Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS211440.roa
File:                     AS211440.roa (raw, json)
Hash identifier:          2QhpR0a9yVGZ6Ub35mpqOosN5s98KVgSVcaHhvwSGaY=
Subject key identifier:   C5:73:5D:53:E3:C5:CA:1E:50:B8:67:E2:6A:F1:44:0A:A1:99:7A:AF
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       60B5D5130DC7C68E2B4323011204F2221F2946DA
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS211440.roa
Signing time:             Tue 24 Mar 2026 01:46:52 +0000
ROA not before:           Tue 24 Mar 2026 01:41:52 +0000
ROA not after:            Tue 23 Mar 2027 01:46:52 +0000
asID:                     211440
IP address blocks:        45.146.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 13:03:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:b5:d5:13:0d:c7:c6:8e:2b:43:23:01:12:04:f2:22:1f:29:46:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Mar 24 01:41:52 2026 GMT
            Not After : Mar 23 01:46:52 2027 GMT
        Subject: CN=C5735D53E3C5CA1E50B867E26AF1440AA1997AAF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:82:4c:ce:63:57:1e:89:ff:d3:6b:70:91:6e:
                    73:b2:b7:d5:ba:8a:bb:91:39:cb:70:ea:5a:cc:92:
                    fd:1d:86:48:3a:cd:ca:08:2d:67:bd:7b:38:a2:93:
                    2c:5e:92:25:ce:ae:62:90:8e:c4:c3:a0:b0:04:3b:
                    dd:e4:d4:18:62:46:fc:85:cd:d0:54:94:d7:7c:dd:
                    c7:c2:c6:df:f9:34:12:12:38:16:8c:4e:db:06:b9:
                    1d:05:69:04:c2:d1:77:a4:d1:34:c3:d6:90:86:8d:
                    31:c1:0d:65:54:7f:48:5c:07:f9:8c:f5:99:bc:9b:
                    92:12:24:6a:e4:9f:0e:c4:2c:28:4a:44:08:73:6d:
                    74:ba:c4:f0:ce:04:63:45:3b:36:20:a6:87:cb:2f:
                    60:96:4e:46:88:3f:05:0f:7e:3b:55:70:1b:6c:56:
                    a3:ec:3e:84:b0:14:d1:84:06:29:f4:5b:d8:5d:df:
                    ad:59:94:cb:4b:ca:ee:09:9e:c7:a1:c2:4f:b8:40:
                    1a:62:08:cf:82:a1:fa:0a:cc:fb:55:f3:35:79:62:
                    c1:69:5c:4a:e6:74:40:b9:e4:e8:6c:8f:ae:19:2e:
                    b2:65:b2:45:48:27:dd:56:85:06:3d:04:9f:c0:f4:
                    e6:5e:cb:cd:58:64:f1:b7:e1:a4:a8:0b:1c:9c:43:
                    c0:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:73:5D:53:E3:C5:CA:1E:50:B8:67:E2:6A:F1:44:0A:A1:99:7A:AF
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS211440.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:b9:18:50:41:31:4b:a9:4a:a2:ea:2b:06:9d:8a:e7:5f:4a:
         ad:51:b8:8b:dd:d4:5b:1d:15:96:b6:b8:4a:fa:35:58:e6:66:
         f8:50:ad:2e:67:b7:7d:a1:74:b0:c0:fe:66:5f:11:54:55:74:
         cd:4b:8f:f4:5f:ea:32:b2:14:d2:fe:f2:50:c1:12:92:d7:20:
         e7:7e:e0:92:f3:21:1b:a1:5e:1d:a9:86:be:30:32:e6:17:ad:
         4c:4c:e5:24:a6:62:17:3b:aa:2e:c2:cf:b2:bd:1c:b0:c8:65:
         d0:ed:6f:43:91:f8:0c:2c:c2:62:11:0a:81:a0:18:bb:0f:39:
         79:51:d8:2d:d9:f1:9c:55:67:ff:7b:5e:3a:20:24:03:23:77:
         3a:a0:89:70:0c:e1:b6:ca:de:b5:ee:12:55:bf:83:f0:bd:c4:
         cc:ad:3b:f0:24:1e:d6:ec:7e:f5:b2:5e:74:65:ef:92:8b:cd:
         d2:af:b1:13:46:c0:b2:0f:f8:3d:0f:18:50:79:f9:c8:56:49:
         68:32:8a:39:e2:8d:fa:44:a3:f9:f8:51:3c:c7:78:b7:0e:e8:
         d6:1e:48:4d:60:9f:ed:6d:40:90:8e:e8:a0:83:02:3b:fd:cc:
         64:d9:6c:34:41:fa:01:d5:e3:95:d2:1a:92:59:b4:8f:6b:70:
         be:f1:de:4d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUYLXVEw3Hxo4rQyMBEgTyIh8pRtowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjAzMjQwMTQxNTJaFw0yNzAzMjMwMTQ2NTJaMDMxMTAvBgNV
BAMTKEM1NzM1RDUzRTNDNUNBMUU1MEI4NjdFMjZBRjE0NDBBQTE5OTdBQUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCFgkzOY1ceif/Ta3CRbnOyt9W6
iruROctw6lrMkv0dhkg6zcoILWe9eziikyxekiXOrmKQjsTDoLAEO93k1BhiRvyF
zdBUlNd83cfCxt/5NBISOBaMTtsGuR0FaQTC0Xek0TTD1pCGjTHBDWVUf0hcB/mM
9Zm8m5ISJGrknw7ELChKRAhzbXS6xPDOBGNFOzYgpofLL2CWTkaIPwUPfjtVcBts
VqPsPoSwFNGEBin0W9hd361ZlMtLyu4Jnsehwk+4QBpiCM+CofoKzPtV8zV5YsFp
XErmdEC55Ohsj64ZLrJlskVIJ91WhQY9BJ/A9OZey81YZPG34aSoCxycQ8DdAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUxXNdU+PFyh5QuGfiavFECqGZeq8wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjExNDQwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZJT
MA0GCSqGSIb3DQEBCwUAA4IBAQCGuRhQQTFLqUqi6isGnYrnX0qtUbiL3dRbHRWW
trhK+jVY5mb4UK0uZ7d9oXSwwP5mXxFUVXTNS4/0X+oyshTS/vJQwRKS1yDnfuCS
8yEboV4dqYa+MDLmF61MTOUkpmIXO6ouws+yvRywyGXQ7W9DkfgMLMJiEQqBoBi7
Dzl5Udgt2fGcVWf/e146ICQDI3c6oIlwDOG2yt617hJVv4PwvcTMrTvwJB7W7H71
sl50Ze+Si83Sr7ETRsCyD/g9DxhQefnIVkloMoo54o36RKP5+FE8x3i3DujWHkhN
YJ/tbUCQjuiggwI7/cxk2Ww0QfoB1eOV0hqSWbSPa3C+8d5N
-----END CERTIFICATE-----