Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS214025.roa
File:                     AS214025.roa (raw, json)
Hash identifier:          bs/thaTYCCN+XNcwQSFHfKnpxHeRlSWwBDcSHR0VZz4=
Subject key identifier:   0C:14:CE:13:5C:27:FA:F2:E1:31:0C:B1:3A:29:A5:E8:DD:EA:BD:10
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       20A35725154D14A4F6E9D6A4A53731EAA2680E3F
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS214025.roa
Signing time:             Fri 17 Oct 2025 02:54:52 +0000
ROA not before:           Fri 17 Oct 2025 02:49:52 +0000
ROA not after:            Fri 16 Oct 2026 02:54:52 +0000
asID:                     214025
IP address blocks:        194.93.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 07:23:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:a3:57:25:15:4d:14:a4:f6:e9:d6:a4:a5:37:31:ea:a2:68:0e:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Oct 17 02:49:52 2025 GMT
            Not After : Oct 16 02:54:52 2026 GMT
        Subject: CN=0C14CE135C27FAF2E1310CB13A29A5E8DDEABD10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:6a:2a:96:b5:f1:c6:af:71:70:f7:58:c4:d6:
                    93:cd:32:2f:25:3d:b6:e3:92:01:9b:92:da:b9:36:
                    eb:01:0d:6d:f7:5e:26:cd:f3:e9:c5:fe:ca:ef:fd:
                    92:97:1d:23:a0:86:92:0d:46:f9:ce:b5:f9:a5:e6:
                    cd:99:85:7d:64:8f:4a:ad:ba:a9:02:13:8d:50:9d:
                    58:28:b2:3a:98:61:99:2b:10:7c:36:d0:8b:d7:27:
                    f6:bf:72:45:39:13:05:61:f9:06:00:0b:1e:23:42:
                    5f:31:bd:1a:8e:f8:e5:3e:b7:6d:b8:d9:ac:36:55:
                    b7:7e:f3:ce:76:c7:e2:b9:7a:cb:4c:49:bb:c7:ac:
                    d4:78:31:c6:85:e5:ce:d9:64:fb:61:2e:0e:15:43:
                    ca:ff:fe:4a:4c:71:67:69:a6:72:29:1e:5d:14:1f:
                    8b:db:81:3c:de:e7:3c:00:12:18:00:a4:36:e0:4a:
                    2e:55:42:0f:71:cf:2d:db:43:0d:4e:a5:2b:a6:27:
                    b8:3d:48:10:3c:cc:73:d3:f6:46:0f:01:38:d5:a8:
                    fb:1a:1f:74:a6:50:75:02:5c:44:3b:52:04:58:94:
                    50:91:75:d2:e1:a0:31:f2:06:2e:7a:f5:70:5b:7d:
                    db:7f:30:11:28:1a:10:4f:ed:77:53:25:a0:b0:a2:
                    1b:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:14:CE:13:5C:27:FA:F2:E1:31:0C:B1:3A:29:A5:E8:DD:EA:BD:10
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS214025.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.93.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:d9:af:b4:67:c2:0b:ab:59:12:93:9e:77:e5:33:9a:2c:41:
         34:b2:f2:04:22:77:ad:d2:9e:0c:c7:50:f1:76:df:a0:2d:fd:
         8c:91:54:dd:61:40:17:33:57:eb:1b:24:22:30:95:70:71:1c:
         26:9a:c0:e9:a6:3c:53:36:1d:c9:82:a7:22:a8:fa:f6:22:39:
         bc:d0:dd:7b:c8:02:7a:bf:48:39:94:1c:6a:70:24:3b:5c:15:
         ed:26:e2:29:9a:41:9c:11:ed:ec:c7:15:73:4e:b3:8b:3e:99:
         b8:30:1b:84:8a:5a:96:26:7e:fd:ca:e9:23:63:d9:40:ff:7f:
         0d:69:30:fd:e7:63:b2:c4:25:57:5f:70:ae:52:4b:f8:fe:e1:
         c4:d5:74:3d:c8:98:fe:0c:4e:28:39:12:72:f8:52:5c:11:70:
         e3:3f:ad:35:32:81:0d:f6:7b:9f:e4:cb:b4:67:30:9b:d0:3d:
         5b:82:f8:45:ec:b9:6a:2f:4d:3a:65:35:6a:ea:75:47:18:37:
         2e:3b:a5:73:43:b2:b4:ee:ff:58:f1:26:43:e1:34:45:cb:0e:
         be:e0:3c:99:09:f7:2e:96:44:d5:c1:e9:d2:c9:74:04:fa:00:
         8c:4f:bb:79:1e:67:43:aa:44:ca:31:22:9f:54:4d:86:29:da:
         c6:9e:7c:c4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUIKNXJRVNFKT26dakpTcx6qJoDj8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTEwMTcwMjQ5NTJaFw0yNjEwMTYwMjU0NTJaMDMxMTAvBgNV
BAMTKDBDMTRDRTEzNUMyN0ZBRjJFMTMxMENCMTNBMjlBNUU4RERFQUJEMTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzaiqWtfHGr3Fw91jE1pPNMi8l
PbbjkgGbktq5NusBDW33XibN8+nF/srv/ZKXHSOghpINRvnOtfml5s2ZhX1kj0qt
uqkCE41QnVgosjqYYZkrEHw20IvXJ/a/ckU5EwVh+QYACx4jQl8xvRqO+OU+t224
2aw2Vbd+8852x+K5estMSbvHrNR4McaF5c7ZZPthLg4VQ8r//kpMcWdppnIpHl0U
H4vbgTze5zwAEhgApDbgSi5VQg9xzy3bQw1OpSumJ7g9SBA8zHPT9kYPATjVqPsa
H3SmUHUCXEQ7UgRYlFCRddLhoDHyBi569XBbfdt/MBEoGhBP7XdTJaCwohsVAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUDBTOE1wn+vLhMQyxOiml6N3qvRAwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjE0MDI1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwl0z
MA0GCSqGSIb3DQEBCwUAA4IBAQAI2a+0Z8ILq1kSk5535TOaLEE0svIEInet0p4M
x1Dxdt+gLf2MkVTdYUAXM1frGyQiMJVwcRwmmsDppjxTNh3JgqciqPr2Ijm80N17
yAJ6v0g5lBxqcCQ7XBXtJuIpmkGcEe3sxxVzTrOLPpm4MBuEilqWJn79yukjY9lA
/38NaTD952OyxCVXX3CuUkv4/uHE1XQ9yJj+DE4oORJy+FJcEXDjP601MoEN9nuf
5Mu0ZzCb0D1bgvhF7LlqL006ZTVq6nVHGDcuO6VzQ7K07v9Y8SZD4TRFyw6+4DyZ
CfculkTVwenSyXQE+gCMT7t5HmdDqkTKMSKfVE2GKdrGnnzE
-----END CERTIFICATE-----