Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS214260.roa
File:                     AS214260.roa (raw, json)
Hash identifier:          clGA/XgQFJqw9j2Y6K1G13IPsmvZ/Rjpo+VpkGXD3wI=
Subject key identifier:   BD:A3:86:DF:6D:B9:DD:20:B4:E1:2B:2A:2F:51:50:5D:0B:C8:6D:DB
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       0D5E26416DFA8EBC152A707A81DF7AEECB1F8EC3
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS214260.roa
Signing time:             Thu 21 May 2026 09:12:16 +0000
ROA not before:           Thu 21 May 2026 09:07:16 +0000
ROA not after:            Thu 20 May 2027 09:12:16 +0000
asID:                     214260
IP address blocks:        51.241.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:5e:26:41:6d:fa:8e:bc:15:2a:70:7a:81:df:7a:ee:cb:1f:8e:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: May 21 09:07:16 2026 GMT
            Not After : May 20 09:12:16 2027 GMT
        Subject: CN=BDA386DF6DB9DD20B4E12B2A2F51505D0BC86DDB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:7a:5f:f7:98:15:dc:d2:a1:09:f6:e7:6c:13:
                    a5:6c:48:07:47:6f:2b:0c:6c:02:a4:d3:23:5e:cd:
                    1e:30:0a:49:3d:1f:40:4a:b9:6a:10:6f:d5:44:09:
                    76:2d:b9:72:ca:31:23:8d:cd:42:10:a5:a0:d0:58:
                    a9:a2:1c:70:a5:5e:54:21:f2:d6:62:c1:6a:80:97:
                    55:17:e9:87:46:4b:94:c3:bd:99:cf:6d:79:e3:eb:
                    d4:1c:84:5d:29:f6:ff:81:b6:fa:8a:6a:b7:cd:85:
                    8f:de:cd:c5:67:97:55:2a:47:6b:ca:71:e4:b1:cc:
                    93:a4:d9:bd:35:07:6e:bf:bd:8e:f6:71:bd:f5:90:
                    eb:01:9d:32:4a:8e:de:d0:a1:97:0b:7c:70:6a:ff:
                    63:a8:46:77:be:b8:a9:e2:b2:3d:59:82:13:c4:fa:
                    c2:d4:67:f2:f0:1a:f8:67:be:c6:a8:36:8f:01:08:
                    8e:18:58:27:18:0a:0f:2e:a1:37:65:7f:9c:8a:fc:
                    25:21:67:cf:79:50:93:e8:35:a9:8e:26:44:87:cc:
                    e3:5d:53:12:eb:fb:65:09:c9:fd:0a:48:fc:ab:bf:
                    5d:b9:13:62:0b:96:99:17:56:a8:61:c8:a6:75:71:
                    b8:e0:f3:ba:dc:13:7a:92:01:58:de:93:ec:a4:a6:
                    4f:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:A3:86:DF:6D:B9:DD:20:B4:E1:2B:2A:2F:51:50:5D:0B:C8:6D:DB
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS214260.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.241.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:b4:b0:20:10:5b:55:db:df:74:76:11:a3:67:1d:83:53:46:
         c7:8c:23:15:26:2a:c5:f8:cd:a7:c6:e3:72:1e:84:7c:46:0d:
         5d:05:09:5c:e0:37:00:78:96:6c:89:88:42:f1:a0:71:cc:64:
         8e:8a:ac:c1:58:0b:1a:82:73:6e:92:4c:58:5b:ac:59:a0:18:
         be:3e:7d:78:81:b7:99:4d:00:dd:5f:b4:44:74:c6:5a:3a:c1:
         6f:2b:15:d8:b3:44:c9:d0:53:2e:43:f3:54:a8:ba:bd:20:79:
         d4:c1:82:73:96:60:cf:58:f5:81:9b:c6:11:80:7d:36:35:3c:
         d0:a5:a7:c5:43:70:93:57:27:16:06:94:f6:e7:ad:08:be:35:
         7f:ba:9e:37:ee:63:76:ff:d2:9f:47:7e:f1:73:ad:ab:5a:a0:
         e4:e0:46:ca:53:8c:8a:67:94:0d:88:ca:f0:b1:9a:81:ba:b2:
         62:74:96:a0:c0:c8:2b:2f:48:fc:f0:c5:ed:c9:d8:1b:2f:03:
         6d:a0:3b:d4:9e:9f:5c:10:8c:f5:7c:10:4e:a9:c0:60:10:a7:
         de:71:67:ca:09:0c:c4:10:fc:56:98:70:17:21:e2:32:bf:dc:
         a6:eb:95:5e:06:7f:26:54:43:96:14:30:16:46:61:e5:c5:50:
         ad:ca:21:db
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUDV4mQW36jrwVKnB6gd967ssfjsMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA1MjEwOTA3MTZaFw0yNzA1MjAwOTEyMTZaMDMxMTAvBgNV
BAMTKEJEQTM4NkRGNkRCOUREMjBCNEUxMkIyQTJGNTE1MDVEMEJDODZEREIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYel/3mBXc0qEJ9udsE6VsSAdH
bysMbAKk0yNezR4wCkk9H0BKuWoQb9VECXYtuXLKMSONzUIQpaDQWKmiHHClXlQh
8tZiwWqAl1UX6YdGS5TDvZnPbXnj69QchF0p9v+BtvqKarfNhY/ezcVnl1UqR2vK
ceSxzJOk2b01B26/vY72cb31kOsBnTJKjt7QoZcLfHBq/2OoRne+uKnisj1ZghPE
+sLUZ/LwGvhnvsaoNo8BCI4YWCcYCg8uoTdlf5yK/CUhZ895UJPoNamOJkSHzONd
UxLr+2UJyf0KSPyrv125E2ILlpkXVqhhyKZ1cbjg87rcE3qSAVjek+ykpk8rAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUvaOG32253SC04SsqL1FQXQvIbdswHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMjE0MjYwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAM/GX
MA0GCSqGSIb3DQEBCwUAA4IBAQATtLAgEFtV2990dhGjZx2DU0bHjCMVJirF+M2n
xuNyHoR8Rg1dBQlc4DcAeJZsiYhC8aBxzGSOiqzBWAsagnNukkxYW6xZoBi+Pn14
gbeZTQDdX7REdMZaOsFvKxXYs0TJ0FMuQ/NUqLq9IHnUwYJzlmDPWPWBm8YRgH02
NTzQpafFQ3CTVycWBpT2560IvjV/up437mN2/9KfR37xc62rWqDk4EbKU4yKZ5QN
iMrwsZqBurJidJagwMgrL0j88MXtydgbLwNtoDvUnp9cEIz1fBBOqcBgEKfecWfK
CQzEEPxWmHAXIeIyv9ym65VeBn8mVEOWFDAWRmHlxVCtyiHb
-----END CERTIFICATE-----