Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214478.roa
File:                     AS214478.roa (raw, json)
Hash identifier:          eOW1vrg0/PoferQNYeg1TZ425fB+cG8u7Bz/urYG7Zs=
Subject key identifier:   A6:94:B0:B1:63:09:26:45:5B:95:C5:1D:98:06:FB:02:79:98:9B:D1
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       3FF05AD6BB187FDF041A7B47C60E736FDF2F3EFF
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214478.roa
Signing time:             Sat 13 Sep 2025 13:45:06 +0000
ROA not before:           Sat 13 Sep 2025 13:40:06 +0000
ROA not after:            Sat 12 Sep 2026 13:45:06 +0000
asID:                     214478
IP address blocks:        95.134.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 16 Sep 2025 13:46:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:f0:5a:d6:bb:18:7f:df:04:1a:7b:47:c6:0e:73:6f:df:2f:3e:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Sep 13 13:40:06 2025 GMT
            Not After : Sep 12 13:45:06 2026 GMT
        Subject: CN=A694B0B1630926455B95C51D9806FB0279989BD1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:9b:ad:c0:de:d2:61:17:ae:f7:de:72:6f:62:
                    f9:f9:c1:48:de:fc:91:fd:5d:c6:4d:05:0f:41:94:
                    e0:a4:1e:86:9a:61:fe:fb:7c:31:8f:ee:d2:6f:f4:
                    3b:2e:fa:0a:15:83:ff:d5:ff:39:ea:cf:bb:ba:b6:
                    10:ec:36:30:02:e8:5c:4c:db:ea:27:2b:37:fe:a9:
                    2d:24:93:8c:3b:39:73:6d:73:c6:c4:ed:ab:ff:61:
                    7b:c0:44:f9:70:ef:2d:82:8d:65:e7:96:c0:a0:8f:
                    01:2e:07:58:60:9d:a8:00:cd:b6:18:fd:ee:ed:d4:
                    ad:f0:b4:9d:15:ae:5a:08:16:58:32:39:bc:c6:91:
                    6c:76:e3:b2:1e:0a:20:2d:b5:f1:2c:a7:58:2d:59:
                    bb:c1:5a:cb:6a:42:36:8c:48:87:a7:ff:a3:d3:d0:
                    98:2e:bc:90:ea:77:07:49:eb:db:ae:73:6d:9a:5f:
                    22:62:36:a5:06:8d:46:20:93:56:2d:4f:b1:4d:87:
                    bf:1b:5a:0f:6d:26:56:95:5b:d7:82:bc:39:73:b0:
                    b7:67:ba:63:eb:3e:bb:21:1f:24:9c:4d:19:ed:08:
                    d5:72:98:16:5c:71:0c:80:ae:71:f7:3d:fe:86:15:
                    93:68:ae:17:47:93:d8:32:1d:6f:5e:0b:14:90:95:
                    a9:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:94:B0:B1:63:09:26:45:5B:95:C5:1D:98:06:FB:02:79:98:9B:D1
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214478.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.134.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:d1:46:4a:f7:b4:82:12:43:a6:17:fb:6e:9a:a3:97:5c:52:
         7d:a1:5c:b1:af:d9:c6:01:07:66:c9:ba:cd:a0:2c:cb:3e:38:
         cc:54:e6:1e:27:48:05:9e:54:59:89:0e:8f:59:45:81:90:8a:
         f9:68:f8:1f:fa:d1:57:dc:b5:73:11:d8:07:06:00:03:d3:2d:
         e0:6a:d1:2e:4e:f2:fb:e1:a9:52:55:d5:97:0d:94:75:a0:55:
         87:52:16:70:1f:c7:5a:0b:36:4f:d3:2b:94:dc:b1:17:5d:ee:
         c3:42:0a:bf:a0:e6:94:f6:76:12:0e:c6:55:13:82:f8:8c:77:
         cf:31:72:91:71:06:f0:b9:8b:0f:d0:bd:e1:41:8c:ad:57:b4:
         18:28:95:f7:51:8f:f8:ca:ca:ed:72:14:36:85:17:6c:cd:64:
         0c:58:bb:40:bf:70:4e:c6:3e:c0:a8:1a:10:26:72:eb:66:ff:
         c7:bf:f1:e9:e3:5c:a1:21:79:c4:81:d5:27:4c:af:3c:34:d5:
         aa:68:c9:b2:34:08:f0:6f:03:c5:44:10:58:b0:bc:9f:95:1b:
         f5:45:2b:34:47:db:e1:70:66:58:3c:93:64:e9:19:9a:99:5c:
         76:b1:9d:c7:14:06:9d:5b:8c:e7:f9:4c:47:e8:19:8f:cf:3c:
         a9:0a:81:8b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUP/Ba1rsYf98EGntHxg5zb98vPv8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA5MTMxMzQwMDZaFw0yNjA5MTIxMzQ1MDZaMDMxMTAvBgNV
BAMTKEE2OTRCMEIxNjMwOTI2NDU1Qjk1QzUxRDk4MDZGQjAyNzk5ODlCRDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSm63A3tJhF6733nJvYvn5wUje
/JH9XcZNBQ9BlOCkHoaaYf77fDGP7tJv9Dsu+goVg//V/znqz7u6thDsNjAC6FxM
2+onKzf+qS0kk4w7OXNtc8bE7av/YXvARPlw7y2CjWXnlsCgjwEuB1hgnagAzbYY
/e7t1K3wtJ0VrloIFlgyObzGkWx247IeCiAttfEsp1gtWbvBWstqQjaMSIen/6PT
0JguvJDqdwdJ69uuc22aXyJiNqUGjUYgk1YtT7FNh78bWg9tJlaVW9eCvDlzsLdn
umPrPrshHyScTRntCNVymBZccQyArnH3Pf6GFZNorhdHk9gyHW9eCxSQlanvAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUppSwsWMJJkVblcUdmAb7AnmYm9EwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE0NDc4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4YA
MA0GCSqGSIb3DQEBCwUAA4IBAQBU0UZK97SCEkOmF/tumqOXXFJ9oVyxr9nGAQdm
ybrNoCzLPjjMVOYeJ0gFnlRZiQ6PWUWBkIr5aPgf+tFX3LVzEdgHBgAD0y3gatEu
TvL74alSVdWXDZR1oFWHUhZwH8daCzZP0yuU3LEXXe7DQgq/oOaU9nYSDsZVE4L4
jHfPMXKRcQbwuYsP0L3hQYytV7QYKJX3UY/4ysrtchQ2hRdszWQMWLtAv3BOxj7A
qBoQJnLrZv/Hv/Hp41yhIXnEgdUnTK88NNWqaMmyNAjwbwPFRBBYsLyflRv1RSs0
R9vhcGZYPJNk6RmamVx2sZ3HFAadW4zn+UxH6BmPzzypCoGL
-----END CERTIFICATE-----