Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214366.roa
File:                     AS214366.roa (raw, json)
Hash identifier:          vPGKku4/FbtPcXaae0AucsxwTGeq44dgaF9rViqIPYo=
Subject key identifier:   A9:0B:BB:D5:47:62:A3:87:71:DD:33:B0:AB:40:B5:43:2E:71:0F:83
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       5441605BBD69E31DE50E13AB391C951AC13B4DEC
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214366.roa
Signing time:             Wed 10 Sep 2025 17:10:54 +0000
ROA not before:           Wed 10 Sep 2025 17:05:54 +0000
ROA not after:            Wed 09 Sep 2026 17:10:54 +0000
asID:                     214366
IP address blocks:        95.135.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 16 Sep 2025 13:46:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:41:60:5b:bd:69:e3:1d:e5:0e:13:ab:39:1c:95:1a:c1:3b:4d:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Sep 10 17:05:54 2025 GMT
            Not After : Sep  9 17:10:54 2026 GMT
        Subject: CN=A90BBBD54762A38771DD33B0AB40B5432E710F83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:cd:e6:c7:1a:f1:67:29:33:09:56:cb:5d:55:
                    7b:19:3f:48:54:8c:d6:b8:34:13:f3:a1:1d:42:1d:
                    d5:20:00:05:fb:a8:b4:fa:09:1b:06:2a:ec:3c:0f:
                    3f:f4:5b:41:a6:cc:ba:a7:ff:44:da:80:95:2e:d1:
                    52:90:b7:c9:c5:4a:c7:cc:9a:c5:74:f8:a9:33:99:
                    e4:77:4b:a0:ed:87:36:80:ff:07:f6:08:ca:f9:c3:
                    4d:6a:46:35:90:b1:29:54:6a:cd:eb:d5:9c:d7:27:
                    5f:66:f3:1e:b2:00:c3:c7:cc:c0:d1:0f:a8:0f:bc:
                    f9:2d:0e:f7:41:18:ed:6a:72:05:ea:c3:45:de:dd:
                    de:63:3c:b2:e1:e9:62:8c:65:0c:30:41:4a:16:ed:
                    31:8c:ea:f6:db:04:eb:48:ee:b6:1f:70:b1:ca:4e:
                    3e:2e:fe:0f:3b:86:67:f8:2b:63:b2:9d:b2:65:d9:
                    ae:a7:e5:f8:d3:0c:d1:06:85:73:c9:70:88:f9:c2:
                    6e:dc:29:f7:25:ad:84:71:ab:6a:2a:c3:26:cd:d3:
                    29:cf:6e:9a:4d:7b:cc:84:31:0f:29:74:ec:7e:60:
                    09:9f:c4:8a:97:fe:12:02:9c:a5:09:69:52:da:43:
                    7e:92:77:3d:4a:5c:e1:75:3c:d0:3a:62:1c:41:b5:
                    d5:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:0B:BB:D5:47:62:A3:87:71:DD:33:B0:AB:40:B5:43:2E:71:0F:83
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214366.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.135.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:ff:08:02:f8:9a:97:37:7f:d9:44:89:07:34:a9:c6:30:dc:
         b6:bc:10:24:47:cf:49:56:c2:99:06:19:8b:2e:1d:cd:3a:de:
         5d:55:8d:c9:6d:7e:b1:3b:6c:b3:bf:89:c6:ee:3f:0d:84:ef:
         5d:21:05:13:5e:0c:94:16:3a:a8:69:33:28:93:fc:b0:ce:cd:
         3d:2b:d8:6f:27:60:98:89:48:3c:7d:0b:19:7b:e4:77:26:59:
         d3:74:90:c8:6b:26:fc:59:8b:5b:0d:55:79:4f:a4:39:77:f6:
         b7:ae:2e:39:b6:21:c8:89:7a:bc:33:53:50:36:c9:3e:07:04:
         4c:1c:32:df:c2:ea:c5:7f:4a:2b:03:17:7b:21:f5:f8:48:5d:
         2c:f3:f9:62:b1:aa:56:f9:dd:09:99:a0:d2:28:ce:e4:3d:5e:
         ef:1f:ac:be:84:8e:ca:b1:03:d3:92:64:08:d1:1b:aa:43:71:
         cf:0d:2c:5d:4b:f4:9a:c8:fc:3d:e8:24:e7:69:38:5b:60:39:
         b2:db:b3:b7:f9:82:21:b6:10:30:8e:a8:4a:41:2f:a2:97:af:
         03:fb:87:f7:f7:1f:60:0b:8a:98:f7:1a:1a:2d:61:39:35:aa:
         39:c3:2d:e7:03:d7:2b:25:a7:20:c3:40:f8:bd:f9:38:3c:b5:
         4d:0f:7d:94
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUVEFgW71p4x3lDhOrORyVGsE7TewwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA5MTAxNzA1NTRaFw0yNjA5MDkxNzEwNTRaMDMxMTAvBgNV
BAMTKEE5MEJCQkQ1NDc2MkEzODc3MUREMzNCMEFCNDBCNTQzMkU3MTBGODMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuzebHGvFnKTMJVstdVXsZP0hU
jNa4NBPzoR1CHdUgAAX7qLT6CRsGKuw8Dz/0W0GmzLqn/0TagJUu0VKQt8nFSsfM
msV0+KkzmeR3S6DthzaA/wf2CMr5w01qRjWQsSlUas3r1ZzXJ19m8x6yAMPHzMDR
D6gPvPktDvdBGO1qcgXqw0Xe3d5jPLLh6WKMZQwwQUoW7TGM6vbbBOtI7rYfcLHK
Tj4u/g87hmf4K2OynbJl2a6n5fjTDNEGhXPJcIj5wm7cKfclrYRxq2oqwybN0ynP
bppNe8yEMQ8pdOx+YAmfxIqX/hICnKUJaVLaQ36Sdz1KXOF1PNA6YhxBtdVZAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUqQu71Udio4dx3TOwq0C1Qy5xD4MwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE0MzY2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4d+
MA0GCSqGSIb3DQEBCwUAA4IBAQA1/wgC+JqXN3/ZRIkHNKnGMNy2vBAkR89JVsKZ
BhmLLh3NOt5dVY3JbX6xO2yzv4nG7j8NhO9dIQUTXgyUFjqoaTMok/ywzs09K9hv
J2CYiUg8fQsZe+R3JlnTdJDIayb8WYtbDVV5T6Q5d/a3ri45tiHIiXq8M1NQNsk+
BwRMHDLfwurFf0orAxd7IfX4SF0s8/lisapW+d0JmaDSKM7kPV7vH6y+hI7KsQPT
kmQI0RuqQ3HPDSxdS/SayPw96CTnaThbYDmy27O3+YIhthAwjqhKQS+il68D+4f3
9x9gC4qY9xoaLWE5Nao5wy3nA9crJacgw0D4vfk4PLVND32U
-----END CERTIFICATE-----