Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS2914.roa
File:                     AS2914.roa (raw, json)
Hash identifier:          d1VqvJzKqO5FPS9yOGLBtcHyQd65Vp3Mh1+NaFaY3bA=
Subject key identifier:   5B:4F:9E:30:52:65:D9:27:D0:D6:3A:75:67:4B:AE:3D:22:DE:7A:47
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       4D10DBD655681C1FFC36D2E56FA3BE2C74232B88
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS2914.roa
Signing time:             Thu 21 May 2026 11:59:22 +0000
ROA not before:           Thu 21 May 2026 11:54:22 +0000
ROA not after:            Thu 20 May 2027 11:59:22 +0000
asID:                     2914
IP address blocks:        51.194.148.0/22 maxlen: 24
                          51.241.156.0/24 maxlen: 24
                          51.241.157.0/24 maxlen: 24
                          51.241.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 May 2026 11:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:10:db:d6:55:68:1c:1f:fc:36:d2:e5:6f:a3:be:2c:74:23:2b:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: May 21 11:54:22 2026 GMT
            Not After : May 20 11:59:22 2027 GMT
        Subject: CN=5B4F9E305265D927D0D63A75674BAE3D22DE7A47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:11:10:5e:16:72:73:54:43:a5:b1:2e:a9:34:
                    71:21:cc:95:a3:49:d9:74:0f:db:95:f4:da:93:70:
                    3c:d0:dc:93:eb:50:7d:fc:89:1c:e3:c9:85:21:d0:
                    5e:a4:67:47:2e:9e:c4:78:2e:9a:d0:ff:45:0e:8f:
                    39:f4:6b:0c:02:3b:21:95:8b:2a:24:89:fc:99:fb:
                    58:ef:0c:b4:0a:f2:2b:cc:3f:49:ea:20:7f:11:af:
                    dd:48:1d:fb:8e:38:ef:bf:bd:9e:29:30:50:63:9b:
                    cb:4e:a8:dd:64:d8:17:aa:9d:88:db:e1:24:e4:db:
                    11:f7:b9:63:87:5b:c2:86:8e:c3:bb:7a:fa:65:f5:
                    f0:18:84:9e:96:e8:f6:f5:da:47:a9:49:a0:76:b0:
                    39:30:f7:50:f1:4a:fa:33:91:7a:13:c9:b9:ce:38:
                    ec:fc:e0:be:b6:b9:60:a6:d6:5c:f8:02:8a:c8:17:
                    a2:91:84:0a:6a:1e:ea:df:73:b9:41:ad:f2:a2:68:
                    e2:42:bb:42:79:58:40:c6:67:12:f8:1a:9b:58:00:
                    66:e3:ee:31:a2:f0:c4:ef:4e:79:f2:cd:4c:c9:ed:
                    a4:7f:c5:94:bc:aa:8a:f7:93:a7:6b:7b:d3:61:58:
                    36:33:ae:3c:49:92:97:c1:16:44:6a:47:e6:75:66:
                    7c:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:4F:9E:30:52:65:D9:27:D0:D6:3A:75:67:4B:AE:3D:22:DE:7A:47
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS2914.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.194.148.0/22
                  51.241.156.0-51.241.158.255

    Signature Algorithm: sha256WithRSAEncryption
         14:a4:f5:e2:2b:a9:8b:6c:fc:c3:d4:da:fd:08:2b:33:a4:80:
         16:83:87:36:e6:ac:85:c8:66:1a:3b:9d:d0:3d:a0:34:17:d4:
         e5:ac:9b:1b:4f:f5:92:48:eb:45:b8:92:ff:39:dd:ce:19:c7:
         1b:c1:9d:6a:d8:6b:21:4f:d8:9c:66:aa:d6:a9:ca:73:53:dc:
         ac:1d:7b:a9:a0:42:c7:0a:02:00:96:e0:32:26:83:22:d3:0c:
         ad:f4:fb:c0:c5:e0:44:0a:6e:f6:52:c6:c5:2b:3b:22:a4:f0:
         80:55:10:22:a7:38:2f:ab:01:99:a5:53:c5:75:f0:24:99:b0:
         d7:3a:66:ae:6a:b1:44:66:03:9e:6d:15:c7:eb:96:f9:7e:c6:
         5d:b5:2a:b3:06:9a:25:ed:b7:9b:f6:45:09:71:d6:f9:5b:1c:
         81:7d:f4:5c:59:c3:ea:a2:46:35:ba:f9:cd:b8:6d:14:2b:fa:
         38:94:b3:57:ca:a4:a1:5c:4a:b6:54:b8:a3:2e:09:0c:4e:32:
         ee:e5:8b:46:21:a4:26:af:68:b3:61:65:ec:a0:b0:96:01:3a:
         5c:a6:b5:89:47:e2:cc:b0:f8:c4:22:b0:e2:ac:9e:d0:b8:95:
         8c:8f:3e:14:32:26:60:13:c4:cd:6d:79:89:ac:cd:81:d7:78:
         23:47:72:f9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUTRDb1lVoHB/8NtLlb6O+LHQjK4gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA1MjExMTU0MjJaFw0yNzA1MjAxMTU5MjJaMDMxMTAvBgNV
BAMTKDVCNEY5RTMwNTI2NUQ5MjdEMEQ2M0E3NTY3NEJBRTNEMjJERTdBNDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQERBeFnJzVEOlsS6pNHEhzJWj
Sdl0D9uV9NqTcDzQ3JPrUH38iRzjyYUh0F6kZ0cunsR4LprQ/0UOjzn0awwCOyGV
iyokifyZ+1jvDLQK8ivMP0nqIH8Rr91IHfuOOO+/vZ4pMFBjm8tOqN1k2BeqnYjb
4STk2xH3uWOHW8KGjsO7evpl9fAYhJ6W6Pb12kepSaB2sDkw91DxSvozkXoTybnO
OOz84L62uWCm1lz4AorIF6KRhApqHurfc7lBrfKiaOJCu0J5WEDGZxL4GptYAGbj
7jGi8MTvTnnyzUzJ7aR/xZS8qor3k6dre9NhWDYzrjxJkpfBFkRqR+Z1ZnwBAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUW0+eMFJl2SfQ1jp1Z0uuPSLeekcwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMjkxNC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAtBggrBgEFBQcBBwEB/wQeMBwwGgQCAAEwFAMEAjPClDAM
AwQCM/GcAwQAM/GeMA0GCSqGSIb3DQEBCwUAA4IBAQAUpPXiK6mLbPzD1Nr9CCsz
pIAWg4c25qyFyGYaO53QPaA0F9TlrJsbT/WSSOtFuJL/Od3OGccbwZ1q2GshT9ic
ZqrWqcpzU9ysHXupoELHCgIAluAyJoMi0wyt9PvAxeBECm72UsbFKzsipPCAVRAi
pzgvqwGZpVPFdfAkmbDXOmauarFEZgOebRXH65b5fsZdtSqzBpol7beb9kUJcdb5
WxyBffRcWcPqokY1uvnNuG0UK/o4lLNXyqShXEq2VLijLgkMTjLu5YtGIaQmr2iz
YWXsoLCWATpcprWJR+LMsPjEIrDirJ7QuJWMjz4UMiZgE8TNbXmJrM2B13gjR3L5
-----END CERTIFICATE-----