Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS211440.roa
File:                     AS211440.roa (raw, json)
Hash identifier:          Duaw8tqXx1IFvc/fULacIy+VmYTzLK3GWJb2att1JMo=
Subject key identifier:   07:FA:EA:F0:E7:43:12:10:63:51:2B:AA:08:D0:91:41:4D:82:0A:4C
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       42B844374255AFFF960AC5A75238140E4F846B3A
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS211440.roa
Signing time:             Thu 19 Mar 2026 10:46:48 +0000
ROA not before:           Thu 19 Mar 2026 10:41:48 +0000
ROA not after:            Thu 18 Mar 2027 10:46:48 +0000
asID:                     211440
IP address blocks:        147.79.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:b8:44:37:42:55:af:ff:96:0a:c5:a7:52:38:14:0e:4f:84:6b:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar 19 10:41:48 2026 GMT
            Not After : Mar 18 10:46:48 2027 GMT
        Subject: CN=07FAEAF0E743121063512BAA08D091414D820A4C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:b0:fe:a7:b5:70:6d:f5:9c:90:51:a9:2f:fa:
                    4e:ba:67:7c:af:30:0a:90:e5:59:d0:2e:25:39:d5:
                    78:cc:c3:68:7b:2f:27:d8:07:2a:5b:93:a8:5e:c1:
                    25:46:06:38:11:d8:8e:47:e7:b3:ac:72:fe:42:3a:
                    fd:c3:d1:35:25:d2:c0:30:18:08:99:80:22:68:8e:
                    ee:60:dd:f9:a8:2e:dc:2f:78:6b:51:55:aa:fe:c5:
                    04:68:1c:7a:7a:b1:ee:a3:18:80:07:42:1c:bf:c2:
                    d8:1c:dc:b6:39:9e:e2:ee:04:ec:6b:bf:8a:d6:44:
                    ce:1a:7e:d0:85:09:ea:02:06:3a:e0:0e:0f:97:82:
                    56:bc:41:69:44:40:e0:40:ad:f2:9b:8f:26:bd:60:
                    44:93:66:56:db:e2:cc:e8:9b:23:97:0a:e4:3e:af:
                    ad:ef:af:95:e4:8a:38:46:b8:77:4b:3c:43:c2:22:
                    0a:ed:1b:e5:ed:97:c1:f9:50:66:36:55:2d:f0:3e:
                    68:85:47:ad:82:96:3e:8e:04:8a:65:69:99:ef:e5:
                    3c:99:8d:cb:60:94:bb:2d:ec:fe:69:c8:95:2c:f4:
                    43:bb:03:87:7a:56:e9:c0:7a:9d:a2:07:73:9c:be:
                    14:12:a1:6d:36:c3:e3:5b:ac:ec:b9:de:d4:28:fd:
                    72:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:FA:EA:F0:E7:43:12:10:63:51:2B:AA:08:D0:91:41:4D:82:0A:4C
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS211440.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.79.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:5c:24:00:ba:fa:28:3f:d8:54:57:38:0d:5a:a2:6f:8b:89:
         ef:47:53:7e:11:44:6e:75:51:64:76:c5:18:f1:28:8b:0f:0f:
         9b:94:47:1f:06:1a:c7:33:47:af:bc:d0:e3:42:2b:29:c1:f9:
         74:6a:8f:87:4b:47:e3:02:cd:6e:67:db:6e:bd:3e:36:68:15:
         87:7f:60:a5:29:01:b6:da:cf:c8:c1:87:86:64:b2:ec:90:38:
         99:90:27:fa:7a:9b:37:75:fe:0b:aa:fb:72:53:bb:73:b4:18:
         c9:19:6e:c6:b1:24:90:0c:d9:8e:3f:86:c2:da:c3:e7:73:9a:
         a8:97:47:3a:96:76:a1:7f:0b:d0:a9:20:74:b2:99:21:d0:63:
         79:f4:c7:7d:39:a8:34:73:e6:c6:56:37:c1:9d:59:98:88:bd:
         42:25:b8:65:eb:5f:d0:c3:8d:70:2a:94:68:f5:9c:55:05:38:
         a7:9d:44:a3:21:eb:54:cc:17:b1:78:c1:10:2d:3b:10:e1:3b:
         09:2a:83:a3:99:1f:dd:f3:11:41:ee:05:99:21:9a:8d:b8:69:
         1d:03:8f:c0:e2:44:29:52:2c:2f:56:22:c3:29:af:8e:c1:eb:
         3c:72:b2:64:1d:ef:d1:11:36:79:28:4a:c7:58:00:03:61:f1:
         f9:5d:a4:04
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUQrhEN0JVr/+WCsWnUjgUDk+EazowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMTkxMDQxNDhaFw0yNzAzMTgxMDQ2NDhaMDMxMTAvBgNV
BAMTKDA3RkFFQUYwRTc0MzEyMTA2MzUxMkJBQTA4RDA5MTQxNEQ4MjBBNEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnsP6ntXBt9ZyQUakv+k66Z3yv
MAqQ5VnQLiU51XjMw2h7LyfYBypbk6hewSVGBjgR2I5H57Oscv5COv3D0TUl0sAw
GAiZgCJoju5g3fmoLtwveGtRVar+xQRoHHp6se6jGIAHQhy/wtgc3LY5nuLuBOxr
v4rWRM4aftCFCeoCBjrgDg+Xgla8QWlEQOBArfKbjya9YESTZlbb4szomyOXCuQ+
r63vr5XkijhGuHdLPEPCIgrtG+Xtl8H5UGY2VS3wPmiFR62Clj6OBIplaZnv5TyZ
jctglLst7P5pyJUs9EO7A4d6VunAep2iB3OcvhQSoW02w+NbrOy53tQo/XKDAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUB/rq8OdDEhBjUSuqCNCRQU2CCkwwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjExNDQwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk08G
MA0GCSqGSIb3DQEBCwUAA4IBAQAFXCQAuvooP9hUVzgNWqJvi4nvR1N+EURudVFk
dsUY8SiLDw+blEcfBhrHM0evvNDjQispwfl0ao+HS0fjAs1uZ9tuvT42aBWHf2Cl
KQG22s/IwYeGZLLskDiZkCf6eps3df4LqvtyU7tztBjJGW7GsSSQDNmOP4bC2sPn
c5qol0c6lnahfwvQqSB0spkh0GN59Md9Oag0c+bGVjfBnVmYiL1CJbhl61/Qw41w
KpRo9ZxVBTinnUSjIetUzBexeMEQLTsQ4TsJKoOjmR/d8xFB7gWZIZqNuGkdA4/A
4kQpUiwvViLDKa+Owes8crJkHe/RETZ5KErHWAADYfH5XaQE
-----END CERTIFICATE-----