Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS216458.roa
File:                     AS216458.roa (raw, json)
Hash identifier:          zYPrq08GwTEuGdnjJ3VeYQNypiv0/+KiYuKIe+VRe8M=
Subject key identifier:   D8:F0:C6:73:CA:7C:4C:69:D8:27:6D:AB:41:FA:07:9D:F8:BC:C8:AC
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       05DA62DB02E2F938BF29D8101CBA79EC23D534CD
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS216458.roa
Signing time:             Fri 15 Aug 2025 14:54:13 +0000
ROA not before:           Fri 15 Aug 2025 14:49:13 +0000
ROA not after:            Fri 14 Aug 2026 14:54:13 +0000
asID:                     216458
IP address blocks:        194.147.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 02:42:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:da:62:db:02:e2:f9:38:bf:29:d8:10:1c:ba:79:ec:23:d5:34:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Aug 15 14:49:13 2025 GMT
            Not After : Aug 14 14:54:13 2026 GMT
        Subject: CN=D8F0C673CA7C4C69D8276DAB41FA079DF8BCC8AC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:da:37:c5:3e:4c:68:8b:81:f1:bb:ed:ce:60:
                    ab:3b:49:d4:0c:fb:bc:81:67:f8:e4:f4:73:59:32:
                    98:a1:ac:cc:f5:62:46:a3:1d:66:e2:a9:36:da:77:
                    0b:5b:c4:ee:ed:9e:7b:ef:01:77:c6:66:3e:7a:6f:
                    a2:2e:27:25:b0:a9:81:56:cf:12:45:00:19:c5:8b:
                    f4:18:c0:64:dd:58:77:db:2e:ce:31:ff:bf:2f:f3:
                    d8:90:07:85:66:32:12:58:6f:6d:81:e3:46:ec:80:
                    4d:a2:40:7a:4a:e6:d3:15:9d:b5:72:86:ee:4f:c2:
                    b0:ec:84:a8:c5:40:85:74:ff:53:43:1c:cc:84:93:
                    52:ed:2e:ca:f1:fd:64:09:db:3f:ab:6e:84:c9:f3:
                    69:1a:66:81:94:18:05:a6:a3:be:d2:24:01:33:07:
                    f1:e3:c2:43:a4:89:1b:55:92:5c:21:c1:20:f9:44:
                    99:22:46:ec:df:f2:d9:d5:00:35:81:c2:3d:db:8a:
                    a3:20:17:79:c9:4a:c9:ad:30:a1:cd:7b:4e:26:eb:
                    23:e0:18:1e:85:90:1c:d2:06:15:1c:22:e4:38:d7:
                    8e:0b:da:d2:29:88:93:ac:1a:9b:96:3b:e1:7b:29:
                    5a:5a:fc:e7:fa:bf:81:0a:63:41:ee:45:2c:17:9c:
                    93:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:F0:C6:73:CA:7C:4C:69:D8:27:6D:AB:41:FA:07:9D:F8:BC:C8:AC
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS216458.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ce:c8:d4:93:4a:27:34:53:a7:f3:08:4a:e5:03:6b:84:7f:a3:
         c5:c0:e7:b6:f3:c7:78:53:7b:f0:45:04:cb:aa:84:54:d1:d7:
         30:b9:fe:3d:3e:06:b3:fa:44:25:e9:e1:14:32:bb:a8:f0:88:
         36:ba:64:a3:c3:7b:8a:e9:6e:d9:01:c4:df:df:1e:35:14:68:
         f4:a4:b6:b4:90:7b:f1:fc:06:9d:76:4f:d8:9c:3d:c3:db:52:
         2c:3a:f7:ca:9a:6d:f6:b2:53:53:21:e7:91:dd:83:5f:c9:28:
         7c:0a:d1:f0:d5:e7:57:b4:24:f4:51:8c:59:04:21:10:d1:99:
         57:91:8e:95:9b:25:69:e6:c5:00:b7:78:c2:b4:3d:32:6b:ce:
         7d:1c:10:0f:bc:a4:14:5d:e6:40:ca:1b:dc:71:6e:ac:0c:bd:
         12:5e:0d:aa:1f:4b:52:cc:b3:0e:7f:7f:ed:5d:87:ef:11:60:
         63:dd:f0:61:8a:a2:ee:e4:a6:cb:62:10:dd:f8:bc:fc:c5:4d:
         44:4e:9d:60:91:c5:a6:e5:bf:42:07:b7:c0:93:0d:58:f0:c5:
         16:0f:94:8d:53:08:09:db:7b:1d:9c:c1:cf:d3:a2:8a:88:60:
         52:6c:1b:c7:a2:50:2a:73:19:a9:20:3f:97:e8:93:06:0d:99:
         04:ae:45:bf
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUBdpi2wLi+Ti/KdgQHLp57CPVNM0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA4MTUxNDQ5MTNaFw0yNjA4MTQxNDU0MTNaMDMxMTAvBgNV
BAMTKEQ4RjBDNjczQ0E3QzRDNjlEODI3NkRBQjQxRkEwNzlERjhCQ0M4QUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCN2jfFPkxoi4Hxu+3OYKs7SdQM
+7yBZ/jk9HNZMpihrMz1YkajHWbiqTbadwtbxO7tnnvvAXfGZj56b6IuJyWwqYFW
zxJFABnFi/QYwGTdWHfbLs4x/78v89iQB4VmMhJYb22B40bsgE2iQHpK5tMVnbVy
hu5PwrDshKjFQIV0/1NDHMyEk1LtLsrx/WQJ2z+rboTJ82kaZoGUGAWmo77SJAEz
B/HjwkOkiRtVklwhwSD5RJkiRuzf8tnVADWBwj3biqMgF3nJSsmtMKHNe04m6yPg
GB6FkBzSBhUcIuQ4144L2tIpiJOsGpuWO+F7KVpa/Of6v4EKY0HuRSwXnJMTAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU2PDGc8p8TGnYJ22rQfoHnfi8yKwwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjE2NDU4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpMF
MA0GCSqGSIb3DQEBCwUAA4IBAQDOyNSTSic0U6fzCErlA2uEf6PFwOe288d4U3vw
RQTLqoRU0dcwuf49Pgaz+kQl6eEUMruo8Ig2umSjw3uK6W7ZAcTf3x41FGj0pLa0
kHvx/Aaddk/YnD3D21IsOvfKmm32slNTIeeR3YNfySh8CtHw1edXtCT0UYxZBCEQ
0ZlXkY6VmyVp5sUAt3jCtD0ya859HBAPvKQUXeZAyhvccW6sDL0SXg2qH0tSzLMO
f3/tXYfvEWBj3fBhiqLu5KbLYhDd+Lz8xU1ETp1gkcWm5b9CB7fAkw1Y8MUWD5SN
UwgJ23sdnMHP06KKiGBSbBvHolAqcxmpID+X6JMGDZkErkW/
-----END CERTIFICATE-----