Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS211484.roa
File:                     AS211484.roa (raw, json)
Hash identifier:          9YlCNROzQj4oLMw1Jc4B3jiUAYbcCZCd19aPfOiAJeQ=
Subject key identifier:   E4:51:15:D5:E6:73:AD:E8:D5:10:28:0A:A7:17:A2:5C:B3:27:B2:39
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       3D6AB653DB3DC7311AF54187EB18500DE8E2A9
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS211484.roa
Signing time:             Sat 27 Sep 2025 18:52:13 +0000
ROA not before:           Sat 27 Sep 2025 18:47:13 +0000
ROA not after:            Sat 26 Sep 2026 18:52:13 +0000
asID:                     211484
IP address blocks:        150.241.238.0/23 maxlen: 24
                          155.117.252.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:6a:b6:53:db:3d:c7:31:1a:f5:41:87:eb:18:50:0d:e8:e2:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Sep 27 18:47:13 2025 GMT
            Not After : Sep 26 18:52:13 2026 GMT
        Subject: CN=E45115D5E673ADE8D510280AA717A25CB327B239
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:a9:39:e8:59:43:4a:94:c4:a7:91:63:bc:17:
                    06:12:86:0b:97:a6:97:49:9d:9b:fb:8a:7e:7f:6f:
                    55:f9:b7:7e:fb:c0:3f:2a:54:00:a4:39:18:d5:30:
                    b5:73:af:12:9b:a7:e7:51:d0:73:49:e9:8d:d8:25:
                    d9:c4:c1:57:64:43:90:5e:ef:4a:21:84:b5:c3:a4:
                    d6:bb:f9:ef:36:71:27:f0:94:d4:4a:a9:cb:f7:2a:
                    d7:87:aa:5f:02:18:7f:07:90:c1:50:84:6a:94:69:
                    62:8f:1b:3e:84:a0:63:63:21:2c:3a:ca:74:71:27:
                    1a:1c:fb:85:b3:32:b4:3a:0a:dc:77:3d:13:a6:6c:
                    8e:cc:92:7b:b4:4b:33:47:f7:fe:95:2a:52:04:57:
                    05:17:46:ce:61:e9:0d:a7:48:f5:cb:28:cd:a3:7b:
                    cb:d6:40:7e:03:81:1f:7b:68:d9:bc:59:ab:ca:e0:
                    59:58:46:85:7a:ce:44:5f:c9:6f:81:40:1d:ec:24:
                    8d:41:1d:07:31:b5:0e:4f:6d:2b:37:ce:34:74:a3:
                    e2:ac:80:d0:9c:8c:6c:26:51:18:29:9b:b2:f7:46:
                    5b:36:9f:d4:f7:71:0d:f8:34:c4:17:97:40:83:7b:
                    bb:3d:9f:a5:d9:37:44:b5:1a:17:4f:0e:9a:1a:0d:
                    1c:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:51:15:D5:E6:73:AD:E8:D5:10:28:0A:A7:17:A2:5C:B3:27:B2:39
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS211484.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.241.238.0/23
                  155.117.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         aa:91:86:d4:72:c9:9d:77:9a:2d:0d:fd:39:66:10:6d:13:ac:
         c4:e0:5b:53:45:2f:a5:7b:42:ba:68:cd:72:16:3e:d7:a3:1d:
         a1:84:9c:91:80:7b:1c:5a:1c:f1:af:ed:0d:da:6f:c6:ff:85:
         55:c5:88:40:f4:c4:bd:23:7c:d2:b5:01:9b:c5:5b:b0:16:e1:
         4f:c0:22:ac:3a:09:fa:9a:ad:d5:d4:79:20:11:f1:ee:a5:6c:
         47:ce:49:31:16:d9:46:4f:c4:ea:27:bd:49:ec:57:d7:24:67:
         3f:66:75:e0:29:b9:d0:6a:dd:72:5b:f6:bf:24:d4:89:fc:3b:
         7c:4b:62:98:35:60:87:21:7a:d4:3e:88:45:bd:73:b7:c1:cc:
         38:03:b5:cf:09:4e:f3:2b:fa:47:c7:49:99:c4:d8:97:9b:b4:
         8b:a0:9b:68:d9:5f:59:58:07:19:13:7d:93:1b:fc:ad:71:64:
         15:0c:22:15:fd:be:d0:cb:95:c3:1e:d1:91:1c:78:ef:b7:df:
         38:5e:02:5c:4b:77:26:78:2b:e9:37:bc:9a:c5:01:0f:43:9a:
         83:02:b1:2a:31:21:2d:fa:c6:ff:53:0e:68:f9:e4:59:7b:8b:
         36:55:5b:62:f1:79:c6:ce:1c:58:0a:a9:e4:47:15:4d:8c:37:
         5d:e1:96:a7
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgITPWq2U9s9xzEa9UGH6xhQDejiqTANBgkqhkiG9w0BAQsF
ADAzMTEwLwYDVQQDEyg0ZmMzMzZiZjlmM2RlNWNlNDE0MTRiZDE5NzE5NDVmNGIy
NDZiZmNjMB4XDTI1MDkyNzE4NDcxM1oXDTI2MDkyNjE4NTIxM1owMzExMC8GA1UE
AxMoRTQ1MTE1RDVFNjczQURFOEQ1MTAyODBBQTcxN0EyNUNCMzI3QjIzOTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOCpOehZQ0qUxKeRY7wXBhKGC5em
l0mdm/uKfn9vVfm3fvvAPypUAKQ5GNUwtXOvEpun51HQc0npjdgl2cTBV2RDkF7v
SiGEtcOk1rv57zZxJ/CU1Eqpy/cq14eqXwIYfweQwVCEapRpYo8bPoSgY2MhLDrK
dHEnGhz7hbMytDoK3Hc9E6ZsjsySe7RLM0f3/pUqUgRXBRdGzmHpDadI9csozaN7
y9ZAfgOBH3to2bxZq8rgWVhGhXrORF/Jb4FAHewkjUEdBzG1Dk9tKzfONHSj4qyA
0JyMbCZRGCmbsvdGWzaf1PdxDfg0xBeXQIN7uz2fpdk3RLUaF08OmhoNHG8CAwEA
AaOCAhAwggIMMB0GA1UdDgQWBBTkURXV5nOt6NUQKAqnF6JcsyeyOTAfBgNVHSME
GDAWgBRPwza/nz3lzkFBS9GXGUX0ska/zDAOBgNVHQ8BAf8EBAMCB4AwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5u
ZXQvcmVwb3NpdG9yeS8wOWJlM2FhZS1hZWExLTQxZGMtYjFiOS05NWFjNTkxODI0
NGQvMC80RkMzMzZCRjlGM0RFNUNFNDE0MTRCRDE5NzE5NDVGNEIyNDZCRkNDLmNy
bDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVDhNMnY1ODk1YzVCUVV2Umx4bEY5TEpH
djh3LmNlcjB7BggrBgEFBQcBCwRvMG0wawYIKwYBBQUHMAuGX3JzeW5jOi8vcnN5
bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00
MWRjLWIxYjktOTVhYzU5MTgyNDRkLzAvQVMyMTE0ODQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAGW8e4D
BAGbdfwwDQYJKoZIhvcNAQELBQADggEBAKqRhtRyyZ13mi0N/TlmEG0TrMTgW1NF
L6V7QrpozXIWPtejHaGEnJGAexxaHPGv7Q3ab8b/hVXFiED0xL0jfNK1AZvFW7AW
4U/AIqw6CfqardXUeSAR8e6lbEfOSTEW2UZPxOonvUnsV9ckZz9mdeApudBq3XJb
9r8k1In8O3xLYpg1YIchetQ+iEW9c7fBzDgDtc8JTvMr+kfHSZnE2JebtIugm2jZ
X1lYBxkTfZMb/K1xZBUMIhX9vtDLlcMe0ZEceO+33zheAlxLdyZ4K+k3vJrFAQ9D
moMCsSoxIS36xv9TDmj55Fl7izZVW2LxecbOHFgKqeRHFU2MN13hlqc=
-----END CERTIFICATE-----
Generated at Mon Oct 20 19:42:50 2025 by rpki-client