Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS213058.roa
File:                     AS213058.roa (raw, json)
Hash identifier:          ZLef81gI/HW5uDicsx4avNe74MeYjB/fDm2ngx2H5Qw=
Subject key identifier:   D9:EB:57:19:EB:09:E7:D5:A7:80:8E:68:BD:05:9C:C9:03:F8:B3:D6
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       6123977C4AFCA8EDB3855D51691945DD81A0FB9E
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS213058.roa
Signing time:             Tue 12 May 2026 11:59:44 +0000
ROA not before:           Tue 12 May 2026 11:54:44 +0000
ROA not after:            Tue 11 May 2027 11:59:44 +0000
asID:                     213058
IP address blocks:        155.117.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 17:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:23:97:7c:4a:fc:a8:ed:b3:85:5d:51:69:19:45:dd:81:a0:fb:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 12 11:54:44 2026 GMT
            Not After : May 11 11:59:44 2027 GMT
        Subject: CN=D9EB5719EB09E7D5A7808E68BD059CC903F8B3D6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:88:95:28:26:99:b0:ae:f1:de:c6:3c:48:4e:
                    4d:05:1d:27:3f:06:b5:09:c8:75:36:83:19:cf:3b:
                    c1:c0:39:ad:38:9a:b5:b7:ff:17:56:27:c0:2e:c2:
                    23:67:cf:0f:63:87:53:8f:9a:33:e7:29:b6:b0:e1:
                    cc:ad:6b:47:39:50:16:e6:dc:78:52:ef:1c:3f:49:
                    29:13:50:3a:42:3b:b3:51:68:21:ef:af:9e:d6:96:
                    40:5c:a2:dc:a3:79:02:5c:e4:59:44:d0:8f:4a:0f:
                    28:a6:14:d6:d3:69:b8:43:2b:c7:dc:28:0c:f0:83:
                    d4:01:80:d2:f8:73:e8:c4:2c:65:8c:ba:12:91:d9:
                    7d:21:f7:db:4f:71:6b:b9:42:60:0b:aa:99:ff:cf:
                    a7:57:bc:19:e4:9a:9a:55:e3:86:4c:0f:9e:3a:12:
                    18:e8:8f:d0:9c:25:b7:43:15:ee:ae:aa:c0:e8:5e:
                    ff:c3:7e:7a:32:8a:2e:3a:b0:b5:f7:dc:66:c4:55:
                    99:3d:1c:57:dd:e2:f7:f0:7e:55:b7:8a:e8:11:ee:
                    42:8a:cf:00:8e:eb:bb:cd:3a:72:a1:8d:d7:6e:0a:
                    26:e0:f3:a2:f1:4c:67:e6:24:ff:a8:61:34:e3:7b:
                    56:d9:44:1b:6d:0a:20:d2:90:58:36:d9:2c:6f:56:
                    50:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:EB:57:19:EB:09:E7:D5:A7:80:8E:68:BD:05:9C:C9:03:F8:B3:D6
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS213058.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:30:2f:6a:a8:17:0d:a7:17:64:73:4f:dc:80:aa:bb:06:eb:
         0b:c1:23:69:04:e9:cb:de:c6:39:e2:f9:24:72:ec:34:97:ac:
         1b:07:c0:b6:2f:d6:48:e0:3d:f3:d1:f2:9a:21:f6:b2:19:7e:
         06:90:87:1a:24:23:68:cc:7d:f6:a8:01:94:63:ab:fd:5d:16:
         e9:5b:cc:bf:a8:02:11:59:9a:c0:a9:0b:95:d1:76:dd:f0:f6:
         01:6b:a8:66:79:b2:af:e6:9b:55:34:e0:d4:4b:cb:f2:7d:ea:
         0d:1e:72:7b:55:52:58:1b:03:7f:cf:b9:21:e2:09:f9:97:dc:
         87:e0:50:c7:b4:ea:72:91:65:af:20:89:c8:fe:7d:96:b1:94:
         9c:61:51:a5:10:06:97:c2:35:99:06:d1:f2:30:95:cc:03:b5:
         89:20:7d:e8:25:5f:71:23:e1:b7:4b:f8:31:e8:62:81:e3:dd:
         4b:35:8c:8b:be:5c:51:69:69:6a:31:4e:41:56:3b:fc:db:32:
         41:d4:e6:cc:f1:ad:94:98:1e:27:c4:84:81:39:89:4c:17:7c:
         22:4e:a0:b2:b9:35:03:e4:cf:c3:75:44:70:c8:5d:4d:37:91:
         11:8c:7e:45:0f:fb:d0:ba:db:3d:07:9b:77:d9:e7:95:93:fc:
         e0:bc:72:5e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUYSOXfEr8qO2zhV1RaRlF3YGg+54wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MTIxMTU0NDRaFw0yNzA1MTExMTU5NDRaMDMxMTAvBgNV
BAMTKEQ5RUI1NzE5RUIwOUU3RDVBNzgwOEU2OEJEMDU5Q0M5MDNGOEIzRDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIiJUoJpmwrvHexjxITk0FHSc/
BrUJyHU2gxnPO8HAOa04mrW3/xdWJ8AuwiNnzw9jh1OPmjPnKbaw4cyta0c5UBbm
3HhS7xw/SSkTUDpCO7NRaCHvr57WlkBcotyjeQJc5FlE0I9KDyimFNbTabhDK8fc
KAzwg9QBgNL4c+jELGWMuhKR2X0h99tPcWu5QmALqpn/z6dXvBnkmppV44ZMD546
Ehjoj9CcJbdDFe6uqsDoXv/Dfnoyii46sLX33GbEVZk9HFfd4vfwflW3iugR7kKK
zwCO67vNOnKhjdduCibg86LxTGfmJP+oYTTje1bZRBttCiDSkFg22SxvVlDTAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU2etXGesJ59WngI5ovQWcyQP4s9YwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjEzMDU4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAm3Wd
MA0GCSqGSIb3DQEBCwUAA4IBAQB/MC9qqBcNpxdkc0/cgKq7BusLwSNpBOnL3sY5
4vkkcuw0l6wbB8C2L9ZI4D3z0fKaIfayGX4GkIcaJCNozH32qAGUY6v9XRbpW8y/
qAIRWZrAqQuV0Xbd8PYBa6hmebKv5ptVNODUS8vyfeoNHnJ7VVJYGwN/z7kh4gn5
l9yH4FDHtOpykWWvIInI/n2WsZScYVGlEAaXwjWZBtHyMJXMA7WJIH3oJV9xI+G3
S/gx6GKB491LNYyLvlxRaWlqMU5BVjv82zJB1ObM8a2UmB4nxISBOYlMF3wiTqCy
uTUD5M/DdURwyF1NN5ERjH5FD/vQuts9B5t32eeVk/zgvHJe
-----END CERTIFICATE-----