Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS210661.roa
File:                     AS210661.roa (raw, json)
Hash identifier:          Crioo9hD79Ng6XsyPsYgWc5nXKPPalJUvrbVzta2f80=
Subject key identifier:   73:07:64:D4:33:42:09:38:F1:4D:2C:28:A2:8F:9B:57:D4:F2:14:DC
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       6E769CF13C3E7F211B2188355093ED105501ACFD
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS210661.roa
Signing time:             Thu 09 Oct 2025 00:01:51 +0000
ROA not before:           Wed 08 Oct 2025 23:56:51 +0000
ROA not after:            Thu 08 Oct 2026 00:01:51 +0000
asID:                     210661
IP address blocks:        155.117.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:76:9c:f1:3c:3e:7f:21:1b:21:88:35:50:93:ed:10:55:01:ac:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Oct  8 23:56:51 2025 GMT
            Not After : Oct  8 00:01:51 2026 GMT
        Subject: CN=730764D433420938F14D2C28A28F9B57D4F214DC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:8c:29:3b:4a:de:17:05:14:6f:f3:f9:1b:41:
                    e8:b4:82:51:36:55:52:ca:97:15:c9:ce:b1:62:7e:
                    5e:29:3e:92:df:fc:9f:e0:55:da:be:44:76:29:7a:
                    ee:29:27:bc:69:bb:98:e3:f0:61:aa:8b:9c:39:5c:
                    2a:fa:9b:b0:77:83:79:8e:5a:d4:70:aa:58:22:4d:
                    94:35:b7:ec:1a:8f:5b:04:11:41:26:c3:3a:29:f4:
                    40:a9:03:5c:8a:20:f2:ee:a5:b4:2b:0a:05:34:e8:
                    00:f7:e4:05:6b:46:cf:c4:45:5c:47:40:e5:5f:5a:
                    bc:62:bc:35:6c:59:18:31:0c:d5:26:a1:37:d3:ab:
                    e8:17:72:4b:05:24:c3:59:33:9f:d4:c5:b0:67:1d:
                    1b:46:10:36:8e:f0:62:72:d7:05:39:eb:94:f1:3b:
                    0d:bc:90:e5:df:5c:9a:a5:7e:c0:cf:a2:03:1a:b6:
                    dc:c6:75:c7:e8:68:74:4f:33:65:c7:21:e1:a2:48:
                    26:c4:bb:b2:37:86:de:af:65:1e:36:35:2a:c8:ac:
                    23:1e:1b:2f:c8:0e:1b:0a:a0:20:5d:f3:e1:de:c9:
                    48:63:cc:7b:55:2b:5b:61:9f:a9:22:58:f4:44:21:
                    26:95:d9:7e:2f:f9:68:a8:18:77:96:68:5f:d3:36:
                    ee:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:07:64:D4:33:42:09:38:F1:4D:2C:28:A2:8F:9B:57:D4:F2:14:DC
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS210661.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:47:26:2e:a7:2d:df:3b:e1:0b:81:a6:a8:97:26:2e:69:6d:
         f2:e6:9a:49:b3:ed:78:4a:fa:96:a7:4d:7e:b8:97:a0:2a:3d:
         e1:70:2b:dd:92:b6:1d:95:44:7b:09:f2:f5:2e:71:65:25:8a:
         21:78:12:c7:df:5a:1b:ad:b3:aa:0e:20:47:95:57:86:f9:a0:
         43:62:c7:60:f5:85:24:2f:79:aa:43:0e:b5:c2:c3:58:4e:5d:
         9e:90:d6:8a:15:09:51:ae:ba:11:61:e6:6e:d8:e1:a8:a3:15:
         a4:18:5f:bf:a7:c2:30:e4:b9:17:bd:72:ea:11:13:4f:27:ff:
         82:82:35:82:ef:c5:00:20:d3:61:fa:0e:7a:70:45:dd:00:55:
         dd:53:3f:57:9d:a3:35:6e:7d:53:39:33:df:9c:8c:85:d3:25:
         25:d2:5b:94:29:f8:b5:a4:78:2f:03:07:5f:a7:a0:a7:22:d7:
         67:c0:4f:f8:7e:a7:4d:6e:51:97:31:a7:5d:bf:7e:58:04:74:
         7e:47:92:a8:97:1d:9f:cd:be:d9:c7:c8:5c:8d:30:cd:7c:32:
         5a:da:0e:59:5e:72:21:bb:26:4b:ce:6e:da:73:2b:e7:c6:69:
         6c:eb:ab:d1:be:37:ba:64:03:91:1e:be:2b:87:10:f8:2f:e9:
         ef:e9:af:1b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUbnac8Tw+fyEbIYg1UJPtEFUBrP0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEwMDgyMzU2NTFaFw0yNjEwMDgwMDAxNTFaMDMxMTAvBgNV
BAMTKDczMDc2NEQ0MzM0MjA5MzhGMTREMkMyOEEyOEY5QjU3RDRGMjE0REMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLjCk7St4XBRRv8/kbQei0glE2
VVLKlxXJzrFifl4pPpLf/J/gVdq+RHYpeu4pJ7xpu5jj8GGqi5w5XCr6m7B3g3mO
WtRwqlgiTZQ1t+waj1sEEUEmwzop9ECpA1yKIPLupbQrCgU06AD35AVrRs/ERVxH
QOVfWrxivDVsWRgxDNUmoTfTq+gXcksFJMNZM5/UxbBnHRtGEDaO8GJy1wU565Tx
Ow28kOXfXJqlfsDPogMattzGdcfoaHRPM2XHIeGiSCbEu7I3ht6vZR42NSrIrCMe
Gy/IDhsKoCBd8+HeyUhjzHtVK1thn6kiWPREISaV2X4v+WioGHeWaF/TNu7LAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUcwdk1DNCCTjxTSwooo+bV9TyFNwwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjEwNjYxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAm3VX
MA0GCSqGSIb3DQEBCwUAA4IBAQBrRyYupy3fO+ELgaaolyYuaW3y5ppJs+14SvqW
p01+uJegKj3hcCvdkrYdlUR7CfL1LnFlJYoheBLH31obrbOqDiBHlVeG+aBDYsdg
9YUkL3mqQw61wsNYTl2ekNaKFQlRrroRYeZu2OGooxWkGF+/p8Iw5LkXvXLqERNP
J/+CgjWC78UAINNh+g56cEXdAFXdUz9XnaM1bn1TOTPfnIyF0yUl0luUKfi1pHgv
Awdfp6CnItdnwE/4fqdNblGXMaddv35YBHR+R5Kolx2fzb7Zx8hcjTDNfDJa2g5Z
XnIhuyZLzm7acyvnxmls66vRvje6ZAORHr4rhxD4L+nv6a8b
-----END CERTIFICATE-----
Generated at Mon Oct 20 00:41:09 2025 by rpki-client