Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS210880.roa
File:                     AS210880.roa (raw, json)
Hash identifier:          qhpVPXO86KBQClQ+qsUYMHmC3IJCRJHkLQypjfXOem8=
Subject key identifier:   46:54:5A:44:D8:44:20:19:13:51:6B:3B:9A:FE:14:4C:41:FE:0A:96
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       051B2CE36B8B7153C11B50BE0E7DA12EEAAFDFE0
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS210880.roa
Signing time:             Sat 25 Apr 2026 13:08:33 +0000
ROA not before:           Sat 25 Apr 2026 13:03:33 +0000
ROA not after:            Sat 24 Apr 2027 13:08:33 +0000
asID:                     210880
IP address blocks:        2a0f:85c1:bfc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:1b:2c:e3:6b:8b:71:53:c1:1b:50:be:0e:7d:a1:2e:ea:af:df:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Apr 25 13:03:33 2026 GMT
            Not After : Apr 24 13:08:33 2027 GMT
        Subject: CN=46545A44D844201913516B3B9AFE144C41FE0A96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:06:9d:7b:c1:3b:98:d9:a3:e2:74:fd:a0:58:
                    83:c4:d6:d7:8b:13:72:1d:10:06:41:eb:43:3d:d2:
                    f9:93:1f:46:a9:7d:0d:4c:98:1b:c8:6e:1f:11:16:
                    5f:3d:b9:30:ce:4a:89:ee:db:79:43:7e:88:fd:72:
                    36:27:50:09:c7:31:c1:7c:53:aa:f0:0e:4b:bd:31:
                    55:5d:55:e5:2b:5c:b2:2c:a0:12:a6:f3:aa:ec:d3:
                    82:55:c8:b0:b0:87:47:07:d6:53:fe:54:2c:c7:5c:
                    a0:53:d1:9e:8e:db:4d:9e:03:18:b9:ca:1a:b4:49:
                    f2:59:72:78:0f:ee:9a:3a:91:01:0d:e8:0d:50:9a:
                    8d:d7:93:5a:4c:00:7c:71:7a:11:b2:a7:12:b4:4d:
                    27:2d:8f:49:e8:d2:6a:9e:9d:1e:3d:10:f8:b7:17:
                    4e:f3:a1:0f:b3:e6:8e:6a:e1:e0:40:db:af:55:52:
                    39:df:a7:96:27:c9:e2:b6:c2:c6:ef:c8:b0:b4:63:
                    7f:95:10:e8:01:f1:cc:cc:f1:e2:f3:73:b7:a8:c3:
                    61:81:c3:91:9b:ba:32:44:36:f1:10:b6:00:d6:d4:
                    55:2b:24:16:d5:7c:67:d2:c1:61:98:a2:d6:f5:21:
                    80:52:71:cc:df:f9:e3:d6:cc:2c:83:18:cb:ca:a3:
                    d8:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:54:5A:44:D8:44:20:19:13:51:6B:3B:9A:FE:14:4C:41:FE:0A:96
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS210880.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:bfc::/48

    Signature Algorithm: sha256WithRSAEncryption
         90:c1:4f:cb:4f:09:f1:a9:7f:d6:76:80:38:e3:9b:64:5f:f0:
         3b:67:1c:6d:4b:6b:c6:77:8b:d1:ce:83:6f:6b:89:c5:17:a0:
         27:1a:56:8f:db:69:cd:34:08:6e:b1:d1:0d:f9:1e:0b:73:cd:
         ac:a9:93:e5:dd:76:9b:3a:da:dc:7a:6f:61:86:a9:10:d5:af:
         13:0b:b9:6d:a1:22:fc:70:30:36:71:54:c8:13:8d:b0:b5:a4:
         66:77:e0:c7:05:9b:b3:8a:2d:cf:ad:a0:b5:bf:02:73:11:79:
         53:a4:fc:3b:82:45:8a:95:5f:77:03:99:77:04:56:5e:2d:77:
         42:a8:02:f2:85:03:9c:ef:95:80:5e:6c:4d:77:dc:d7:47:66:
         25:f7:a0:c0:27:bd:17:8f:aa:35:47:f9:27:e5:66:ca:e0:91:
         f4:50:c1:9e:52:ed:26:91:9a:a1:47:9a:e9:54:63:79:3e:fc:
         c9:2a:1a:04:56:0f:0b:0e:cb:a5:bb:fa:3b:39:47:69:0d:76:
         5d:91:b3:82:c4:a6:a0:b2:d0:c2:92:6d:57:cf:2c:1e:a1:f6:
         9d:c2:bb:0d:e3:d5:c0:31:f6:14:74:1c:48:c0:40:e9:8a:a9:
         ca:97:fd:cb:77:d3:3d:75:b6:c6:da:ef:61:cf:a7:78:a5:c6:
         e7:64:2c:8b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUBRss42uLcVPBG1C+Dn2hLuqv3+AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjA0MjUxMzAzMzNaFw0yNzA0MjQxMzA4MzNaMDMxMTAvBgNV
BAMTKDQ2NTQ1QTQ0RDg0NDIwMTkxMzUxNkIzQjlBRkUxNDRDNDFGRTBBOTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMBp17wTuY2aPidP2gWIPE1teL
E3IdEAZB60M90vmTH0apfQ1MmBvIbh8RFl89uTDOSonu23lDfoj9cjYnUAnHMcF8
U6rwDku9MVVdVeUrXLIsoBKm86rs04JVyLCwh0cH1lP+VCzHXKBT0Z6O202eAxi5
yhq0SfJZcngP7po6kQEN6A1Qmo3Xk1pMAHxxehGypxK0TSctj0no0mqenR49EPi3
F07zoQ+z5o5q4eBA269VUjnfp5YnyeK2wsbvyLC0Y3+VEOgB8czM8eLzc7eow2GB
w5GbujJENvEQtgDW1FUrJBbVfGfSwWGYotb1IYBScczf+ePWzCyDGMvKo9gFAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQURlRaRNhEIBkTUWs7mv4UTEH+CpYwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEwODgwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQv8MA0GCSqGSIb3DQEBCwUAA4IBAQCQwU/LTwnxqX/WdoA445tkX/A7ZxxtS2vG
d4vRzoNva4nFF6AnGlaP22nNNAhusdEN+R4Lc82sqZPl3XabOtrcem9hhqkQ1a8T
C7ltoSL8cDA2cVTIE42wtaRmd+DHBZuzii3PraC1vwJzEXlTpPw7gkWKlV93A5l3
BFZeLXdCqALyhQOc75WAXmxNd9zXR2Yl96DAJ70Xj6o1R/kn5WbK4JH0UMGeUu0m
kZqhR5rpVGN5PvzJKhoEVg8LDsulu/o7OUdpDXZdkbOCxKagstDCkm1Xzyweofad
wrsN49XAMfYUdBxIwEDpiqnKl/3Ld9M9dbbG2u9hz6d4pcbnZCyL
-----END CERTIFICATE-----