Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS211415.roa
File:                     AS211415.roa (raw, json)
Hash identifier:          YBQQxnImUBq7+/3NS5UOioPxfs/vefpA8h9s8gxVFjw=
Subject key identifier:   DE:64:2A:34:05:C6:36:A3:7E:31:42:D6:AC:19:50:CF:B8:03:07:7C
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       0A1F9166B7DEA43111307DEA6C47C58A5B90D6C4
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS211415.roa
Signing time:             Tue 10 Mar 2026 13:46:48 +0000
ROA not before:           Tue 10 Mar 2026 13:41:48 +0000
ROA not after:            Tue 09 Mar 2027 13:46:48 +0000
asID:                     211415
IP address blocks:        45.154.105.0/24 maxlen: 24
                          185.155.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:1f:91:66:b7:de:a4:31:11:30:7d:ea:6c:47:c5:8a:5b:90:d6:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Mar 10 13:41:48 2026 GMT
            Not After : Mar  9 13:46:48 2027 GMT
        Subject: CN=DE642A3405C636A37E3142D6AC1950CFB803077C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:bd:49:b7:fe:10:06:59:67:e1:4d:3d:5c:7b:
                    f6:04:a4:92:51:64:d5:77:d4:5e:a4:d1:3d:80:7a:
                    85:95:84:3b:1a:0f:ab:e7:63:44:2c:86:59:f8:e4:
                    3c:ef:a3:1b:ae:35:b2:cd:33:7f:4f:11:5e:0d:b8:
                    2d:15:7f:37:86:fb:d4:1c:65:0b:1e:dc:31:b9:c0:
                    14:6e:87:16:95:34:2d:c2:72:53:30:dd:3f:d5:4d:
                    fa:24:29:55:c4:7c:63:d8:3f:d2:5b:27:51:6e:9a:
                    c4:7e:93:84:13:52:62:51:8a:59:d0:8d:18:0f:3f:
                    91:10:fc:3b:7c:56:cf:d0:33:35:dd:69:01:83:06:
                    bf:af:df:0a:c6:a1:ba:bb:5b:9e:ce:ef:ef:f2:b1:
                    13:0b:e7:0f:96:23:37:fc:02:22:e7:3f:2a:7b:8c:
                    86:09:dd:26:30:69:c9:06:00:18:e6:f0:ec:3f:91:
                    e0:a7:73:b7:42:4b:0d:bd:d1:12:51:86:c6:cc:38:
                    6f:9a:16:81:5d:e7:e7:81:00:aa:36:51:8e:1b:24:
                    9f:e2:f6:1a:65:70:6e:1d:d4:53:cd:d7:05:5c:9a:
                    89:b2:41:e2:7e:ec:b8:42:fe:43:12:3e:2b:9e:78:
                    b8:52:a1:8d:34:5d:00:4b:61:6a:1c:0d:46:89:b3:
                    37:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:64:2A:34:05:C6:36:A3:7E:31:42:D6:AC:19:50:CF:B8:03:07:7C
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS211415.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.105.0/24
                  185.155.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:3f:e4:2c:86:f6:cd:24:e8:16:a3:9b:20:20:59:03:35:63:
         73:73:a3:df:5c:58:cb:01:71:53:d7:48:ee:72:8a:92:fc:d6:
         d8:e1:66:2b:fe:ad:f6:87:0e:b5:65:e7:e2:cb:cb:a5:19:c1:
         81:b7:2a:ae:f0:47:71:d8:f7:71:41:21:3e:26:62:ea:cf:27:
         d6:15:b8:72:e8:05:22:40:f1:fe:b6:5d:9c:eb:e2:77:ba:f0:
         16:42:14:c8:4f:5f:55:21:e1:9e:38:63:ed:5e:2f:52:3c:4e:
         c1:98:57:22:8c:53:14:a6:04:04:a6:a6:df:08:9f:aa:9f:a1:
         2f:35:a6:40:3f:f1:a4:93:e4:03:db:97:76:84:0c:c3:a9:74:
         0a:d9:74:be:4c:2f:f3:68:47:70:70:c0:fe:69:9c:32:69:b9:
         1c:9d:6a:c3:3a:05:25:44:bb:86:56:38:da:ab:87:f1:63:5c:
         70:b5:54:f8:0c:40:cc:cb:fa:b8:c3:35:f5:10:a9:9b:62:5f:
         76:19:80:67:a2:8b:b4:cb:6c:07:ad:ef:76:5b:16:9f:b0:3d:
         ae:66:ed:9d:09:d5:97:5c:35:d5:63:11:70:4b:2c:b5:5f:22:
         fc:41:1c:9e:90:b8:78:08:95:c2:49:4e:8b:6c:66:07:cb:55:
         7d:8a:3f:96
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUCh+RZrfepDERMH3qbEfFiluQ1sQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjAzMTAxMzQxNDhaFw0yNzAzMDkxMzQ2NDhaMDMxMTAvBgNV
BAMTKERFNjQyQTM0MDVDNjM2QTM3RTMxNDJENkFDMTk1MENGQjgwMzA3N0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4vUm3/hAGWWfhTT1ce/YEpJJR
ZNV31F6k0T2AeoWVhDsaD6vnY0Qshln45DzvoxuuNbLNM39PEV4NuC0VfzeG+9Qc
ZQse3DG5wBRuhxaVNC3CclMw3T/VTfokKVXEfGPYP9JbJ1FumsR+k4QTUmJRilnQ
jRgPP5EQ/Dt8Vs/QMzXdaQGDBr+v3wrGobq7W57O7+/ysRML5w+WIzf8AiLnPyp7
jIYJ3SYwackGABjm8Ow/keCnc7dCSw290RJRhsbMOG+aFoFd5+eBAKo2UY4bJJ/i
9hplcG4d1FPN1wVcmomyQeJ+7LhC/kMSPiueeLhSoY00XQBLYWocDUaJszdZAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU3mQqNAXGNqN+MULWrBlQz7gDB3wwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjExNDE1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZpp
AwQAuZvdMA0GCSqGSIb3DQEBCwUAA4IBAQB0P+QshvbNJOgWo5sgIFkDNWNzc6Pf
XFjLAXFT10jucoqS/NbY4WYr/q32hw61Zefiy8ulGcGBtyqu8Edx2PdxQSE+JmLq
zyfWFbhy6AUiQPH+tl2c6+J3uvAWQhTIT19VIeGeOGPtXi9SPE7BmFcijFMUpgQE
pqbfCJ+qn6EvNaZAP/Gkk+QD25d2hAzDqXQK2XS+TC/zaEdwcMD+aZwyabkcnWrD
OgUlRLuGVjjaq4fxY1xwtVT4DEDMy/q4wzX1EKmbYl92GYBnoou0y2wHre92Wxaf
sD2uZu2dCdWXXDXVYxFwSyy1XyL8QRyekLh4CJXCSU6LbGYHy1V9ij+W
-----END CERTIFICATE-----