Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214432.roa
File:                     AS214432.roa (raw, json)
Hash identifier:          tYQSopUXrkN/DkColoOqa9Neir/cM7/iUGQSdyfPLUM=
Subject key identifier:   3F:15:E6:16:46:20:C2:E3:D9:DC:A9:2F:0D:D8:9F:73:6C:2E:C8:93
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       26D7D022E0E5BEBD1F4C74BE7113E9CE7A9BDBCD
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214432.roa
Signing time:             Mon 19 May 2025 15:13:47 +0000
ROA not before:           Mon 19 May 2025 15:08:47 +0000
ROA not after:            Mon 18 May 2026 15:13:47 +0000
asID:                     214432
IP address blocks:        178.93.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Jun 2025 20:17:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:d7:d0:22:e0:e5:be:bd:1f:4c:74:be:71:13:e9:ce:7a:9b:db:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: May 19 15:08:47 2025 GMT
            Not After : May 18 15:13:47 2026 GMT
        Subject: CN=3F15E6164620C2E3D9DCA92F0DD89F736C2EC893
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:51:db:de:39:92:b8:c4:ea:49:0e:55:23:ef:
                    72:56:75:52:4d:9a:63:d3:a2:1f:8a:91:9d:3d:ec:
                    3d:6d:fd:73:2f:bd:4b:e8:7a:54:8f:c1:ec:99:d8:
                    9d:e4:ae:c2:c6:36:7d:55:e8:b4:9d:26:4e:bb:6b:
                    95:69:82:ab:c1:d4:16:fa:d4:f2:38:a3:ad:64:37:
                    50:3d:5a:45:c8:f0:e8:d3:5c:9d:0a:eb:a4:9e:8f:
                    30:76:8c:9e:56:27:96:2a:5d:84:eb:75:ad:13:b9:
                    0e:f6:0f:4b:e8:74:68:95:c9:f3:d7:de:6b:85:04:
                    e8:54:8a:f6:3d:c0:d5:3f:58:9f:02:46:51:2a:c8:
                    15:c1:5f:0a:a9:56:5b:98:5b:0b:1c:58:4e:c6:c0:
                    b9:73:d9:2b:42:1f:b3:c4:d0:7b:ba:ec:5a:99:99:
                    dc:6a:45:fa:c7:ce:69:db:9a:65:bf:df:b0:cf:63:
                    f7:34:fc:3a:f3:db:74:65:4e:50:82:68:0d:36:5c:
                    a8:7b:09:7b:d4:f9:c3:33:98:62:89:31:6e:c0:1a:
                    41:81:81:28:67:fc:ca:00:c6:8e:d4:76:e2:75:e8:
                    de:e6:54:4b:00:ea:23:68:64:f2:21:c8:cd:4c:ae:
                    90:c9:05:46:8b:6d:0c:ce:82:b2:e1:c2:6a:c0:94:
                    59:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:15:E6:16:46:20:C2:E3:D9:DC:A9:2F:0D:D8:9F:73:6C:2E:C8:93
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.93.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:42:44:46:2a:be:35:3e:15:95:08:38:7e:db:40:85:e5:37:
         7c:dc:56:ce:20:88:1e:c6:5f:35:f9:be:6a:1e:0a:7b:14:b1:
         ec:c9:b9:f1:75:9f:91:2a:fe:ae:aa:da:43:e7:24:31:29:4d:
         e8:a4:4a:11:62:63:12:76:b4:b0:2e:dc:0a:7a:fe:b0:f9:eb:
         78:67:60:38:61:6f:aa:06:09:15:ef:5d:15:92:35:76:44:86:
         10:1e:d3:86:1a:ae:3f:92:1e:44:c0:57:20:e3:8c:a9:7f:46:
         a4:bc:db:b2:9d:04:91:fe:05:1f:0d:84:e0:93:7f:5a:22:49:
         69:87:e5:7e:b2:d3:2d:27:0b:ab:d2:10:7a:a7:49:47:8d:79:
         00:d0:6a:c3:43:6f:16:c5:bf:40:be:67:b2:27:3d:bf:ac:5e:
         19:e3:0f:5e:5b:2e:fb:c1:47:10:d5:7e:d9:e5:a7:f5:c2:4b:
         44:02:65:1a:14:88:8e:62:11:1b:e8:99:98:22:28:9f:09:42:
         e8:6b:1d:3b:d3:1e:16:9b:33:67:6f:b5:ca:f8:e2:06:18:08:
         4d:25:a3:db:cb:4c:bb:f9:75:2f:96:dd:8d:07:4f:4b:1d:13:
         53:91:dc:15:94:79:d1:86:65:81:8e:43:02:c6:80:de:33:f8:
         ad:3d:f6:09
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUJtfQIuDlvr0fTHS+cRPpznqb280wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA1MTkxNTA4NDdaFw0yNjA1MTgxNTEzNDdaMDMxMTAvBgNV
BAMTKDNGMTVFNjE2NDYyMEMyRTNEOURDQTkyRjBERDg5RjczNkMyRUM4OTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTUdveOZK4xOpJDlUj73JWdVJN
mmPToh+KkZ097D1t/XMvvUvoelSPweyZ2J3krsLGNn1V6LSdJk67a5VpgqvB1Bb6
1PI4o61kN1A9WkXI8OjTXJ0K66SejzB2jJ5WJ5YqXYTrda0TuQ72D0vodGiVyfPX
3muFBOhUivY9wNU/WJ8CRlEqyBXBXwqpVluYWwscWE7GwLlz2StCH7PE0Hu67FqZ
mdxqRfrHzmnbmmW/37DPY/c0/Drz23RlTlCCaA02XKh7CXvU+cMzmGKJMW7AGkGB
gShn/MoAxo7UduJ16N7mVEsA6iNoZPIhyM1MrpDJBUaLbQzOgrLhwmrAlFk/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUPxXmFkYgwuPZ3KkvDdifc2wuyJMwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE0NDMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsl13
MA0GCSqGSIb3DQEBCwUAA4IBAQBrQkRGKr41PhWVCDh+20CF5Td83FbOIIgexl81
+b5qHgp7FLHsybnxdZ+RKv6uqtpD5yQxKU3opEoRYmMSdrSwLtwKev6w+et4Z2A4
YW+qBgkV710VkjV2RIYQHtOGGq4/kh5EwFcg44ypf0akvNuynQSR/gUfDYTgk39a
Iklph+V+stMtJwur0hB6p0lHjXkA0GrDQ28Wxb9AvmeyJz2/rF4Z4w9eWy77wUcQ
1X7Z5af1wktEAmUaFIiOYhEb6JmYIiifCULoax070x4WmzNnb7XK+OIGGAhNJaPb
y0y7+XUvlt2NB09LHRNTkdwVlHnRhmWBjkMCxoDeM/itPfYJ
-----END CERTIFICATE-----