Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214654.roa
File:                     AS214654.roa (raw, json)
Hash identifier:          4DC6oEtCZbPsF4rWvRecPHzv7qZmke8m2QsTMORE2ao=
Subject key identifier:   A8:CE:C4:7E:AA:64:35:66:4B:67:D5:F6:C3:72:E1:FC:9B:BB:D4:CD
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       2199E1ADCE96991D54E8FB626CFEBB5BE7AB5301
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214654.roa
Signing time:             Fri 01 May 2026 00:09:15 +0000
ROA not before:           Fri 01 May 2026 00:04:15 +0000
ROA not after:            Fri 30 Apr 2027 00:09:15 +0000
asID:                     214654
IP address blocks:        46.203.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 04:43:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:99:e1:ad:ce:96:99:1d:54:e8:fb:62:6c:fe:bb:5b:e7:ab:53:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: May  1 00:04:15 2026 GMT
            Not After : Apr 30 00:09:15 2027 GMT
        Subject: CN=A8CEC47EAA6435664B67D5F6C372E1FC9BBBD4CD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:4d:fe:de:2c:1b:12:05:8c:c6:b4:36:53:64:
                    d0:38:81:42:21:fc:5c:d4:fa:8b:ea:c1:b7:00:38:
                    c4:95:19:56:53:5f:fc:68:5b:81:29:f7:1e:59:bf:
                    8b:a6:ef:39:f0:90:89:a5:33:e7:a4:f3:be:cd:24:
                    f5:fa:45:f1:e3:ed:5b:6e:11:2d:14:e5:ae:8e:99:
                    36:49:fb:ba:33:5e:ec:36:51:87:e2:b8:f7:98:bc:
                    1f:57:f9:a9:10:de:25:93:ef:22:1f:80:6c:47:1e:
                    92:01:87:84:95:b7:d3:96:37:95:da:1c:48:43:e1:
                    0a:92:42:a9:a5:e8:a2:c5:4f:87:d9:ce:f5:ea:48:
                    98:16:0d:45:73:14:7f:aa:23:f5:dd:25:20:6a:b8:
                    eb:8f:85:4b:1e:2a:bd:75:ad:7e:c9:f7:3c:db:4c:
                    17:a4:4e:bf:9a:99:2c:6b:a1:2d:8d:e4:8d:51:b1:
                    4b:6a:d6:96:9d:ee:e5:81:e7:48:ec:6f:53:7d:06:
                    27:da:b2:5f:01:e3:3a:3e:c2:b0:2f:d3:96:83:9f:
                    3d:9c:0c:0c:2c:60:29:6e:5f:f8:99:54:35:ff:34:
                    8d:05:23:1b:97:ec:7d:81:0a:fc:0e:2a:dd:99:88:
                    43:e7:b4:c1:a6:fa:9d:8e:f0:4a:6c:73:46:e0:ba:
                    c4:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:CE:C4:7E:AA:64:35:66:4B:67:D5:F6:C3:72:E1:FC:9B:BB:D4:CD
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214654.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.203.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:11:48:a9:d7:33:72:49:bc:ea:fc:89:c5:61:43:e3:47:e1:
         98:ca:74:5f:84:53:01:79:68:77:d8:17:f1:7c:ea:27:48:e3:
         7b:c6:72:a1:c5:f8:46:bb:fb:1f:38:8f:e4:48:b7:d2:31:99:
         ae:69:a6:a0:36:aa:d9:d7:ed:b9:85:60:cd:46:62:a6:a3:93:
         c2:6a:1c:74:ca:d3:61:be:76:ca:9e:fa:19:15:a2:51:c5:d7:
         76:5a:34:24:94:1b:bd:1e:e1:32:0c:fa:a7:6d:9d:91:3a:4e:
         f8:bc:18:df:67:6c:67:9f:d8:36:ca:13:de:94:e1:12:d4:5a:
         34:1e:88:94:29:8b:58:ba:f3:2e:0e:8f:1b:21:78:a6:c2:8a:
         ae:d7:ca:77:bf:c9:82:1a:c8:4d:40:f1:cd:57:b7:0e:37:c1:
         3a:2e:e8:66:1c:82:f0:f1:86:bc:f8:06:9c:75:16:97:0b:ab:
         94:2c:67:b9:9b:fb:7a:82:62:24:c8:5f:d0:d9:95:dc:d0:58:
         ce:2f:cf:83:db:35:bd:66:2a:77:25:87:8e:26:1f:ab:d8:8e:
         c2:7d:ac:cc:08:2e:f5:0f:05:30:7e:7d:51:b4:63:52:94:b6:
         c1:3f:28:24:fd:fc:d7:f3:5d:16:56:ed:15:09:c0:b9:39:74:
         36:a4:8b:08
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUIZnhrc6WmR1U6PtibP67W+erUwEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA1MDEwMDA0MTVaFw0yNzA0MzAwMDA5MTVaMDMxMTAvBgNV
BAMTKEE4Q0VDNDdFQUE2NDM1NjY0QjY3RDVGNkMzNzJFMUZDOUJCQkQ0Q0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhTf7eLBsSBYzGtDZTZNA4gUIh
/FzU+ovqwbcAOMSVGVZTX/xoW4Ep9x5Zv4um7znwkImlM+ek877NJPX6RfHj7Vtu
ES0U5a6OmTZJ+7ozXuw2UYfiuPeYvB9X+akQ3iWT7yIfgGxHHpIBh4SVt9OWN5Xa
HEhD4QqSQqml6KLFT4fZzvXqSJgWDUVzFH+qI/XdJSBquOuPhUseKr11rX7J9zzb
TBekTr+amSxroS2N5I1RsUtq1pad7uWB50jsb1N9Bifasl8B4zo+wrAv05aDnz2c
DAwsYCluX/iZVDX/NI0FIxuX7H2BCvwOKt2ZiEPntMGm+p2O8Epsc0bgusSTAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUqM7EfqpkNWZLZ9X2w3Lh/Ju71M0wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE0NjU0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALsvL
MA0GCSqGSIb3DQEBCwUAA4IBAQADEUip1zNySbzq/InFYUPjR+GYynRfhFMBeWh3
2BfxfOonSON7xnKhxfhGu/sfOI/kSLfSMZmuaaagNqrZ1+25hWDNRmKmo5PCahx0
ytNhvnbKnvoZFaJRxdd2WjQklBu9HuEyDPqnbZ2ROk74vBjfZ2xnn9g2yhPelOES
1Fo0HoiUKYtYuvMuDo8bIXimwoqu18p3v8mCGshNQPHNV7cON8E6LuhmHILw8Ya8
+AacdRaXC6uULGe5m/t6gmIkyF/Q2ZXc0FjOL8+D2zW9Zip3JYeOJh+r2I7CfazM
CC71DwUwfn1RtGNSlLbBPygk/fzX810WVu0VCcC5OXQ2pIsI
-----END CERTIFICATE-----