Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS212336.roa
File:                     AS212336.roa (raw, json)
Hash identifier:          KPnUvf4cUjapMKbOrPg6vHq7yRuGtv+FNUD8Ng/IWqI=
Subject key identifier:   E1:D0:2E:3E:26:1E:4A:93:60:C1:88:6A:9E:09:BA:A9:60:52:FD:A3
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       0F561AACC02695115A07975303FAF11D3BFE22A4
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS212336.roa
Signing time:             Thu 21 Aug 2025 08:17:55 +0000
ROA not before:           Thu 21 Aug 2025 08:12:55 +0000
ROA not after:            Thu 20 Aug 2026 08:17:55 +0000
asID:                     212336
IP address blocks:        147.79.20.0/24 maxlen: 24
                          150.241.199.0/24 maxlen: 24
                          155.117.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:56:1a:ac:c0:26:95:11:5a:07:97:53:03:fa:f1:1d:3b:fe:22:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Aug 21 08:12:55 2025 GMT
            Not After : Aug 20 08:17:55 2026 GMT
        Subject: CN=E1D02E3E261E4A9360C1886A9E09BAA96052FDA3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:4f:40:5c:68:ec:16:5f:7b:51:02:a3:41:4d:
                    2b:4e:20:fa:dc:af:4a:1a:41:ab:64:1c:42:e0:fb:
                    a2:e5:25:53:fd:7e:ec:3b:8a:83:14:c2:fb:b4:21:
                    63:71:c5:04:41:44:ff:27:8b:c5:74:68:b0:af:d9:
                    84:7f:88:73:92:1d:13:05:fd:54:fb:42:c1:1a:64:
                    e3:8a:0d:d5:dc:98:ab:a6:cf:ad:b0:d1:6c:2a:1f:
                    7a:e6:85:75:0d:4b:0d:56:55:16:a7:3f:9a:97:20:
                    7a:7b:51:58:45:eb:b6:8f:1f:d5:37:aa:4e:d4:a4:
                    28:ba:da:c0:8e:b7:d6:f6:bd:7f:48:b9:d2:0b:be:
                    1c:42:8e:59:91:cf:42:4f:7c:c3:4b:b2:1f:4b:fe:
                    ce:30:44:24:41:ef:3f:f5:d5:03:d3:e7:b3:e3:eb:
                    6a:3f:1e:9d:aa:1a:56:48:62:e0:2e:59:f6:70:ed:
                    95:74:cc:0d:cb:49:af:6f:4d:4e:dd:a2:3d:15:f4:
                    c0:41:5a:d6:b0:54:4a:f1:9f:26:8d:fc:98:c5:33:
                    10:52:d9:51:fc:9e:4f:a8:c4:08:23:98:f4:47:b8:
                    e0:22:10:b3:6a:56:36:4e:62:cc:cc:f2:ad:c5:e0:
                    c4:f7:89:d0:71:c9:83:ec:86:75:44:4e:ff:2a:5b:
                    39:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:D0:2E:3E:26:1E:4A:93:60:C1:88:6A:9E:09:BA:A9:60:52:FD:A3
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS212336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.79.20.0/24
                  150.241.199.0/24
                  155.117.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:b0:a4:c1:0c:e9:2c:1a:2b:3e:7f:7f:0a:c4:84:a3:fa:29:
         eb:66:e5:32:51:d3:cf:e4:fb:7b:9b:20:49:aa:14:38:a5:8a:
         44:87:24:3c:98:67:3f:8f:4e:84:2b:2f:22:d5:8d:b8:97:c8:
         63:26:a7:55:3b:32:57:50:71:60:65:b4:c6:4b:85:1e:ae:bb:
         92:41:41:bf:84:93:4a:0b:8b:8e:53:d8:ad:96:f3:3f:06:4e:
         e4:19:07:3b:67:f9:c1:86:a2:fa:ca:29:c3:03:9b:8d:49:cc:
         d0:78:82:d2:dd:c5:9e:9c:57:9a:97:cd:b1:d8:f5:b4:fa:31:
         5d:39:5e:bd:eb:56:b7:e9:0d:ce:6b:ca:91:b2:c7:a1:eb:37:
         24:ae:b7:35:ff:7a:91:17:6e:4b:53:da:3c:07:7d:e8:39:57:
         00:f9:83:f0:42:30:83:dd:0a:aa:e8:2d:b0:05:72:4a:cb:84:
         c5:ee:2f:f6:41:28:7d:2e:56:20:51:3a:08:89:2f:7b:66:1a:
         93:ef:a4:ae:d5:18:38:bd:c1:77:b8:c6:93:a5:ea:bb:a7:f3:
         cc:f6:4c:46:d8:12:eb:a9:46:19:13:98:86:46:45:1e:93:64:
         a6:66:71:63:de:40:cc:b9:50:4e:69:b2:fc:95:c8:af:79:83:
         29:39:fb:c6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUD1YarMAmlRFaB5dTA/rxHTv+IqQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA4MjEwODEyNTVaFw0yNjA4MjAwODE3NTVaMDMxMTAvBgNV
BAMTKEUxRDAyRTNFMjYxRTRBOTM2MEMxODg2QTlFMDlCQUE5NjA1MkZEQTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUT0BcaOwWX3tRAqNBTStOIPrc
r0oaQatkHELg+6LlJVP9fuw7ioMUwvu0IWNxxQRBRP8ni8V0aLCv2YR/iHOSHRMF
/VT7QsEaZOOKDdXcmKumz62w0WwqH3rmhXUNSw1WVRanP5qXIHp7UVhF67aPH9U3
qk7UpCi62sCOt9b2vX9IudILvhxCjlmRz0JPfMNLsh9L/s4wRCRB7z/11QPT57Pj
62o/Hp2qGlZIYuAuWfZw7ZV0zA3LSa9vTU7doj0V9MBBWtawVErxnyaN/JjFMxBS
2VH8nk+oxAgjmPRHuOAiELNqVjZOYszM8q3F4MT3idBxyYPshnVETv8qWzkxAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQU4dAuPiYeSpNgwYhqngm6qWBS/aMwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjEyMzM2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAk08U
AwQAlvHHAwQAm3WbMA0GCSqGSIb3DQEBCwUAA4IBAQC0sKTBDOksGis+f38KxISj
+inrZuUyUdPP5Pt7myBJqhQ4pYpEhyQ8mGc/j06EKy8i1Y24l8hjJqdVOzJXUHFg
ZbTGS4UerruSQUG/hJNKC4uOU9itlvM/Bk7kGQc7Z/nBhqL6yinDA5uNSczQeILS
3cWenFeal82x2PW0+jFdOV6961a36Q3Oa8qRsseh6zckrrc1/3qRF25LU9o8B33o
OVcA+YPwQjCD3Qqq6C2wBXJKy4TF7i/2QSh9LlYgUToIiS97ZhqT76Su1Rg4vcF3
uMaTpeq7p/PM9kxG2BLrqUYZE5iGRkUek2SmZnFj3kDMuVBOabL8lciveYMpOfvG
-----END CERTIFICATE-----