Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS210356.roa
File:                     AS210356.roa (raw, json)
Hash identifier:          oB0WsOVkxruToevTIGua0tuX+p5OwHq1AsgHLD7y3ek=
Subject key identifier:   CB:8C:4F:A9:CB:F4:01:E3:04:5F:25:68:63:93:D3:25:B3:DB:BD:D8
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       30266C634980C1A3A35F19C61785ACA2F7B75DDA
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS210356.roa
Signing time:             Thu 19 Mar 2026 15:28:30 +0000
ROA not before:           Thu 19 Mar 2026 15:23:30 +0000
ROA not after:            Thu 18 Mar 2027 15:28:30 +0000
asID:                     210356
IP address blocks:        167.148.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:26:6c:63:49:80:c1:a3:a3:5f:19:c6:17:85:ac:a2:f7:b7:5d:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar 19 15:23:30 2026 GMT
            Not After : Mar 18 15:28:30 2027 GMT
        Subject: CN=CB8C4FA9CBF401E3045F25686393D325B3DBBDD8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:fd:4a:66:47:2b:98:33:8c:13:85:bc:8c:f3:
                    23:b9:65:f3:e2:5e:12:3a:38:2d:fa:b3:e7:1a:55:
                    cd:f6:12:b6:7b:a8:bd:03:f9:04:e8:16:6a:e2:77:
                    a0:58:42:15:73:6f:69:30:9c:24:f6:b3:a7:42:9f:
                    cb:81:e0:fc:e3:91:35:c1:17:57:f3:b8:c9:3b:9d:
                    80:56:0d:54:d5:a9:7a:59:91:2a:56:01:05:35:68:
                    2c:bc:17:57:76:0b:c4:87:71:6b:f0:2b:97:8a:dd:
                    07:cb:3e:ff:91:ad:75:90:df:c5:f4:5a:a2:39:44:
                    2c:d1:87:fd:1a:2c:35:71:97:cf:dd:2d:38:a8:c0:
                    c3:a4:fa:a3:4b:8c:e9:41:3e:b7:9c:96:93:1f:6f:
                    d0:92:74:b1:78:d4:4c:79:7d:de:ee:de:8a:4b:04:
                    e9:44:a3:4e:06:63:39:c2:c5:0f:ea:56:f9:26:6b:
                    b6:47:95:fd:40:ae:07:1f:26:55:7e:9a:c9:a4:4a:
                    35:b5:52:20:dd:7a:9f:4b:03:36:de:5e:59:61:84:
                    fc:ad:ad:75:4f:d5:72:37:30:20:f5:d9:d4:f4:84:
                    76:b4:a7:84:91:9f:6d:57:cf:05:29:e9:29:77:be:
                    db:60:ad:f3:ad:c3:d7:ef:cf:df:3e:f6:b0:20:da:
                    0e:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:8C:4F:A9:CB:F4:01:E3:04:5F:25:68:63:93:D3:25:B3:DB:BD:D8
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS210356.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.148.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:05:e4:90:0e:89:9a:13:14:fc:ff:7a:dd:48:8e:ce:fe:69:
         9c:31:56:6c:3d:43:20:a0:6b:c4:37:84:7e:01:8d:21:2a:5d:
         57:3c:56:d3:64:87:53:98:fe:70:52:3e:20:8c:e3:c9:2f:1b:
         4f:21:3b:bd:fe:43:2e:82:93:80:12:3c:f5:01:20:d0:6d:0d:
         51:fe:68:2b:d9:0d:c3:de:4c:27:b7:cb:80:68:61:cd:eb:b0:
         af:26:bb:99:7b:a4:57:a4:f9:04:73:d6:df:2f:6d:ae:97:c5:
         c3:11:49:36:56:f7:66:09:e3:fb:69:0e:9b:5e:03:77:f9:e6:
         a9:14:83:9c:59:1a:df:6a:4c:0d:de:3e:ca:3d:8e:43:f0:9d:
         06:e2:89:27:38:58:02:22:04:58:89:97:43:3d:57:49:50:5c:
         29:a2:00:dc:c4:1e:a3:6d:ad:fa:43:96:fc:95:6f:09:44:aa:
         2b:2b:d7:56:e3:fa:ba:2d:1b:20:fb:d4:b1:21:f7:7a:0b:5c:
         75:fd:89:6e:06:d1:70:75:35:6b:bd:f5:f4:ec:44:38:33:e8:
         42:6a:fa:4a:c0:36:58:c8:bb:83:7b:aa:0a:41:04:22:c2:b8:
         94:a7:dd:23:ed:c2:35:9c:fd:7a:42:84:40:ff:37:f0:ce:57:
         98:84:6e:be
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUMCZsY0mAwaOjXxnGF4Wsove3XdowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMTkxNTIzMzBaFw0yNzAzMTgxNTI4MzBaMDMxMTAvBgNV
BAMTKENCOEM0RkE5Q0JGNDAxRTMwNDVGMjU2ODYzOTNEMzI1QjNEQkJERDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDR/UpmRyuYM4wThbyM8yO5ZfPi
XhI6OC36s+caVc32ErZ7qL0D+QToFmrid6BYQhVzb2kwnCT2s6dCn8uB4PzjkTXB
F1fzuMk7nYBWDVTVqXpZkSpWAQU1aCy8F1d2C8SHcWvwK5eK3QfLPv+RrXWQ38X0
WqI5RCzRh/0aLDVxl8/dLTiowMOk+qNLjOlBPreclpMfb9CSdLF41Ex5fd7u3opL
BOlEo04GYznCxQ/qVvkma7ZHlf1ArgcfJlV+msmkSjW1UiDdep9LAzbeXllhhPyt
rXVP1XI3MCD12dT0hHa0p4SRn21XzwUp6Sl3vttgrfOtw9fvz98+9rAg2g4FAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUy4xPqcv0AeMEXyVoY5PTJbPbvdgwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjEwMzU2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAp5Sh
MA0GCSqGSIb3DQEBCwUAA4IBAQCdBeSQDomaExT8/3rdSI7O/mmcMVZsPUMgoGvE
N4R+AY0hKl1XPFbTZIdTmP5wUj4gjOPJLxtPITu9/kMugpOAEjz1ASDQbQ1R/mgr
2Q3D3kwnt8uAaGHN67CvJruZe6RXpPkEc9bfL22ul8XDEUk2VvdmCeP7aQ6bXgN3
+eapFIOcWRrfakwN3j7KPY5D8J0G4oknOFgCIgRYiZdDPVdJUFwpogDcxB6jba36
Q5b8lW8JRKorK9dW4/q6LRsg+9SxIfd6C1x1/YluBtFwdTVrvfX07EQ4M+hCavpK
wDZYyLuDe6oKQQQiwriUp90j7cI1nP16QoRA/zfwzleYhG6+
-----END CERTIFICATE-----