMkEyMDhEQjJBNjk1M0EwQzcxNEEwN0YzMUI3RTk2NjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCas72MQ6f2m9yjaRJoPPWqTSai
PnJxF/B7DskonunCoAbnQtuw9cTCE7MrwzF4OrZdYqkKA9J7H7VGm22cGvtk80RL
2PTzIBmt+/rTRHy7MbvQZD5hxHONL0CWG5lF3MYaqy0fP87Nog9Jd+C12y4+71lt
BZgK76hw1DXg+G2pPRtnT44yBM5WXDoCjgN+y+nEoflgd+i07cLynQZxuah8aeKq
HNz1yRLEEJeun0NjaWrV7C4en8/NSOXqX5DxfFDu2Bif2eXE8yNlzf1arto31rrG
qDc4hIypRAEVHsvj18jIM5RWKsFxbLuNQto3n1gGDUhCtWIbnt+hl1BvcYqdAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUJ7lSciogjbKmlToMcUoH8xt+lmQwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjE0NDgxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhR1
g/8sMA0GCSqGSIb3DQEBCwUAA4IBAQAsyLjibi1XDQGR4ZV/BGTGE077YSE82REU
yTGZQeuj/bYI6ftMK/PN0e25rdSXfCrjjiH+9wcz2eILXX9GBS0JzIjF2N/CViPF
vGa579XMxrN9KapYh74vUrTbFqNex0p991bYoeNJpLKUFomdBWM7Aza3gcL0wKB+
vDB8+33vcdKL0a3gsmAt0p7V+Y3JhO/c+gQXgtC12I8EursGBm9g01A8eFT2v7Ha
yEIMFH6k/EvmCrfnZ0UFFIWlBvk5+x2JBWq3cxUUh21D2qOO4A2XUk2Cdy170P7l
nEEySMQRn5lWJPYiKtNyaHZnpRH6LUocm1EKPpubjYSCoKoTdhv4
-----END CERTIFICATE-----