Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS212128.roa
File:                     AS212128.roa (raw, json)
Hash identifier:          PRoWC4KrxnWHjleVNZk+7CjdHMQS/5MSAfXzP33G6ko=
Subject key identifier:   37:72:CF:7B:AB:2D:8B:39:88:1A:3C:72:92:F9:33:A3:3D:10:9D:95
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       5A2F23407EF071D1171C08A186D5F1AF6542148E
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS212128.roa
Signing time:             Wed 17 Sep 2025 03:07:52 +0000
ROA not before:           Wed 17 Sep 2025 03:02:52 +0000
ROA not after:            Wed 16 Sep 2026 03:07:52 +0000
asID:                     212128
IP address blocks:        2a0f:85c1:88b::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:2f:23:40:7e:f0:71:d1:17:1c:08:a1:86:d5:f1:af:65:42:14:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Sep 17 03:02:52 2025 GMT
            Not After : Sep 16 03:07:52 2026 GMT
        Subject: CN=3772CF7BAB2D8B39881A3C7292F933A33D109D95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:ba:da:b7:6c:d2:b0:13:a2:1f:09:27:f8:c7:
                    70:86:84:06:1a:0b:b8:db:28:61:ca:18:7e:0a:7a:
                    d9:95:64:fd:24:ed:40:72:84:f6:07:3d:7e:96:6b:
                    d5:39:38:61:15:53:a3:df:82:a4:28:72:69:6c:8a:
                    ec:96:bf:47:12:ac:ff:bf:d5:59:71:59:4f:da:82:
                    8a:62:9b:9a:dd:9f:bc:7e:7d:c4:41:73:14:79:05:
                    e5:c0:cf:e5:b1:5a:50:cc:63:a6:53:bf:70:13:78:
                    74:07:ff:88:a3:3a:84:dc:09:81:b7:3c:0e:9b:b1:
                    cf:32:3e:19:f7:9c:29:89:d6:b9:88:49:3c:02:47:
                    af:e6:a0:f6:ac:2a:b2:97:92:e7:ed:ba:5b:02:77:
                    58:34:d0:a6:f2:a2:cf:46:2c:2c:9a:7d:6a:3c:84:
                    93:4f:0f:f4:4c:e1:f9:ee:15:ad:74:a0:2f:8c:cd:
                    39:67:d8:c5:96:91:cf:77:56:1a:45:58:df:a9:9c:
                    c8:a9:d6:6d:fa:5c:2f:e5:1b:8f:99:95:ff:38:54:
                    af:a8:43:03:28:f3:f3:fc:3b:a1:df:8f:c7:e7:55:
                    b4:20:fe:ca:39:27:1c:72:b5:5b:77:48:81:83:94:
                    74:d7:d1:d6:7d:52:75:9c:14:af:f9:69:d0:0b:71:
                    19:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:72:CF:7B:AB:2D:8B:39:88:1A:3C:72:92:F9:33:A3:3D:10:9D:95
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS212128.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:88b::/48

    Signature Algorithm: sha256WithRSAEncryption
         7e:ef:17:0a:1a:a8:a1:04:8d:6e:c0:83:78:53:c2:23:5d:bf:
         7a:56:93:62:ef:e9:49:3b:7b:9c:07:f1:df:d9:71:f1:64:3c:
         a4:77:c6:23:6c:0a:8b:ca:23:ac:3d:ab:c9:5f:a9:c8:9d:41:
         c7:0c:0f:e0:9a:cd:77:b8:bf:a4:b4:f1:8e:07:b2:11:5f:dd:
         5a:5e:6e:4b:fe:8b:d1:c1:23:c6:7a:1f:20:83:0f:95:52:0c:
         fb:de:ed:d0:d9:83:ee:8d:e4:09:36:cb:8e:6f:00:ae:b5:ec:
         33:04:a0:30:de:51:10:56:eb:eb:be:10:ee:8d:89:49:96:27:
         29:b6:d3:6d:5b:b0:0d:b3:c9:39:9b:e8:11:ac:4d:2a:10:07:
         fb:a7:79:c1:96:b8:b3:ac:1d:ea:60:3e:a5:10:7c:db:4c:cc:
         fa:14:e1:fc:8a:7f:d2:87:24:a3:a7:4e:ce:ed:c3:83:18:94:
         3b:1f:d8:18:17:59:89:4e:09:42:5c:fa:ec:ba:d8:73:32:56:
         13:1b:ec:bd:64:dc:e3:80:ab:ec:e4:1b:29:f1:d2:fd:55:c8:
         58:dd:92:bc:90:37:85:68:de:d6:f3:e6:eb:e5:7f:92:f1:11:
         fb:68:9a:d9:8b:a1:92:99:69:1f:12:fa:55:40:ac:2b:70:37:
         56:69:e0:de
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUWi8jQH7wcdEXHAihhtXxr2VCFI4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA5MTcwMzAyNTJaFw0yNjA5MTYwMzA3NTJaMDMxMTAvBgNV
BAMTKDM3NzJDRjdCQUIyRDhCMzk4ODFBM0M3MjkyRjkzM0EzM0QxMDlEOTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkutq3bNKwE6IfCSf4x3CGhAYa
C7jbKGHKGH4KetmVZP0k7UByhPYHPX6Wa9U5OGEVU6PfgqQocmlsiuyWv0cSrP+/
1VlxWU/agopim5rdn7x+fcRBcxR5BeXAz+WxWlDMY6ZTv3ATeHQH/4ijOoTcCYG3
PA6bsc8yPhn3nCmJ1rmISTwCR6/moPasKrKXkuftulsCd1g00Kbyos9GLCyafWo8
hJNPD/RM4fnuFa10oC+MzTln2MWWkc93VhpFWN+pnMip1m36XC/lG4+Zlf84VK+o
QwMo8/P8O6Hfj8fnVbQg/so5JxxytVt3SIGDlHTX0dZ9UnWcFK/5adALcRnNAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUN3LPe6stizmIGjxykvkzoz0QnZUwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEyMTI4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQiLMA0GCSqGSIb3DQEBCwUAA4IBAQB+7xcKGqihBI1uwIN4U8IjXb96VpNi7+lJ
O3ucB/Hf2XHxZDykd8YjbAqLyiOsPavJX6nInUHHDA/gms13uL+ktPGOB7IRX91a
Xm5L/ovRwSPGeh8ggw+VUgz73u3Q2YPujeQJNsuObwCutewzBKAw3lEQVuvrvhDu
jYlJlicpttNtW7ANs8k5m+gRrE0qEAf7p3nBlrizrB3qYD6lEHzbTMz6FOH8in/S
hySjp07O7cODGJQ7H9gYF1mJTglCXPrsuthzMlYTG+y9ZNzjgKvs5Bsp8dL9VchY
3ZK8kDeFaN7W8+br5X+S8RH7aJrZi6GSmWkfEvpVQKwrcDdWaeDe
-----END CERTIFICATE-----