Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS216022.roa
File:                     AS216022.roa (raw, json)
Hash identifier:          2NYCJATuBhqlFLnC5Z2V9LNunG0OTHusKvoGJPRh4Z8=
Subject key identifier:   88:F5:FC:36:6A:60:D2:64:FC:F0:F8:9D:0E:0B:F7:90:5A:5B:2E:62
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       343600A9B85FFC38F64EE02613948024E4A4DEEB
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS216022.roa
Signing time:             Thu 14 Aug 2025 00:54:13 +0000
ROA not before:           Thu 14 Aug 2025 00:49:13 +0000
ROA not after:            Thu 13 Aug 2026 00:54:13 +0000
asID:                     216022
IP address blocks:        146.103.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:36:00:a9:b8:5f:fc:38:f6:4e:e0:26:13:94:80:24:e4:a4:de:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Aug 14 00:49:13 2025 GMT
            Not After : Aug 13 00:54:13 2026 GMT
        Subject: CN=88F5FC366A60D264FCF0F89D0E0BF7905A5B2E62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:09:91:54:b7:a9:7b:49:19:5c:7c:a0:9c:db:
                    08:f4:91:5c:72:cd:ec:dc:fa:be:de:cb:d4:ff:04:
                    3e:13:6f:06:96:7f:71:8b:4f:74:5f:2c:18:e5:a5:
                    75:df:8e:6a:de:1f:a9:ed:29:e9:73:4c:52:27:74:
                    db:3f:e8:13:d6:6b:40:ee:2c:2a:1a:c8:13:ea:5a:
                    aa:79:80:89:d9:a3:25:0c:4c:ef:fe:62:08:62:ed:
                    f0:ad:79:cf:44:51:25:e1:c1:23:a2:33:45:09:b1:
                    34:4d:55:a6:81:31:e6:57:74:42:45:49:c3:12:85:
                    e8:38:da:d1:6c:86:a3:76:59:a1:e9:f0:f5:1a:87:
                    fa:06:fe:d7:be:01:d8:ac:48:f7:0d:ef:a4:71:d7:
                    fc:b3:14:7d:81:2e:4a:0a:7b:39:06:69:15:66:c1:
                    f0:46:2f:dc:a9:17:3b:71:de:27:02:63:ad:c4:37:
                    cb:98:2e:14:e1:70:ac:c6:0d:bf:74:2a:bf:e7:cd:
                    c6:e9:48:d3:5b:cd:83:d8:b3:15:78:aa:94:f3:06:
                    72:96:53:05:17:9e:95:d0:49:2d:e9:dd:7f:4e:60:
                    d2:3d:9a:56:c4:e4:ad:49:3d:a7:bb:17:74:80:fc:
                    5a:50:96:d6:be:da:29:bf:38:9a:67:98:df:85:93:
                    fe:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:F5:FC:36:6A:60:D2:64:FC:F0:F8:9D:0E:0B:F7:90:5A:5B:2E:62
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS216022.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:78:52:fe:03:56:36:f4:f5:e3:87:ff:60:6d:1d:7e:1d:3f:
         d5:21:2d:ba:4b:b3:5e:77:b3:d4:e6:78:b5:5c:eb:2a:7f:5b:
         fa:97:84:c2:9d:56:b3:98:d4:09:37:9b:bb:45:25:44:4b:1e:
         99:fd:43:7b:e6:01:fc:57:49:52:e4:b9:99:24:12:54:0b:90:
         13:bb:55:26:ab:af:b1:81:0f:3f:ab:d8:21:fb:44:3a:8b:11:
         fe:d2:29:0f:ca:2a:01:ee:c4:9d:4c:71:08:59:21:86:b7:75:
         e9:d7:de:05:22:41:fc:bc:96:c1:b4:19:6c:c8:b4:ec:ee:3f:
         ed:8c:b0:f6:33:65:90:5d:bb:31:6c:7d:f8:85:02:8f:ce:85:
         ed:89:4f:5e:16:6f:7d:cd:31:a6:22:42:89:03:37:9f:28:71:
         17:41:08:32:95:d2:df:30:19:45:34:82:a3:cc:ae:4e:b5:35:
         a0:7b:f6:62:88:55:10:07:f1:d2:22:f0:fa:c7:56:80:d0:f8:
         d0:08:52:ef:f4:3f:bc:6b:5a:d9:ce:14:5c:38:a1:0a:56:e8:
         d6:55:61:f4:7a:89:fb:d4:b1:d3:5a:8e:2f:3c:ce:dd:50:43:
         b9:1d:11:6c:3b:6b:b2:c9:80:44:22:f5:22:1a:ab:87:2d:14:
         28:e4:c4:f2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUNDYAqbhf/Dj2TuAmE5SAJOSk3uswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA4MTQwMDQ5MTNaFw0yNjA4MTMwMDU0MTNaMDMxMTAvBgNV
BAMTKDg4RjVGQzM2NkE2MEQyNjRGQ0YwRjg5RDBFMEJGNzkwNUE1QjJFNjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtCZFUt6l7SRlcfKCc2wj0kVxy
zezc+r7ey9T/BD4TbwaWf3GLT3RfLBjlpXXfjmreH6ntKelzTFIndNs/6BPWa0Du
LCoayBPqWqp5gInZoyUMTO/+Yghi7fCtec9EUSXhwSOiM0UJsTRNVaaBMeZXdEJF
ScMSheg42tFshqN2WaHp8PUah/oG/te+AdisSPcN76Rx1/yzFH2BLkoKezkGaRVm
wfBGL9ypFztx3icCY63EN8uYLhThcKzGDb90Kr/nzcbpSNNbzYPYsxV4qpTzBnKW
UwUXnpXQSS3p3X9OYNI9mlbE5K1JPae7F3SA/FpQlta+2im/OJpnmN+Fk/69AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUiPX8Nmpg0mT88PidDgv3kFpbLmIwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE2MDIyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkmc2
MA0GCSqGSIb3DQEBCwUAA4IBAQApeFL+A1Y29PXjh/9gbR1+HT/VIS26S7Ned7PU
5ni1XOsqf1v6l4TCnVazmNQJN5u7RSVESx6Z/UN75gH8V0lS5LmZJBJUC5ATu1Um
q6+xgQ8/q9gh+0Q6ixH+0ikPyioB7sSdTHEIWSGGt3Xp194FIkH8vJbBtBlsyLTs
7j/tjLD2M2WQXbsxbH34hQKPzoXtiU9eFm99zTGmIkKJAzefKHEXQQgyldLfMBlF
NIKjzK5OtTWge/ZiiFUQB/HSIvD6x1aA0PjQCFLv9D+8a1rZzhRcOKEKVujWVWH0
eon71LHTWo4vPM7dUEO5HRFsO2uyyYBEIvUiGquHLRQo5MTy
-----END CERTIFICATE-----