Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS2914.roa
File:                     AS2914.roa (raw, json)
Hash identifier:          dfV1EFMzi3pxms7WJkvKaavgdz5ZuW10QTrvbNTBOOs=
Subject key identifier:   B9:77:B8:CB:4D:63:80:42:46:1A:EB:0B:45:88:EC:41:83:A6:BF:68
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       3E63D4D4D60C0DD1FC9E327D48C9943E82DA5B51
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS2914.roa
Signing time:             Fri 03 Jul 2026 08:39:20 +0000
ROA not before:           Fri 03 Jul 2026 08:34:20 +0000
ROA not after:            Fri 02 Jul 2027 08:39:20 +0000
asID:                     2914
IP address blocks:        51.194.148.0/22 maxlen: 24
                          51.194.224.0/24 maxlen: 24
                          51.194.243.0/24 maxlen: 24
                          51.241.156.0/24 maxlen: 24
                          51.241.157.0/24 maxlen: 24
                          51.241.158.0/24 maxlen: 24
                          51.241.236.0/22 maxlen: 24
                          78.105.163.0/24 maxlen: 24
                          188.220.59.0/24 maxlen: 24
                          188.220.86.0/24 maxlen: 24
                          188.220.88.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 Jul 2026 14:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:63:d4:d4:d6:0c:0d:d1:fc:9e:32:7d:48:c9:94:3e:82:da:5b:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Jul  3 08:34:20 2026 GMT
            Not After : Jul  2 08:39:20 2027 GMT
        Subject: CN=B977B8CB4D638042461AEB0B4588EC4183A6BF68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:09:6b:38:7e:8d:23:31:1e:57:cb:58:7e:fe:
                    c1:99:52:7d:41:66:92:2f:f7:2f:92:cd:91:9c:6d:
                    0b:46:0b:e9:81:fe:b9:2a:03:fc:dd:74:47:62:7d:
                    f7:ee:6a:5c:ee:9a:39:cd:10:84:35:79:4f:7b:7f:
                    e9:92:0b:58:6f:2e:11:9b:5a:0f:d8:ab:2c:a6:91:
                    25:aa:de:92:e2:69:e9:86:02:29:1d:8b:98:2b:ee:
                    4a:75:ae:b8:40:fc:b2:1c:2d:56:0f:06:48:50:86:
                    4e:f5:ac:a9:41:89:d7:e1:4e:d5:2d:66:82:c6:a5:
                    e1:8d:de:31:15:86:14:3d:67:c1:09:d5:78:b8:17:
                    73:ee:f1:a6:c5:52:f0:9d:c3:dd:59:bc:be:8d:0d:
                    2a:60:13:db:da:e9:0e:00:84:e3:cd:00:4a:af:87:
                    5d:23:3b:4c:50:f3:19:29:95:84:7c:e6:a4:7a:5c:
                    c1:9b:ab:10:ee:96:f3:e6:d7:a3:1c:f0:b3:63:2b:
                    66:1d:89:62:b5:05:54:3c:6b:90:0d:85:85:e4:5d:
                    db:77:20:f9:8b:9f:e1:e4:97:cc:58:53:8f:25:52:
                    f1:fa:62:fe:67:fd:38:44:92:75:65:5c:15:41:ad:
                    c9:96:fe:f8:31:93:0d:ed:9a:b6:6b:e1:cd:1d:36:
                    fa:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:77:B8:CB:4D:63:80:42:46:1A:EB:0B:45:88:EC:41:83:A6:BF:68
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS2914.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.194.148.0/22
                  51.194.224.0/24
                  51.194.243.0/24
                  51.241.156.0-51.241.158.255
                  51.241.236.0/22
                  78.105.163.0/24
                  188.220.59.0/24
                  188.220.86.0/24
                  188.220.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:0e:a8:33:3d:a3:6f:17:60:9a:b7:4a:d1:e9:d9:cd:d5:1d:
         31:0b:ff:22:4b:01:1c:bb:90:84:73:43:96:98:f2:e5:f0:c7:
         76:f7:46:eb:21:9b:34:95:ed:15:cc:9c:a1:d1:f7:90:ca:10:
         d3:94:8c:40:60:c5:a7:bd:b2:49:fc:e1:01:45:a0:9c:44:37:
         af:b8:34:ad:88:ab:8d:c3:ff:df:d6:a1:2b:2d:f0:77:fd:6b:
         cb:42:f2:9f:0d:9a:1e:f9:08:09:b6:e1:96:b0:94:77:ac:6d:
         88:34:9b:ab:ea:8c:11:b8:a1:ae:f0:6a:da:3a:f3:86:c0:7c:
         21:e7:18:81:d6:20:56:86:5f:4c:0d:5f:bd:28:cf:3f:96:5c:
         e5:1d:af:66:ce:c1:61:e8:94:28:8b:35:59:4b:03:68:47:8c:
         3c:b1:35:48:b1:f5:29:65:30:2b:a2:a5:a2:0b:3a:a1:87:f7:
         eb:bc:c2:a1:e0:ee:ef:c4:64:fe:80:95:9f:b0:7a:34:96:d1:
         50:ea:79:19:fb:df:a9:2e:94:7c:af:2d:95:53:d7:88:58:7b:
         0f:98:0c:36:ab:34:0e:7d:bf:93:46:83:37:22:9c:61:43:9f:
         2b:1c:c9:6f:8c:2a:fa:3d:50:82:0b:92:04:eb:32:83:7b:f5:
         13:ad:58:94
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgIUPmPU1NYMDdH8njJ9SMmUPoLaW1EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA3MDMwODM0MjBaFw0yNzA3MDIwODM5MjBaMDMxMTAvBgNV
BAMTKEI5NzdCOENCNEQ2MzgwNDI0NjFBRUIwQjQ1ODhFQzQxODNBNkJGNjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiCWs4fo0jMR5Xy1h+/sGZUn1B
ZpIv9y+SzZGcbQtGC+mB/rkqA/zddEdifffualzumjnNEIQ1eU97f+mSC1hvLhGb
Wg/YqyymkSWq3pLiaemGAikdi5gr7kp1rrhA/LIcLVYPBkhQhk71rKlBidfhTtUt
ZoLGpeGN3jEVhhQ9Z8EJ1Xi4F3Pu8abFUvCdw91ZvL6NDSpgE9va6Q4AhOPNAEqv
h10jO0xQ8xkplYR85qR6XMGbqxDulvPm16Mc8LNjK2YdiWK1BVQ8a5ANhYXkXdt3
IPmLn+Hkl8xYU48lUvH6Yv5n/ThEknVlXBVBrcmW/vgxkw3tmrZr4c0dNvqPAgMB
AAGjggJAMIICPDAdBgNVHQ4EFgQUuXe4y01jgEJGGusLRYjsQYOmv2gwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMjkxNC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBXBggrBgEFBQcBBwEB/wRIMEYwRAQCAAEwPgMEAjPClAME
ADPC4AMEADPC8zAMAwQCM/GcAwQAM/GeAwQCM/HsAwQATmmjAwQAvNw7AwQAvNxW
AwQAvNxYMA0GCSqGSIb3DQEBCwUAA4IBAQAdDqgzPaNvF2Cat0rR6dnN1R0xC/8i
SwEcu5CEc0OWmPLl8Md290brIZs0le0VzJyh0feQyhDTlIxAYMWnvbJJ/OEBRaCc
RDevuDStiKuNw//f1qErLfB3/WvLQvKfDZoe+QgJtuGWsJR3rG2INJur6owRuKGu
8GraOvOGwHwh5xiB1iBWhl9MDV+9KM8/llzlHa9mzsFh6JQoizVZSwNoR4w8sTVI
sfUpZTAroqWiCzqhh/frvMKh4O7vxGT+gJWfsHo0ltFQ6nkZ+9+pLpR8ry2VU9eI
WHsPmAw2qzQOfb+TRoM3IpxhQ58rHMlvjCr6PVCCC5IE6zKDe/UTrViU
-----END CERTIFICATE-----
Generated at Tue Jul 7 22:11:35 2026 by rpki-client