Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS211038.roa
File:                     AS211038.roa (raw, json)
Hash identifier:          JmKyh786I+/cDv8uNlXretZ7ADNIDAHTvKpCJeWKIdE=
Subject key identifier:   69:B7:1E:02:4C:41:89:BB:78:B2:A4:59:A7:EB:60:14:22:D4:44:59
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       0AAF48B56D451E268191DDEF9EC449622D6730E9
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS211038.roa
Signing time:             Sat 21 Mar 2026 03:01:27 +0000
ROA not before:           Sat 21 Mar 2026 02:56:27 +0000
ROA not after:            Sat 20 Mar 2027 03:01:27 +0000
asID:                     211038
IP address blocks:        45.157.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 07:43:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:af:48:b5:6d:45:1e:26:81:91:dd:ef:9e:c4:49:62:2d:67:30:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Mar 21 02:56:27 2026 GMT
            Not After : Mar 20 03:01:27 2027 GMT
        Subject: CN=69B71E024C4189BB78B2A459A7EB601422D44459
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:da:de:95:45:06:52:45:74:bd:37:de:3d:ae:
                    64:a9:56:26:5f:f5:4c:4f:23:08:2f:31:da:67:ce:
                    45:bb:ce:09:85:f6:00:58:bb:2f:fc:81:55:42:8f:
                    1e:9a:5c:62:c6:f2:3f:4e:ab:d9:d4:49:1d:ba:a0:
                    a7:58:c3:f5:4d:d8:04:b5:9f:0e:a8:88:c5:19:c6:
                    bc:00:4c:a2:0d:f2:cb:f6:0e:04:f5:b1:d4:d6:03:
                    15:f4:8f:15:72:56:9e:bb:69:75:41:8e:52:fc:10:
                    cf:94:5d:4c:ec:aa:52:bf:8d:67:12:19:a1:7a:45:
                    e8:a4:81:e6:61:42:e7:1a:94:7b:c1:09:1b:a5:a6:
                    fc:7a:74:00:fa:f3:a9:a5:60:5e:1a:28:d7:16:77:
                    61:95:27:19:7a:1a:d5:ee:2c:81:35:83:44:cf:a4:
                    41:9b:b2:7d:e4:f0:99:50:00:0c:a8:a9:3a:d9:fc:
                    c8:62:3e:11:a2:9b:b5:0c:cc:c0:c2:36:ea:dd:8e:
                    26:c5:69:7b:71:85:da:f4:5b:03:47:73:93:c3:ae:
                    bc:fd:e8:41:30:c2:f7:1f:d5:7b:dc:44:96:20:f2:
                    71:46:e8:5f:cc:64:67:2d:ac:b4:e1:aa:69:ab:44:
                    2a:4b:5b:88:2d:8c:92:19:5d:8c:f1:e5:9a:e4:f3:
                    57:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:B7:1E:02:4C:41:89:BB:78:B2:A4:59:A7:EB:60:14:22:D4:44:59
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS211038.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:28:17:05:10:34:e0:68:21:8b:34:9e:9d:b9:d5:6c:0e:b2:
         84:dd:68:d2:77:ab:3c:f7:2e:87:71:d1:00:cf:b7:ed:cf:8a:
         07:94:26:a2:01:bb:6f:b5:f1:e1:30:e0:62:2e:b5:0d:74:9f:
         aa:fd:72:fe:4e:71:a6:5f:4e:ad:6c:fd:7d:72:6d:9b:7a:74:
         71:91:2e:42:91:04:c3:58:e6:c5:19:38:1c:3b:f1:83:a3:35:
         5b:97:ee:27:ef:f8:da:88:d6:95:26:b8:c8:60:d4:80:2e:23:
         38:c5:98:43:30:a5:94:61:d7:e5:49:f0:5e:cd:88:ab:23:54:
         08:68:71:32:31:d8:f8:96:6e:e8:de:45:5d:04:e3:59:38:0e:
         f1:93:96:48:45:83:60:ea:d5:0e:e1:2b:24:3a:6b:d6:5a:06:
         0f:33:b1:0b:02:e3:ee:4b:82:a8:a1:81:54:30:78:1e:30:1d:
         44:2a:d7:69:5c:68:b5:0c:a3:62:44:11:e1:95:8b:66:30:fb:
         b3:49:9f:7d:5e:ce:ce:d2:f8:ab:b6:9e:a3:48:b2:65:f5:0c:
         d1:57:f4:00:81:cb:1c:84:ab:bd:7e:41:d9:5a:a8:89:89:8f:
         58:49:10:88:d6:58:c9:ab:bf:ed:cc:c5:7f:a8:36:1f:21:a1:
         d5:32:0b:dd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUCq9ItW1FHiaBkd3vnsRJYi1nMOkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjAzMjEwMjU2MjdaFw0yNzAzMjAwMzAxMjdaMDMxMTAvBgNV
BAMTKDY5QjcxRTAyNEM0MTg5QkI3OEIyQTQ1OUE3RUI2MDE0MjJENDQ0NTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDL2t6VRQZSRXS9N949rmSpViZf
9UxPIwgvMdpnzkW7zgmF9gBYuy/8gVVCjx6aXGLG8j9Oq9nUSR26oKdYw/VN2AS1
nw6oiMUZxrwATKIN8sv2DgT1sdTWAxX0jxVyVp67aXVBjlL8EM+UXUzsqlK/jWcS
GaF6ReikgeZhQucalHvBCRulpvx6dAD686mlYF4aKNcWd2GVJxl6GtXuLIE1g0TP
pEGbsn3k8JlQAAyoqTrZ/MhiPhGim7UMzMDCNurdjibFaXtxhdr0WwNHc5PDrrz9
6EEwwvcf1XvcRJYg8nFG6F/MZGctrLThqmmrRCpLW4gtjJIZXYzx5Zrk81fRAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUabceAkxBibt4sqRZp+tgFCLURFkwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjExMDM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ0Q
MA0GCSqGSIb3DQEBCwUAA4IBAQCBKBcFEDTgaCGLNJ6dudVsDrKE3WjSd6s89y6H
cdEAz7ftz4oHlCaiAbtvtfHhMOBiLrUNdJ+q/XL+TnGmX06tbP19cm2benRxkS5C
kQTDWObFGTgcO/GDozVbl+4n7/jaiNaVJrjIYNSALiM4xZhDMKWUYdflSfBezYir
I1QIaHEyMdj4lm7o3kVdBONZOA7xk5ZIRYNg6tUO4SskOmvWWgYPM7ELAuPuS4Ko
oYFUMHgeMB1EKtdpXGi1DKNiRBHhlYtmMPuzSZ99Xs7O0virtp6jSLJl9QzRV/QA
gcschKu9fkHZWqiJiY9YSRCI1ljJq7/tzMV/qDYfIaHVMgvd
-----END CERTIFICATE-----