Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS211481.roa
File:                     AS211481.roa (raw, json)
Hash identifier:          TF77ezqyTlSkOVnHp3Atzqv9YsJNa7GeolJ935gaNtk=
Subject key identifier:   40:CA:E1:45:C6:38:C1:74:D0:72:83:E7:51:D3:CC:C0:A9:49:09:02
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       1EBCB8BC53754326526152D2A96D74B97F7CBA24
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS211481.roa
Signing time:             Tue 16 Sep 2025 20:28:48 +0000
ROA not before:           Tue 16 Sep 2025 20:23:48 +0000
ROA not after:            Tue 15 Sep 2026 20:28:48 +0000
asID:                     211481
IP address blocks:        2a0f:85c1:d4c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:bc:b8:bc:53:75:43:26:52:61:52:d2:a9:6d:74:b9:7f:7c:ba:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Sep 16 20:23:48 2025 GMT
            Not After : Sep 15 20:28:48 2026 GMT
        Subject: CN=40CAE145C638C174D07283E751D3CCC0A9490902
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:47:81:0a:bb:89:55:c9:ba:55:5f:15:a5:a4:
                    ff:8f:03:22:5c:a7:81:d9:f4:c8:31:15:42:20:96:
                    d4:31:d1:c2:80:5b:fe:3a:c2:5b:8c:2a:df:fe:5c:
                    34:34:48:58:e3:50:2f:1d:65:26:21:55:f9:3a:63:
                    3b:ab:dc:02:7a:18:db:e4:61:f8:f2:e5:37:78:0d:
                    7e:cf:6d:3f:f2:04:56:91:32:c2:53:08:a3:62:9f:
                    46:4f:13:94:0e:5d:0d:07:0e:e7:26:93:08:d8:70:
                    e6:95:b7:f4:fc:31:83:75:af:1a:d7:c1:66:00:93:
                    19:bb:ef:66:f7:2a:cc:a7:17:7b:98:b6:26:c0:45:
                    34:35:4b:bd:36:f9:89:10:03:89:31:51:38:87:bf:
                    cd:0c:b2:9a:69:8c:2a:61:d2:ae:7d:99:00:29:b5:
                    b3:de:3c:a8:ce:cf:a1:af:57:b1:0d:6d:98:0b:da:
                    c4:12:32:30:7f:41:7f:49:be:c0:c8:ae:0f:df:c7:
                    7c:65:a5:05:53:ca:16:0d:0b:14:b4:64:5c:81:e9:
                    80:a6:f6:81:3a:56:a8:e8:43:93:87:7d:24:ab:ff:
                    c1:ad:09:db:e6:90:e8:95:f5:d6:44:3c:08:a6:4a:
                    92:79:18:8f:c1:4f:5a:99:fe:1d:ba:2b:a1:9d:7e:
                    ec:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:CA:E1:45:C6:38:C1:74:D0:72:83:E7:51:D3:CC:C0:A9:49:09:02
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS211481.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:d4c::/48

    Signature Algorithm: sha256WithRSAEncryption
         ca:9c:ab:1c:71:37:2e:fc:de:a3:60:06:dd:50:15:e6:d3:71:
         4d:96:cf:61:d2:04:dc:95:11:b6:cf:ed:ef:ea:07:7b:f1:f7:
         c8:4c:51:19:8b:f5:48:60:d6:e0:ce:b9:b4:9a:d3:f3:0c:7d:
         2c:f6:2a:60:8f:a1:7e:46:b4:4f:8e:e0:31:6e:c6:45:ef:84:
         d0:32:04:5a:4d:2a:03:77:4e:f0:f4:b1:66:5b:4d:d4:ed:77:
         de:f2:72:35:b5:b3:1c:78:37:cb:47:00:e5:95:2f:36:7f:5f:
         20:25:b5:97:5e:db:5f:c3:47:74:f0:09:40:a4:35:13:91:3b:
         9d:cc:82:a5:54:85:88:93:d9:54:f9:be:1a:63:e9:34:bb:41:
         fc:36:de:d8:ee:34:f2:c4:0b:cb:ea:5d:da:c3:62:15:5d:4e:
         cc:86:9b:f3:28:f2:9f:53:8a:b1:11:56:39:9d:ae:53:bf:6b:
         fe:5e:5c:1d:8e:a3:3d:84:4a:10:6a:bb:ba:e3:27:ef:de:0a:
         0b:9a:ae:23:43:56:e1:0b:51:32:eb:6c:e2:70:1e:d7:3e:1d:
         5a:6d:f3:ca:d3:e0:94:32:95:d6:17:e9:34:80:f3:b6:49:e9:
         cf:df:f3:6b:64:0c:85:02:27:db:6d:08:d8:3c:78:cb:33:cb:
         d5:60:38:40
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUHry4vFN1QyZSYVLSqW10uX98uiQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA5MTYyMDIzNDhaFw0yNjA5MTUyMDI4NDhaMDMxMTAvBgNV
BAMTKDQwQ0FFMTQ1QzYzOEMxNzREMDcyODNFNzUxRDNDQ0MwQTk0OTA5MDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnR4EKu4lVybpVXxWlpP+PAyJc
p4HZ9MgxFUIgltQx0cKAW/46wluMKt/+XDQ0SFjjUC8dZSYhVfk6Yzur3AJ6GNvk
Yfjy5Td4DX7PbT/yBFaRMsJTCKNin0ZPE5QOXQ0HDucmkwjYcOaVt/T8MYN1rxrX
wWYAkxm772b3KsynF3uYtibARTQ1S702+YkQA4kxUTiHv80MspppjCph0q59mQAp
tbPePKjOz6GvV7ENbZgL2sQSMjB/QX9JvsDIrg/fx3xlpQVTyhYNCxS0ZFyB6YCm
9oE6VqjoQ5OHfSSr/8GtCdvmkOiV9dZEPAimSpJ5GI/BT1qZ/h26K6GdfuxJAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUQMrhRcY4wXTQcoPnUdPMwKlJCQIwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjExNDgxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQ1MMA0GCSqGSIb3DQEBCwUAA4IBAQDKnKsccTcu/N6jYAbdUBXm03FNls9h0gTc
lRG2z+3v6gd78ffITFEZi/VIYNbgzrm0mtPzDH0s9ipgj6F+RrRPjuAxbsZF74TQ
MgRaTSoDd07w9LFmW03U7Xfe8nI1tbMceDfLRwDllS82f18gJbWXXttfw0d08AlA
pDUTkTudzIKlVIWIk9lU+b4aY+k0u0H8Nt7Y7jTyxAvL6l3aw2IVXU7MhpvzKPKf
U4qxEVY5na5Tv2v+XlwdjqM9hEoQaru64yfv3goLmq4jQ1bhC1Ey62zicB7XPh1a
bfPK0+CUMpXWF+k0gPO2SenP3/NrZAyFAifbbQjYPHjLM8vVYDhA
-----END CERTIFICATE-----