Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS213738.roa
File:                     AS213738.roa (raw, json)
Hash identifier:          cwEbqWHdG7y9DdmwC4QUSaPnE2yyNn3XmDJ2/vadvnA=
Subject key identifier:   05:F5:A9:22:61:93:7E:9F:1D:A9:39:56:C5:00:E5:21:A1:2E:74:21
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       79221FBB71A271774AC9660C281B051BA0062646
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS213738.roa
Signing time:             Tue 24 Mar 2026 11:03:03 +0000
ROA not before:           Tue 24 Mar 2026 10:58:03 +0000
ROA not after:            Tue 23 Mar 2027 11:03:03 +0000
asID:                     213738
IP address blocks:        162.141.108.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:22:1f:bb:71:a2:71:77:4a:c9:66:0c:28:1b:05:1b:a0:06:26:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar 24 10:58:03 2026 GMT
            Not After : Mar 23 11:03:03 2027 GMT
        Subject: CN=05F5A92261937E9F1DA93956C500E521A12E7421
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:69:29:36:f8:0e:57:6f:a7:df:d1:86:e5:48:
                    a5:12:45:a9:21:17:9e:29:22:9e:60:3a:e4:93:21:
                    ed:85:8b:e3:82:61:39:a4:6b:b4:e5:af:3c:41:3e:
                    df:9e:c8:d7:d1:6c:a4:62:4b:ea:ca:e3:04:d7:b7:
                    ec:6f:ce:0e:41:df:af:93:68:50:05:ce:a6:8c:58:
                    99:c4:e6:e9:8d:86:22:e2:26:92:bd:37:72:dc:29:
                    36:7c:e7:de:6a:0a:0b:56:cd:05:7d:39:c8:37:f5:
                    01:b3:a4:3a:8c:2b:08:7c:4e:0b:75:a7:aa:61:b5:
                    1c:d1:17:bc:85:6d:ee:fa:c8:12:91:e6:75:a6:ae:
                    4f:0d:a1:0e:2f:97:8a:8f:e8:72:84:b5:f9:22:e0:
                    08:3b:09:24:31:3e:f6:5d:90:00:68:d8:72:be:13:
                    38:18:38:e6:a6:6b:e5:f3:73:b3:de:89:f4:51:69:
                    1f:1a:92:a1:20:2c:07:7e:e7:9b:1d:d6:4e:a4:10:
                    d5:b2:56:56:5b:11:5f:f8:db:00:5a:2b:b9:7a:ba:
                    9f:b2:e2:a6:ac:16:11:28:fc:07:bc:18:95:14:3d:
                    83:e5:35:4f:b8:47:19:7c:ce:bf:34:5d:5a:fd:6b:
                    69:fe:21:e3:4d:7b:ef:0b:f7:90:02:a3:1d:3b:c1:
                    06:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:F5:A9:22:61:93:7E:9F:1D:A9:39:56:C5:00:E5:21:A1:2E:74:21
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS213738.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.141.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         90:5f:1f:f6:34:d9:fe:29:cf:d6:93:1e:8d:2e:c6:39:6b:e2:
         05:d0:c0:9e:92:53:65:ba:2f:4f:a0:23:53:8c:94:1b:e6:5c:
         7a:cf:81:07:77:b8:d1:91:54:0e:69:54:e8:9e:ed:3d:c9:bd:
         7b:92:32:fb:30:a6:67:a7:a6:e4:58:cd:60:b2:f2:b2:45:fb:
         36:60:b4:5c:5e:64:f9:96:c9:ae:f6:18:29:ca:59:79:9c:49:
         6e:0e:4f:7e:fe:48:69:4d:3a:d0:1b:5e:62:b6:f3:ef:3a:5c:
         4e:37:5e:1d:01:d8:ce:22:30:09:fa:bc:e3:a6:6f:06:8a:18:
         a8:bf:bc:a9:81:7a:95:da:9f:c7:b6:ea:a5:03:a6:b4:f3:90:
         16:1f:c3:df:29:58:47:1f:c4:93:9d:5b:87:28:97:af:4f:74:
         91:b9:ba:22:5e:61:4d:52:ba:9f:ac:4c:4b:f9:6e:4c:c6:55:
         4e:41:34:68:b8:95:f4:1e:d1:60:ee:eb:c4:10:52:77:1f:0f:
         7f:ab:f0:9a:c1:b5:6e:5e:bd:f2:d6:de:12:26:81:91:31:1b:
         40:cc:1f:c6:41:e0:f4:7c:a6:46:4d:da:a5:d3:3e:d8:09:45:
         eb:8b:24:ef:56:59:cf:27:cc:71:c4:26:61:85:23:fc:ff:91:
         59:94:d0:d3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUeSIfu3GicXdKyWYMKBsFG6AGJkYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMjQxMDU4MDNaFw0yNzAzMjMxMTAzMDNaMDMxMTAvBgNV
BAMTKDA1RjVBOTIyNjE5MzdFOUYxREE5Mzk1NkM1MDBFNTIxQTEyRTc0MjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4aSk2+A5Xb6ff0YblSKUSRakh
F54pIp5gOuSTIe2Fi+OCYTmka7TlrzxBPt+eyNfRbKRiS+rK4wTXt+xvzg5B36+T
aFAFzqaMWJnE5umNhiLiJpK9N3LcKTZ8595qCgtWzQV9Ocg39QGzpDqMKwh8Tgt1
p6phtRzRF7yFbe76yBKR5nWmrk8NoQ4vl4qP6HKEtfki4Ag7CSQxPvZdkABo2HK+
EzgYOOama+Xzc7PeifRRaR8akqEgLAd+55sd1k6kENWyVlZbEV/42wBaK7l6up+y
4qasFhEo/Ae8GJUUPYPlNU+4Rxl8zr80XVr9a2n+IeNNe+8L95ACox07wQbHAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUBfWpImGTfp8dqTlWxQDlIaEudCEwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjEzNzM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBoo1s
MA0GCSqGSIb3DQEBCwUAA4IBAQCQXx/2NNn+Kc/Wkx6NLsY5a+IF0MCeklNlui9P
oCNTjJQb5lx6z4EHd7jRkVQOaVTonu09yb17kjL7MKZnp6bkWM1gsvKyRfs2YLRc
XmT5lsmu9hgpyll5nEluDk9+/khpTTrQG15itvPvOlxON14dAdjOIjAJ+rzjpm8G
ihiov7ypgXqV2p/HtuqlA6a085AWH8PfKVhHH8STnVuHKJevT3SRuboiXmFNUrqf
rExL+W5MxlVOQTRouJX0HtFg7uvEEFJ3Hw9/q/CawbVuXr3y1t4SJoGRMRtAzB/G
QeD0fKZGTdql0z7YCUXriyTvVlnPJ8xxxCZhhSP8/5FZlNDT
-----END CERTIFICATE-----