Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS212802.roa
File:                     AS212802.roa (raw, json)
Hash identifier:          Cia/E0BksjJtH2Ui6y2b4j38G3ZdMoxX8BFziMtjgaU=
Subject key identifier:   E0:11:36:54:6E:17:F1:60:4E:FF:81:AE:FB:F2:FF:14:07:04:B3:AA
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       22F3DA758B38C3903DC46441CB2A44AAEDFFB992
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS212802.roa
Signing time:             Thu 18 Sep 2025 02:07:00 +0000
ROA not before:           Thu 18 Sep 2025 02:02:00 +0000
ROA not after:            Thu 17 Sep 2026 02:07:00 +0000
asID:                     212802
IP address blocks:        2a0f:85c1:d4d::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:f3:da:75:8b:38:c3:90:3d:c4:64:41:cb:2a:44:aa:ed:ff:b9:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Sep 18 02:02:00 2025 GMT
            Not After : Sep 17 02:07:00 2026 GMT
        Subject: CN=E01136546E17F1604EFF81AEFBF2FF140704B3AA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:ac:75:98:0b:8b:9e:a1:fa:ca:bc:8d:bc:40:
                    c2:f9:c4:05:43:9d:58:d0:13:93:73:2f:1d:86:08:
                    54:d7:e8:d9:03:7c:48:d7:ee:5e:dd:44:7d:86:72:
                    01:69:b2:9b:45:23:07:6c:4b:91:7c:8d:ac:50:ba:
                    ef:6d:1d:5a:0b:2c:e8:1e:a7:b9:61:6c:1a:c0:71:
                    d6:ee:8a:8f:32:c1:f2:e8:88:a8:8c:c4:2d:73:b4:
                    2f:3d:03:de:9f:6b:96:f5:6e:d8:2f:6d:a6:90:20:
                    14:b9:8d:e8:16:19:93:07:90:e2:78:b1:f9:2c:56:
                    54:4c:b2:b3:9b:1b:b0:a1:52:99:f2:af:60:82:bc:
                    5c:72:6f:42:7e:5f:e6:87:1c:24:bc:e9:1e:b8:c8:
                    2a:23:65:06:27:d9:54:49:62:62:80:12:6d:f8:7c:
                    5d:bf:3d:52:cf:bc:f7:61:fd:84:4b:49:9f:92:12:
                    c5:06:63:c2:ed:39:8f:a0:7c:cd:a9:29:0d:a4:ee:
                    fb:3f:39:f7:be:4a:f9:18:74:1d:3c:5f:87:2f:12:
                    8e:e2:8d:61:b5:58:97:3c:5e:a9:b4:71:00:90:7b:
                    17:df:75:cf:c4:f7:c9:ba:b3:e4:e5:70:cc:08:ea:
                    6c:73:ed:83:00:f5:1c:64:4c:e2:09:c7:c7:93:c9:
                    a0:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:11:36:54:6E:17:F1:60:4E:FF:81:AE:FB:F2:FF:14:07:04:B3:AA
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS212802.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:d4d::/48

    Signature Algorithm: sha256WithRSAEncryption
         71:80:1e:e1:ad:6b:27:b4:fe:9d:9b:8d:0b:83:a2:0e:12:3f:
         5e:d1:34:32:f5:03:14:62:a6:de:14:13:40:61:85:c0:69:c5:
         71:ac:42:fb:ba:06:53:19:fa:d6:bb:36:bd:c4:92:68:33:51:
         31:f0:57:d6:2d:e8:40:dc:09:d4:aa:d4:3f:c4:a2:5a:19:b2:
         e8:cf:98:d2:87:c6:b2:1e:c2:c0:35:80:a8:33:fa:61:83:43:
         09:d9:64:db:fa:03:93:bf:02:2a:5b:fc:8c:f0:7c:b9:77:60:
         60:96:e9:5f:c5:3e:51:8e:f3:06:30:bc:37:ff:92:23:44:f9:
         c3:c7:97:dc:ad:71:67:fa:3b:2f:8e:5a:a8:9b:fe:1e:08:4e:
         3f:b1:c5:7a:c2:61:ac:bc:93:c6:29:2a:b0:5b:e1:dc:e5:32:
         b5:7a:7b:a5:cb:9a:2f:47:39:da:db:d4:5f:c0:f1:b9:af:30:
         4b:28:b2:48:95:d0:35:cb:6e:99:bb:d9:b7:df:3f:d7:08:10:
         0c:bc:93:6a:6c:13:f5:90:50:31:8f:20:30:0d:88:12:43:32:
         41:da:9c:cd:0f:7f:cb:21:e4:05:c0:25:5f:a8:01:76:cf:d5:
         46:26:73:b1:7f:3b:c4:4e:bc:61:33:91:26:15:a9:85:38:f8:
         a8:77:ae:6a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUIvPadYs4w5A9xGRByypEqu3/uZIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA5MTgwMjAyMDBaFw0yNjA5MTcwMjA3MDBaMDMxMTAvBgNV
BAMTKEUwMTEzNjU0NkUxN0YxNjA0RUZGODFBRUZCRjJGRjE0MDcwNEIzQUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPrHWYC4ueofrKvI28QML5xAVD
nVjQE5NzLx2GCFTX6NkDfEjX7l7dRH2GcgFpsptFIwdsS5F8jaxQuu9tHVoLLOge
p7lhbBrAcdbuio8ywfLoiKiMxC1ztC89A96fa5b1btgvbaaQIBS5jegWGZMHkOJ4
sfksVlRMsrObG7ChUpnyr2CCvFxyb0J+X+aHHCS86R64yCojZQYn2VRJYmKAEm34
fF2/PVLPvPdh/YRLSZ+SEsUGY8LtOY+gfM2pKQ2k7vs/Ofe+SvkYdB08X4cvEo7i
jWG1WJc8Xqm0cQCQexffdc/E98m6s+TlcMwI6mxz7YMA9RxkTOIJx8eTyaCjAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU4BE2VG4X8WBO/4Gu+/L/FAcEs6owHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEyODAyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQ1NMA0GCSqGSIb3DQEBCwUAA4IBAQBxgB7hrWsntP6dm40Lg6IOEj9e0TQy9QMU
YqbeFBNAYYXAacVxrEL7ugZTGfrWuza9xJJoM1Ex8FfWLehA3AnUqtQ/xKJaGbLo
z5jSh8ayHsLANYCoM/phg0MJ2WTb+gOTvwIqW/yM8Hy5d2BglulfxT5RjvMGMLw3
/5IjRPnDx5fcrXFn+jsvjlqom/4eCE4/scV6wmGsvJPGKSqwW+Hc5TK1enuly5ov
Rzna29RfwPG5rzBLKLJIldA1y26Zu9m33z/XCBAMvJNqbBP1kFAxjyAwDYgSQzJB
2pzND3/LIeQFwCVfqAF2z9VGJnOxfzvETrxhM5EmFamFOPiod65q
-----END CERTIFICATE-----