Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214618.roa
File:                     AS214618.roa (raw, json)
Hash identifier:          nn1teouhaYa/dZ62dt6X2lbtdXADwpfhdyxgNnTeiaA=
Subject key identifier:   CF:84:42:39:A3:CC:6A:D7:11:29:CB:B1:FC:CE:73:D2:A7:0D:07:45
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       129A61675BDDF6F712A13F65B61105BA67AB3B26
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214618.roa
Signing time:             Mon 20 Oct 2025 11:42:52 +0000
ROA not before:           Mon 20 Oct 2025 11:37:52 +0000
ROA not after:            Mon 19 Oct 2026 11:42:52 +0000
asID:                     214618
IP address blocks:        92.112.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 Oct 2025 14:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:9a:61:67:5b:dd:f6:f7:12:a1:3f:65:b6:11:05:ba:67:ab:3b:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Oct 20 11:37:52 2025 GMT
            Not After : Oct 19 11:42:52 2026 GMT
        Subject: CN=CF844239A3CC6AD71129CBB1FCCE73D2A70D0745
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:27:0b:84:fa:d2:7c:c2:c4:6d:fc:fe:13:f4:
                    db:ef:01:8a:df:d0:06:33:94:16:66:4c:f1:72:a7:
                    f6:07:c3:09:c9:fe:23:a9:52:22:47:88:46:6a:14:
                    d3:20:cc:a7:5e:cf:11:5b:65:56:48:58:27:4e:d1:
                    89:2b:43:a7:e6:53:8d:09:88:4f:b3:b4:c3:82:e4:
                    41:7e:1a:65:7c:cc:90:77:cb:e9:f8:a2:0f:13:10:
                    5a:6a:21:cd:28:e7:89:bb:be:0b:52:29:48:63:be:
                    af:ce:88:d7:a7:5f:68:75:90:d7:a4:a5:25:98:09:
                    0a:fc:3b:cc:0b:78:04:77:cf:96:52:d1:23:78:e7:
                    50:87:c1:58:53:ed:3a:e2:e5:55:4f:66:3b:1e:fb:
                    10:7e:31:2d:d6:89:61:6c:33:fb:62:ce:28:a7:b7:
                    3e:f1:87:3d:23:bd:8e:ae:cf:47:50:69:69:22:81:
                    cf:f7:9f:12:ea:cd:16:80:c3:d2:5d:0b:0d:b8:9c:
                    eb:06:4e:be:49:9f:c4:d4:d5:7a:8b:44:36:61:70:
                    11:3f:1a:bc:cd:9b:49:1e:8d:52:e7:fd:64:87:d8:
                    ce:f2:ef:45:ef:2d:03:85:d6:4e:46:15:d7:66:23:
                    94:9d:64:c4:00:12:8e:d8:83:61:a4:3a:95:e2:6b:
                    77:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:84:42:39:A3:CC:6A:D7:11:29:CB:B1:FC:CE:73:D2:A7:0D:07:45
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214618.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.112.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:6b:f5:92:7d:04:81:84:e7:6c:8f:0c:5f:f4:40:5c:8e:b0:
         72:a5:80:89:bc:1e:43:ee:16:11:b4:38:2a:13:68:d7:b9:85:
         be:57:17:25:7f:40:98:9f:85:f1:fb:9f:5c:c4:61:76:85:23:
         68:88:17:e5:ca:30:ac:03:e4:10:c7:bb:c3:fd:5a:a6:4e:a1:
         10:7e:82:62:94:fb:7f:04:4a:73:60:d5:fd:37:70:86:eb:ba:
         3f:73:5a:a8:01:89:9c:ee:d6:af:da:21:16:38:ae:84:72:a9:
         f9:cc:88:ee:0c:8e:d6:0d:87:cf:b5:58:9a:a5:fc:2d:f2:b1:
         30:d5:ba:5b:2a:19:e7:cd:88:02:47:4b:43:d1:f8:14:e4:c3:
         6b:18:10:71:99:9a:5e:81:10:b1:f8:05:c3:e9:2c:e9:c1:3f:
         e3:4a:cc:a7:a3:65:40:de:42:59:4d:5c:a0:01:8c:51:af:ce:
         11:da:04:3e:27:1f:1e:10:5d:b4:bb:a9:b2:27:a4:79:8e:52:
         fb:bb:57:de:63:d4:b7:87:d9:7f:30:c6:d5:ee:a3:5c:c3:66:
         5a:2a:9f:de:64:68:ec:c7:ee:00:cc:5a:60:03:05:0a:8e:73:
         5b:1d:fb:b7:62:79:19:6d:a9:bc:dd:06:b0:3a:21:41:43:1b:
         f3:d5:28:b3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUEpphZ1vd9vcSoT9lthEFumerOyYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTEwMjAxMTM3NTJaFw0yNjEwMTkxMTQyNTJaMDMxMTAvBgNV
BAMTKENGODQ0MjM5QTNDQzZBRDcxMTI5Q0JCMUZDQ0U3M0QyQTcwRDA3NDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCJwuE+tJ8wsRt/P4T9NvvAYrf
0AYzlBZmTPFyp/YHwwnJ/iOpUiJHiEZqFNMgzKdezxFbZVZIWCdO0YkrQ6fmU40J
iE+ztMOC5EF+GmV8zJB3y+n4og8TEFpqIc0o54m7vgtSKUhjvq/OiNenX2h1kNek
pSWYCQr8O8wLeAR3z5ZS0SN451CHwVhT7Tri5VVPZjse+xB+MS3WiWFsM/tiziin
tz7xhz0jvY6uz0dQaWkigc/3nxLqzRaAw9JdCw24nOsGTr5Jn8TU1XqLRDZhcBE/
GrzNm0kejVLn/WSH2M7y70XvLQOF1k5GFddmI5SdZMQAEo7Yg2GkOpXia3cZAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUz4RCOaPMatcRKcux/M5z0qcNB0UwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE0NjE4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXHBE
MA0GCSqGSIb3DQEBCwUAA4IBAQAIa/WSfQSBhOdsjwxf9EBcjrBypYCJvB5D7hYR
tDgqE2jXuYW+Vxclf0CYn4Xx+59cxGF2hSNoiBflyjCsA+QQx7vD/VqmTqEQfoJi
lPt/BEpzYNX9N3CG67o/c1qoAYmc7tav2iEWOK6Ecqn5zIjuDI7WDYfPtViapfwt
8rEw1bpbKhnnzYgCR0tD0fgU5MNrGBBxmZpegRCx+AXD6SzpwT/jSsyno2VA3kJZ
TVygAYxRr84R2gQ+Jx8eEF20u6myJ6R5jlL7u1feY9S3h9l/MMbV7qNcw2ZaKp/e
ZGjsx+4AzFpgAwUKjnNbHfu3YnkZbam83QawOiFBQxvz1Siz
-----END CERTIFICATE-----