Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS211411.roa
File:                     AS211411.roa (raw, json)
Hash identifier:          2SJyaTj/ENVWsy6ZVlYE2e/sFuy3bjhfxYbu8Ro7XIw=
Subject key identifier:   23:94:F0:28:CC:0F:97:C5:55:AD:9B:F5:FB:E8:31:50:7F:CF:DC:4D
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       411A5DCE1C4594B8B14C60C5DB4B01AEA91D64FC
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS211411.roa
Signing time:             Tue 16 Sep 2025 20:28:40 +0000
ROA not before:           Tue 16 Sep 2025 20:23:40 +0000
ROA not after:            Tue 15 Sep 2026 20:28:40 +0000
asID:                     211411
IP address blocks:        2a0f:85c1:c47::/48 maxlen: 48
                          2a0f:85c1:c90::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:1a:5d:ce:1c:45:94:b8:b1:4c:60:c5:db:4b:01:ae:a9:1d:64:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Sep 16 20:23:40 2025 GMT
            Not After : Sep 15 20:28:40 2026 GMT
        Subject: CN=2394F028CC0F97C555AD9BF5FBE831507FCFDC4D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:a8:9d:13:8b:cc:7c:fc:3c:64:9e:95:ca:5c:
                    47:62:0c:fa:24:fe:57:68:a2:9a:3c:1c:21:ae:f8:
                    77:2b:f4:6c:32:f6:e4:92:99:c7:74:06:02:8a:16:
                    fa:f3:a4:86:ba:1f:1c:9b:6d:77:63:1c:df:4c:bb:
                    75:a9:3c:ad:21:b4:a0:d5:9c:10:53:6b:3d:9f:06:
                    22:fc:23:a5:8c:6b:67:a7:69:6d:13:0d:b1:01:ce:
                    c9:86:c3:8b:fd:8f:de:a3:92:22:83:c7:53:f7:d5:
                    c6:85:ab:40:c7:68:2d:c9:8b:30:db:e6:ab:37:1a:
                    cc:69:47:f1:01:29:fc:4f:2c:c8:33:1f:26:c8:eb:
                    da:0b:90:40:1c:ad:1c:d3:19:b3:82:66:2d:96:5d:
                    23:f4:78:e0:0b:8d:8d:c2:7e:51:c9:a3:fa:85:ee:
                    2a:4f:9c:da:cb:31:59:b3:2c:80:b9:6f:6d:03:83:
                    57:7c:be:26:cc:62:3c:8b:e4:c6:61:25:17:ec:89:
                    3b:dd:bf:f0:fe:b1:0e:3b:de:22:52:4e:cf:c0:5d:
                    a0:64:28:2f:46:2a:d7:af:5a:8f:45:4c:f6:4e:37:
                    19:c0:89:3b:c3:c0:ec:ad:83:e4:e4:1c:85:1c:d2:
                    de:c1:a4:c4:80:74:5d:20:2d:ed:2f:e0:bb:db:60:
                    93:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:94:F0:28:CC:0F:97:C5:55:AD:9B:F5:FB:E8:31:50:7F:CF:DC:4D
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS211411.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:c47::/48
                  2a0f:85c1:c90::/44

    Signature Algorithm: sha256WithRSAEncryption
         da:e9:f2:6e:c5:1b:c3:9e:46:ef:f1:9b:7a:1b:00:1a:a7:29:
         71:14:b3:5b:99:fe:51:80:04:c9:16:de:1a:be:ce:26:5f:a0:
         f1:5f:b4:b4:fc:4f:94:e9:c7:e4:1c:22:e2:9f:a7:67:95:7f:
         47:75:15:fa:8f:7d:56:cc:58:a9:9b:fd:ad:e4:9e:e2:ce:0e:
         4f:b7:73:b6:5d:9c:e7:b4:94:90:47:43:cf:35:2a:61:2c:66:
         95:8e:20:ad:8f:da:b6:48:9f:82:ce:90:25:62:dc:52:b9:54:
         00:73:13:ba:1f:00:ae:eb:2e:63:15:cb:f8:81:db:69:a5:fe:
         da:f7:96:38:7c:54:42:2d:ce:0e:5b:1c:4a:8b:ea:37:76:25:
         33:84:94:08:19:8c:02:b1:b9:db:f1:52:d5:2a:1d:fb:2f:ec:
         a8:43:74:69:b1:2b:15:e3:76:65:b4:92:90:87:f9:72:2d:7a:
         74:be:8f:b4:4d:07:16:8a:b9:4a:1e:9f:f9:bd:24:ec:a8:76:
         98:05:d0:ae:6e:5d:2d:c3:34:03:ee:4f:a3:17:47:dc:95:ca:
         5f:b3:73:72:fa:2e:27:c6:4e:c9:f9:5f:3b:04:53:92:f7:52:
         18:1b:16:e4:5a:25:f8:3c:83:bf:0c:68:80:50:e4:c6:c4:ac:
         9d:3d:56:cd
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUQRpdzhxFlLixTGDF20sBrqkdZPwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA5MTYyMDIzNDBaFw0yNjA5MTUyMDI4NDBaMDMxMTAvBgNV
BAMTKDIzOTRGMDI4Q0MwRjk3QzU1NUFEOUJGNUZCRTgzMTUwN0ZDRkRDNEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7qJ0Ti8x8/DxknpXKXEdiDPok
/ldoopo8HCGu+Hcr9Gwy9uSSmcd0BgKKFvrzpIa6HxybbXdjHN9Mu3WpPK0htKDV
nBBTaz2fBiL8I6WMa2enaW0TDbEBzsmGw4v9j96jkiKDx1P31caFq0DHaC3JizDb
5qs3GsxpR/EBKfxPLMgzHybI69oLkEAcrRzTGbOCZi2WXSP0eOALjY3CflHJo/qF
7ipPnNrLMVmzLIC5b20Dg1d8vibMYjyL5MZhJRfsiTvdv/D+sQ473iJSTs/AXaBk
KC9GKtevWo9FTPZONxnAiTvDwOytg+TkHIUc0t7BpMSAdF0gLe0v4LvbYJNNAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUI5TwKMwPl8VVrZv1++gxUH/P3E0wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjExNDExLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg+F
wQxHAwcEKg+FwQyQMA0GCSqGSIb3DQEBCwUAA4IBAQDa6fJuxRvDnkbv8Zt6GwAa
pylxFLNbmf5RgATJFt4avs4mX6DxX7S0/E+U6cfkHCLin6dnlX9HdRX6j31WzFip
m/2t5J7izg5Pt3O2XZzntJSQR0PPNSphLGaVjiCtj9q2SJ+CzpAlYtxSuVQAcxO6
HwCu6y5jFcv4gdtppf7a95Y4fFRCLc4OWxxKi+o3diUzhJQIGYwCsbnb8VLVKh37
L+yoQ3RpsSsV43ZltJKQh/lyLXp0vo+0TQcWirlKHp/5vSTsqHaYBdCubl0twzQD
7k+jF0fclcpfs3Ny+i4nxk7J+V87BFOS91IYGxbkWiX4PIO/DGiAUOTGxKydPVbN
-----END CERTIFICATE-----