Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS212335.roa
File:                     AS212335.roa (raw, json)
Hash identifier:          6T8/4DvE8xTkPDNzESCpVYrwG+ty9ZVltXyJOd1p5Uc=
Subject key identifier:   F0:C4:04:B4:16:65:EC:15:1D:20:92:AF:74:A7:DE:72:1A:6B:47:27
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       77496B2D4E4B9440F0D825CA36C774AAA232CDAC
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS212335.roa
Signing time:             Thu 19 Jun 2025 13:29:42 +0000
ROA not before:           Thu 19 Jun 2025 13:24:42 +0000
ROA not after:            Thu 18 Jun 2026 13:29:42 +0000
asID:                     212335
IP address blocks:        140.233.185.0/24 maxlen: 24
                          146.103.61.0/24 maxlen: 24
                          150.241.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 02:13:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:49:6b:2d:4e:4b:94:40:f0:d8:25:ca:36:c7:74:aa:a2:32:cd:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun 19 13:24:42 2025 GMT
            Not After : Jun 18 13:29:42 2026 GMT
        Subject: CN=F0C404B41665EC151D2092AF74A7DE721A6B4727
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:3c:19:03:f2:81:be:ae:1e:69:eb:90:46:d0:
                    e6:8e:cb:6f:dc:01:d0:7a:5a:ee:1e:79:dc:eb:39:
                    8a:ea:a6:8c:73:b5:de:89:4f:8a:bd:ff:47:f7:60:
                    e4:67:71:2a:fb:66:59:d5:24:11:f4:aa:b2:46:fb:
                    0f:2e:d4:cd:88:ec:a7:8f:07:3e:90:87:32:c9:23:
                    9b:c1:51:6c:b6:51:cd:2b:50:ce:f5:e1:f9:4f:c9:
                    49:bf:05:73:e4:3c:94:5d:85:a5:c0:2d:48:3c:2a:
                    5f:d9:f8:e4:5a:44:09:66:e3:e3:b2:95:78:54:9b:
                    23:9e:30:01:bc:73:d4:73:eb:4d:df:07:9a:c3:cd:
                    5a:90:6c:60:20:68:8d:ce:aa:d7:26:32:9c:5d:ff:
                    ba:b9:64:c6:2e:dc:4d:68:a8:79:af:d3:bb:c7:35:
                    5d:79:bd:5c:4e:57:e6:00:19:cc:09:ea:87:55:10:
                    b0:4a:b8:8c:ab:08:1b:e7:80:66:8e:c9:22:e0:cb:
                    b8:3c:52:42:ab:d3:ee:b2:14:9d:e5:fa:38:8f:56:
                    9e:fd:cf:29:4e:48:b4:24:52:c0:eb:e9:3c:ef:42:
                    19:06:c4:f6:7a:fe:90:1e:e9:1f:79:bc:37:37:ef:
                    d8:79:36:4f:55:90:64:02:55:f4:d5:f7:fd:cc:de:
                    e7:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:C4:04:B4:16:65:EC:15:1D:20:92:AF:74:A7:DE:72:1A:6B:47:27
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS212335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.233.185.0/24
                  146.103.61.0/24
                  150.241.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:db:f1:7c:d1:f4:a4:12:3b:fd:96:e1:58:58:d7:74:01:d1:
         5d:86:be:ce:c8:eb:2f:76:8a:4b:67:c8:26:7e:9e:05:cd:f1:
         73:5a:05:d5:9b:43:de:f6:41:93:8c:07:ad:fd:f4:3b:42:a0:
         80:e6:1f:35:d7:11:8a:c8:0a:33:b8:64:06:ae:9e:f9:57:75:
         16:a1:f0:e6:5d:a1:12:a3:9a:ef:ae:60:64:23:97:a4:1a:5e:
         3c:d5:d7:9a:46:78:20:c9:0e:44:15:f6:47:23:ce:71:57:22:
         73:ec:e5:1b:b1:57:49:b9:b5:68:e7:ae:8d:f3:8a:06:53:6a:
         07:dc:81:34:ce:d3:aa:8f:43:ce:db:58:2d:f9:7b:79:02:24:
         bf:8c:e1:7d:85:1f:69:c3:77:c2:26:67:4f:2f:2b:b5:8e:92:
         26:84:f2:96:30:9c:56:8b:2e:2a:72:48:e3:e2:4c:dc:39:17:
         cc:9d:e8:38:98:0c:8a:d6:54:4e:29:d0:57:ff:b5:94:c5:1b:
         03:5d:de:71:92:4e:7a:f4:4f:90:21:73:11:32:a1:c6:2e:ab:
         f5:1e:94:3a:80:bf:b8:1e:c6:4a:bd:97:94:b2:6b:ba:3a:81:
         af:01:f9:84:b1:c8:28:87:bc:f1:41:fe:50:73:04:36:a9:36:
         f4:45:64:9b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUd0lrLU5LlEDw2CXKNsd0qqIyzawwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA2MTkxMzI0NDJaFw0yNjA2MTgxMzI5NDJaMDMxMTAvBgNV
BAMTKEYwQzQwNEI0MTY2NUVDMTUxRDIwOTJBRjc0QTdERTcyMUE2QjQ3MjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkPBkD8oG+rh5p65BG0OaOy2/c
AdB6Wu4eedzrOYrqpoxztd6JT4q9/0f3YORncSr7ZlnVJBH0qrJG+w8u1M2I7KeP
Bz6QhzLJI5vBUWy2Uc0rUM714flPyUm/BXPkPJRdhaXALUg8Kl/Z+ORaRAlm4+Oy
lXhUmyOeMAG8c9Rz603fB5rDzVqQbGAgaI3OqtcmMpxd/7q5ZMYu3E1oqHmv07vH
NV15vVxOV+YAGcwJ6odVELBKuIyrCBvngGaOySLgy7g8UkKr0+6yFJ3l+jiPVp79
zylOSLQkUsDr6TzvQhkGxPZ6/pAe6R95vDc379h5Nk9VkGQCVfTV9/3M3ud/AgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQU8MQEtBZl7BUdIJKvdKfechprRycwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjEyMzM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjOm5
AwQAkmc9AwQAlvHnMA0GCSqGSIb3DQEBCwUAA4IBAQCw2/F80fSkEjv9luFYWNd0
AdFdhr7OyOsvdopLZ8gmfp4FzfFzWgXVm0Pe9kGTjAet/fQ7QqCA5h811xGKyAoz
uGQGrp75V3UWofDmXaESo5rvrmBkI5ekGl481deaRnggyQ5EFfZHI85xVyJz7OUb
sVdJubVo566N84oGU2oH3IE0ztOqj0PO21gt+Xt5AiS/jOF9hR9pw3fCJmdPLyu1
jpImhPKWMJxWiy4qckjj4kzcORfMneg4mAyK1lROKdBX/7WUxRsDXd5xkk569E+Q
IXMRMqHGLqv1HpQ6gL+4HsZKvZeUsmu6OoGvAfmEscgoh7zxQf5QcwQ2qTb0RWSb
-----END CERTIFICATE-----