Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214432.roa
File:                     AS214432.roa (raw, json)
Hash identifier:          5VyszAS8ZUyL4XbjW/I4aSlxhRrbXDeSqnY5R56M368=
Subject key identifier:   82:1E:70:7B:08:24:D9:87:E6:1A:C1:D9:24:F8:A0:10:4B:EE:2E:F3
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       44DE2FF864865A421FFB01E3D43BE599F7804F1C
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214432.roa
Signing time:             Sun 08 Feb 2026 03:28:05 +0000
ROA not before:           Sun 08 Feb 2026 03:23:05 +0000
ROA not after:            Sun 07 Feb 2027 03:28:05 +0000
asID:                     214432
IP address blocks:        178.95.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 24 Feb 2026 15:38:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:de:2f:f8:64:86:5a:42:1f:fb:01:e3:d4:3b:e5:99:f7:80:4f:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Feb  8 03:23:05 2026 GMT
            Not After : Feb  7 03:28:05 2027 GMT
        Subject: CN=821E707B0824D987E61AC1D924F8A0104BEE2EF3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:cc:5e:d1:d7:59:5e:d6:81:74:a9:8a:53:4b:
                    7b:58:6b:87:81:c8:62:45:7d:e4:3f:f2:75:62:1f:
                    5e:ee:47:97:34:3e:a0:96:4b:e7:57:aa:a3:c1:28:
                    19:a5:40:ea:d9:70:c4:2b:38:60:63:d9:46:a7:b1:
                    76:6b:e7:17:61:8d:50:55:0d:08:69:44:3f:e0:e9:
                    7d:59:b5:6c:2b:c9:6d:a9:e2:a3:ff:9f:7c:1d:9b:
                    ef:d0:65:b6:ea:7e:eb:e9:ae:ca:05:c8:aa:69:c9:
                    41:4e:62:a0:88:d1:aa:24:ee:07:13:ce:13:c6:ef:
                    01:77:f0:3e:f9:01:31:18:6e:88:66:34:c7:1c:3d:
                    19:02:3f:97:3c:5d:7b:0d:c8:23:99:c4:52:78:01:
                    53:cc:4a:be:8a:13:e6:fe:77:4a:1f:16:63:1a:9e:
                    f4:9e:2b:f1:49:6a:81:b7:0f:cf:9b:62:27:f6:12:
                    80:df:38:9a:db:6b:9a:79:f2:c1:35:01:e9:86:6b:
                    67:9c:3d:03:b5:fa:42:72:90:68:71:93:21:98:ac:
                    49:1f:db:a1:0e:4c:00:1e:03:68:e4:5f:e0:f1:eb:
                    bf:c5:84:f9:89:d8:38:3a:cd:c9:bd:c6:3b:38:07:
                    f2:6d:b1:0e:e1:83:55:25:96:5d:34:ac:f0:da:3b:
                    bb:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:1E:70:7B:08:24:D9:87:E6:1A:C1:D9:24:F8:A0:10:4B:EE:2E:F3
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.95.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:42:cd:c6:b4:c3:34:7e:82:a2:30:0c:05:46:d5:27:d3:96:
         53:e8:05:17:50:ca:81:11:81:08:8c:97:bf:92:68:2a:e1:04:
         0c:5c:72:c0:05:6d:8b:17:7e:e7:90:8c:61:25:bb:33:e4:be:
         98:34:b0:8c:d5:d0:98:27:75:4b:99:33:a6:35:30:90:e3:5b:
         5e:e3:67:00:cd:49:33:9b:f2:2a:d1:5a:ce:c9:e4:70:ef:16:
         6d:f5:ef:b5:34:e4:be:ba:23:1d:91:21:bf:70:c0:b4:f4:6a:
         e1:47:74:04:dc:bc:be:06:f9:0c:ad:12:96:5c:8e:d8:e4:3e:
         9d:f2:67:ab:d0:e2:b7:8a:65:e2:e9:eb:1e:c4:ca:a3:c0:f4:
         f5:6d:9f:a8:7b:56:aa:d2:19:c6:63:cf:eb:8a:28:c4:eb:9a:
         97:70:9d:06:fd:56:2f:52:6b:76:dd:79:d8:9d:d9:94:c9:50:
         91:25:3b:e3:d5:ee:d5:82:e1:bc:d3:a9:a9:d7:7a:aa:a9:a8:
         29:9d:34:36:08:fa:b3:bb:de:e9:e4:43:6e:c7:94:20:37:70:
         53:d8:63:ea:c7:83:fc:b7:34:c7:35:4d:bd:27:68:8b:bc:33:
         85:41:fe:4f:cb:49:38:3a:79:38:70:45:bb:b2:30:73:44:78:
         41:0b:92:51
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURN4v+GSGWkIf+wHj1DvlmfeATxwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjAyMDgwMzIzMDVaFw0yNzAyMDcwMzI4MDVaMDMxMTAvBgNV
BAMTKDgyMUU3MDdCMDgyNEQ5ODdFNjFBQzFEOTI0RjhBMDEwNEJFRTJFRjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLzF7R11le1oF0qYpTS3tYa4eB
yGJFfeQ/8nViH17uR5c0PqCWS+dXqqPBKBmlQOrZcMQrOGBj2UansXZr5xdhjVBV
DQhpRD/g6X1ZtWwryW2p4qP/n3wdm+/QZbbqfuvprsoFyKppyUFOYqCI0aok7gcT
zhPG7wF38D75ATEYbohmNMccPRkCP5c8XXsNyCOZxFJ4AVPMSr6KE+b+d0ofFmMa
nvSeK/FJaoG3D8+bYif2EoDfOJrba5p58sE1AemGa2ecPQO1+kJykGhxkyGYrEkf
26EOTAAeA2jkX+Dx67/FhPmJ2Dg6zcm9xjs4B/JtsQ7hg1Ulll00rPDaO7unAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUgh5wewgk2YfmGsHZJPigEEvuLvMwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE0NDMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsl+X
MA0GCSqGSIb3DQEBCwUAA4IBAQCiQs3GtMM0foKiMAwFRtUn05ZT6AUXUMqBEYEI
jJe/kmgq4QQMXHLABW2LF37nkIxhJbsz5L6YNLCM1dCYJ3VLmTOmNTCQ41te42cA
zUkzm/Iq0VrOyeRw7xZt9e+1NOS+uiMdkSG/cMC09GrhR3QE3Ly+BvkMrRKWXI7Y
5D6d8mer0OK3imXi6esexMqjwPT1bZ+oe1aq0hnGY8/riijE65qXcJ0G/VYvUmt2
3XnYndmUyVCRJTvj1e7VguG806mp13qqqagpnTQ2CPqzu97p5ENux5QgN3BT2GPq
x4P8tzTHNU29J2iLvDOFQf5Py0k4Onk4cEW7sjBzRHhBC5JR
-----END CERTIFICATE-----