Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS216211.roa
File:                     AS216211.roa (raw, json)
Hash identifier:          fWc8aDfmzBjiUn5MpUl2JMeb0q9PiJzaIDb+guvJVbQ=
Subject key identifier:   12:E8:C7:0E:59:14:E2:7D:79:D8:60:F3:FF:5A:E0:82:7A:A9:07:4C
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       3AEA1F7EC72B1C615173D81BA1B0E254EFEF1D1C
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS216211.roa
Signing time:             Wed 01 Oct 2025 12:26:10 +0000
ROA not before:           Wed 01 Oct 2025 12:21:10 +0000
ROA not after:            Wed 30 Sep 2026 12:26:10 +0000
asID:                     216211
IP address blocks:        143.14.104.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:ea:1f:7e:c7:2b:1c:61:51:73:d8:1b:a1:b0:e2:54:ef:ef:1d:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Oct  1 12:21:10 2025 GMT
            Not After : Sep 30 12:26:10 2026 GMT
        Subject: CN=12E8C70E5914E27D79D860F3FF5AE0827AA9074C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:85:0c:36:2b:3e:54:06:67:90:65:d9:8f:50:
                    59:03:f5:df:87:ca:02:e7:c5:a8:db:55:e3:a4:b6:
                    42:eb:ab:ea:ea:f0:cc:9f:12:5a:15:21:47:01:ca:
                    ca:cd:3a:8c:37:c1:40:96:f0:59:88:8a:31:eb:7c:
                    e0:1f:18:49:8b:ed:5f:6a:63:20:5a:1b:6f:8c:bb:
                    d3:c1:c7:b6:1d:df:b4:b0:04:ed:80:90:13:34:88:
                    13:c5:07:7f:a2:f1:34:59:c0:99:29:01:98:00:b7:
                    32:e9:d5:7d:fe:f3:db:7e:97:b6:7d:81:32:91:53:
                    5e:e9:14:11:1e:05:e9:83:97:76:81:e1:94:c4:2e:
                    e4:81:64:fe:26:d8:97:36:ff:48:b7:fc:54:9b:13:
                    fc:c4:c4:3f:39:08:d9:78:45:ad:7e:43:1a:e5:b2:
                    74:ca:f8:40:b6:bc:2a:06:a9:38:66:93:84:24:e8:
                    6f:c5:82:ea:68:3e:ce:b8:80:48:77:1b:1c:1f:f4:
                    87:bc:d2:ed:fa:c0:85:6f:0b:9e:fb:e8:9b:a4:61:
                    bc:56:58:57:f4:42:11:12:b6:fa:f6:83:c0:8b:e0:
                    bf:9c:3c:ff:78:a9:80:1e:d1:bd:2b:3f:26:17:01:
                    4e:0a:eb:6e:84:0b:49:70:0a:53:66:e4:e6:b7:a9:
                    2f:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:E8:C7:0E:59:14:E2:7D:79:D8:60:F3:FF:5A:E0:82:7A:A9:07:4C
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS216211.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         07:5c:c8:f6:97:39:89:f6:54:93:08:8b:83:cd:ab:a7:b2:97:
         10:98:0f:2b:63:df:ca:55:26:a8:55:d1:cb:98:f1:95:b1:ba:
         7e:81:d6:d2:4e:df:57:be:12:2b:71:e1:cd:e7:93:01:9f:8e:
         e2:cf:2d:91:01:6b:73:16:fa:9f:a0:70:ef:24:7d:2b:d9:dd:
         12:b0:e6:89:dc:32:40:03:ed:0d:ab:68:ed:2d:c2:94:0d:8b:
         a7:26:a8:b9:e9:17:2c:25:79:dc:41:84:7a:53:00:af:fe:35:
         a3:83:fd:58:e9:05:a4:5a:99:79:fb:44:89:21:0f:22:a7:07:
         95:d8:78:00:88:54:c3:0e:0c:33:24:23:17:a3:f4:7f:ca:5a:
         d0:63:9d:8d:a1:72:2e:12:20:02:bb:0f:9b:de:d8:d8:ab:16:
         1a:ad:fe:27:a7:ed:91:7f:ed:0c:86:2f:30:10:1a:57:0c:85:
         86:83:04:09:d2:80:c6:4e:59:4c:82:60:b2:09:36:49:7a:43:
         45:83:1c:6c:ab:1d:d9:32:b1:19:4c:3a:51:33:c1:9f:f6:9e:
         60:8f:d7:77:69:11:4d:4a:00:e5:65:15:fe:15:4a:b8:6e:48:
         72:8e:cc:cc:2e:4a:58:84:f7:eb:e2:59:07:92:4b:47:9b:db:
         7c:87:bf:8c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUOuoffscrHGFRc9gbobDiVO/vHRwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEwMDExMjIxMTBaFw0yNjA5MzAxMjI2MTBaMDMxMTAvBgNV
BAMTKDEyRThDNzBFNTkxNEUyN0Q3OUQ4NjBGM0ZGNUFFMDgyN0FBOTA3NEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5hQw2Kz5UBmeQZdmPUFkD9d+H
ygLnxajbVeOktkLrq+rq8MyfEloVIUcBysrNOow3wUCW8FmIijHrfOAfGEmL7V9q
YyBaG2+Mu9PBx7Yd37SwBO2AkBM0iBPFB3+i8TRZwJkpAZgAtzLp1X3+89t+l7Z9
gTKRU17pFBEeBemDl3aB4ZTELuSBZP4m2Jc2/0i3/FSbE/zExD85CNl4Ra1+Qxrl
snTK+EC2vCoGqThmk4Qk6G/FgupoPs64gEh3Gxwf9Ie80u36wIVvC5776JukYbxW
WFf0QhEStvr2g8CL4L+cPP94qYAe0b0rPyYXAU4K626EC0lwClNm5Oa3qS9vAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUEujHDlkU4n152GDz/1rggnqpB0wwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE2MjExLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCjw5o
MA0GCSqGSIb3DQEBCwUAA4IBAQAHXMj2lzmJ9lSTCIuDzaunspcQmA8rY9/KVSao
VdHLmPGVsbp+gdbSTt9XvhIrceHN55MBn47izy2RAWtzFvqfoHDvJH0r2d0SsOaJ
3DJAA+0Nq2jtLcKUDYunJqi56RcsJXncQYR6UwCv/jWjg/1Y6QWkWpl5+0SJIQ8i
pweV2HgAiFTDDgwzJCMXo/R/ylrQY52NoXIuEiACuw+b3tjYqxYarf4np+2Rf+0M
hi8wEBpXDIWGgwQJ0oDGTllMgmCyCTZJekNFgxxsqx3ZMrEZTDpRM8Gf9p5gj9d3
aRFNSgDlZRX+FUq4bkhyjszMLkpYhPfr4lkHkktHm9t8h7+M
-----END CERTIFICATE-----