Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS214025.roa
File:                     AS214025.roa (raw, json)
Hash identifier:          gsP5ElelW79UoZ/S4b5iuiCN9J8oDh/zaX+jU111cAk=
Subject key identifier:   FC:87:E9:E0:69:32:D8:66:3C:17:A7:D0:C5:32:CD:49:58:48:32:09
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       6C655A103552B4492E4BD6BD2B3852D37501D31D
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS214025.roa
Signing time:             Sun 04 May 2025 04:57:41 +0000
ROA not before:           Sun 04 May 2025 04:52:41 +0000
ROA not after:            Sun 03 May 2026 04:57:41 +0000
asID:                     214025
IP address blocks:        141.11.166.0/24 maxlen: 24
                          141.11.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:65:5a:10:35:52:b4:49:2e:4b:d6:bd:2b:38:52:d3:75:01:d3:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May  4 04:52:41 2025 GMT
            Not After : May  3 04:57:41 2026 GMT
        Subject: CN=FC87E9E06932D8663C17A7D0C532CD4958483209
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:ce:15:cd:d1:fe:84:e8:60:8e:0f:a1:61:a8:
                    d6:e9:85:de:5d:2b:13:d3:97:f3:21:5f:f9:ec:38:
                    23:dd:f0:53:1b:a4:fc:ed:29:e5:80:72:01:24:49:
                    49:c0:69:43:d7:3e:3b:85:f4:d6:95:75:98:d2:fd:
                    57:75:18:4f:02:90:24:dc:09:a1:68:14:64:25:f2:
                    a1:c2:83:e5:e2:00:16:36:f7:b2:7f:42:e9:e8:2e:
                    eb:7c:84:b0:1a:d6:e6:a1:9c:66:c7:22:1f:f3:37:
                    cf:58:ea:44:6f:4e:be:19:35:fc:c3:70:28:d2:d5:
                    0f:0a:f2:67:a2:bd:07:d1:e8:5a:60:24:d1:79:61:
                    e6:21:e6:f7:12:fd:3b:ff:c5:bf:c4:13:61:a7:e3:
                    4b:d2:ff:36:10:51:97:ad:0d:3d:31:fc:04:5f:3c:
                    07:ea:e0:c2:97:7e:0f:49:65:af:1f:19:e2:07:78:
                    ac:c4:d0:72:20:2e:ee:9f:92:6c:d6:b5:55:31:79:
                    03:cf:00:08:56:a6:ad:ae:35:0c:8e:0a:b6:63:5a:
                    a8:3d:c4:60:df:cc:fd:cf:dd:be:7d:50:af:ae:be:
                    33:be:fc:a1:06:61:3a:c3:7b:1e:94:39:c8:a1:5d:
                    4f:d4:74:48:a8:2e:a9:31:ca:2d:0e:40:d0:dc:b6:
                    79:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:87:E9:E0:69:32:D8:66:3C:17:A7:D0:C5:32:CD:49:58:48:32:09
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS214025.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.166.0/24
                  141.11.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:3b:d4:fb:c8:90:1c:87:f3:95:f8:42:95:e4:41:05:77:b3:
         ee:9f:47:71:c6:d7:cc:88:8c:f9:24:a7:78:72:88:c1:f2:eb:
         6d:2d:ca:39:e0:31:ad:96:9a:56:68:4d:a0:5f:2b:0d:e2:12:
         c0:db:10:38:d9:92:a7:1f:37:54:3e:c6:f7:6d:77:db:66:fe:
         f8:68:78:16:15:84:ff:61:13:e9:50:13:86:a3:b3:97:41:f6:
         15:d3:30:e0:af:46:df:38:cb:3c:eb:77:72:73:4d:aa:ac:b8:
         c9:61:bd:78:ed:7a:9d:fe:ec:b6:ce:a0:50:1d:44:37:10:c8:
         a3:5e:68:ad:05:2a:f1:a5:43:70:4f:54:3a:f4:4f:6d:df:2a:
         a0:09:fd:9d:5e:e3:59:2a:eb:11:74:56:a3:65:9d:d3:ce:17:
         c0:44:b8:96:5e:04:cc:b2:be:9b:36:93:3d:ca:23:b9:f6:a0:
         9d:6c:3f:29:5e:63:ec:bd:94:f6:ec:98:41:e2:df:ef:3a:b7:
         34:bc:c2:8f:81:00:da:c8:56:e7:01:fd:8d:42:94:f6:37:2d:
         f9:02:8c:f7:ed:42:e5:51:9a:9a:64:fd:70:50:e3:b6:6e:77:
         a8:8b:2c:f7:20:1f:2b:78:07:2b:a3:65:fb:94:d1:ed:79:f4:
         a3:15:8d:31
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUbGVaEDVStEkuS9a9KzhS03UB0x0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA1MDQwNDUyNDFaFw0yNjA1MDMwNDU3NDFaMDMxMTAvBgNV
BAMTKEZDODdFOUUwNjkzMkQ4NjYzQzE3QTdEMEM1MzJDRDQ5NTg0ODMyMDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDazhXN0f6E6GCOD6FhqNbphd5d
KxPTl/MhX/nsOCPd8FMbpPztKeWAcgEkSUnAaUPXPjuF9NaVdZjS/Vd1GE8CkCTc
CaFoFGQl8qHCg+XiABY297J/QunoLut8hLAa1uahnGbHIh/zN89Y6kRvTr4ZNfzD
cCjS1Q8K8meivQfR6FpgJNF5YeYh5vcS/Tv/xb/EE2Gn40vS/zYQUZetDT0x/ARf
PAfq4MKXfg9JZa8fGeIHeKzE0HIgLu6fkmzWtVUxeQPPAAhWpq2uNQyOCrZjWqg9
xGDfzP3P3b59UK+uvjO+/KEGYTrDex6UOcihXU/UdEioLqkxyi0OQNDctnntAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU/Ifp4Gky2GY8F6fQxTLNSVhIMgkwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE0MDI1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjQum
AwQAjQvwMA0GCSqGSIb3DQEBCwUAA4IBAQCoO9T7yJAch/OV+EKV5EEFd7Pun0dx
xtfMiIz5JKd4cojB8uttLco54DGtlppWaE2gXysN4hLA2xA42ZKnHzdUPsb3bXfb
Zv74aHgWFYT/YRPpUBOGo7OXQfYV0zDgr0bfOMs863dyc02qrLjJYb147Xqd/uy2
zqBQHUQ3EMijXmitBSrxpUNwT1Q69E9t3yqgCf2dXuNZKusRdFajZZ3TzhfARLiW
XgTMsr6bNpM9yiO59qCdbD8pXmPsvZT27JhB4t/vOrc0vMKPgQDayFbnAf2NQpT2
Ny35Aoz37ULlUZqaZP1wUOO2bneoiyz3IB8reAcro2X7lNHtefSjFY0x
-----END CERTIFICATE-----