Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213481.roa
File:                     AS213481.roa (raw, json)
Hash identifier:          XE+v6F2JY98jWvFyEXl10xicGGmE/zFaInXz3NA3gKg=
Subject key identifier:   0C:65:BB:CE:29:F0:CD:5E:20:29:39:40:7C:BE:C6:36:17:FE:F7:65
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       32A86190B19600D8A067E777E23D78D3F070D09D
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213481.roa
Signing time:             Wed 11 Mar 2026 13:08:29 +0000
ROA not before:           Wed 11 Mar 2026 13:03:29 +0000
ROA not after:            Wed 10 Mar 2027 13:08:29 +0000
asID:                     213481
IP address blocks:        2a0f:85c1:bd0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:a8:61:90:b1:96:00:d8:a0:67:e7:77:e2:3d:78:d3:f0:70:d0:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Mar 11 13:03:29 2026 GMT
            Not After : Mar 10 13:08:29 2027 GMT
        Subject: CN=0C65BBCE29F0CD5E202939407CBEC63617FEF765
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:6a:d7:0b:37:56:e1:80:90:14:71:95:ff:66:
                    e3:9a:c4:16:98:ea:bb:28:f0:1a:2d:fe:a7:c3:2b:
                    d0:9d:28:1b:a6:ea:e4:3a:ea:dd:bb:91:0b:58:c4:
                    70:65:d1:69:e7:32:ff:9b:0d:c7:f2:b3:3f:9e:e2:
                    e9:ea:ae:a1:e1:cc:67:44:b3:f4:9e:c9:2c:cd:36:
                    0e:c6:db:40:01:6e:3a:67:d6:7a:2b:69:78:90:e3:
                    f9:ce:60:5d:6e:91:df:72:88:63:55:b2:9a:ae:54:
                    88:aa:8b:b5:85:4b:84:7a:5f:24:0c:59:77:fe:53:
                    6b:4e:88:c2:a8:c5:51:0d:b6:00:24:7f:2a:94:3a:
                    f4:68:97:11:af:b9:ed:4a:05:87:81:81:ba:ca:b1:
                    a1:ed:e0:a9:b7:f4:06:cb:33:eb:af:b3:b1:cd:d3:
                    2c:12:b8:ca:1e:a4:34:2b:e1:27:e8:e5:e5:bb:9a:
                    67:6f:fa:2f:b0:3f:dd:22:ea:27:0a:1a:24:1d:1f:
                    10:61:56:82:57:5b:18:30:73:d5:2e:ec:7c:fa:70:
                    72:ab:01:c5:67:fb:75:c5:3d:85:05:cf:e0:6e:c4:
                    bc:20:50:68:b2:27:c7:08:d4:63:c1:c8:1d:8c:94:
                    11:19:ae:c7:60:f4:cf:8e:1e:48:69:f0:94:ab:d0:
                    1b:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:65:BB:CE:29:F0:CD:5E:20:29:39:40:7C:BE:C6:36:17:FE:F7:65
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213481.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:bd0::/44

    Signature Algorithm: sha256WithRSAEncryption
         c6:a4:85:db:27:fe:94:91:6d:f8:eb:8f:01:87:f9:1a:85:13:
         cd:a8:e1:5c:e7:0e:d6:cd:d7:24:c6:63:b2:c5:05:dc:ed:e5:
         5a:97:af:70:62:13:e2:cb:b4:b6:62:18:a5:1a:99:da:19:3d:
         28:f4:be:ee:09:11:bb:ee:36:84:f5:ba:b0:a3:a3:09:25:1a:
         7e:a9:2d:0d:da:ce:39:a2:92:12:93:dd:9a:3c:db:ef:7d:0d:
         6f:c0:88:33:f0:0a:b1:a5:82:a5:ac:4e:bf:ba:d1:0a:d4:a8:
         f4:da:ca:ef:ff:c4:12:4c:ec:9d:95:f1:c0:2b:2b:ee:fe:60:
         9d:a1:cd:71:e5:20:7a:58:cc:3e:bc:e0:60:6f:0a:8f:97:e0:
         af:c2:1d:6a:ef:e3:4a:8d:92:e2:c7:23:00:87:86:54:df:3f:
         ee:d1:67:74:a0:d6:3d:52:de:2d:fc:f2:73:e5:63:3a:07:8d:
         b9:e9:60:e7:37:93:8e:7f:53:50:ff:f2:53:b4:ec:9f:15:d8:
         be:71:d7:ab:d8:93:0b:8d:cd:b0:44:44:1a:ec:01:14:b6:5f:
         4d:d0:33:6b:53:ac:b7:8c:28:55:aa:24:80:78:db:cb:7f:36:
         0f:5e:a7:00:e3:d5:43:d9:bc:f7:6f:59:18:7a:5b:b9:49:47:
         7f:90:6c:12
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUMqhhkLGWANigZ+d34j140/Bw0J0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjAzMTExMzAzMjlaFw0yNzAzMTAxMzA4MjlaMDMxMTAvBgNV
BAMTKDBDNjVCQkNFMjlGMENENUUyMDI5Mzk0MDdDQkVDNjM2MTdGRUY3NjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDratcLN1bhgJAUcZX/ZuOaxBaY
6rso8Bot/qfDK9CdKBum6uQ66t27kQtYxHBl0WnnMv+bDcfysz+e4unqrqHhzGdE
s/SeySzNNg7G20ABbjpn1noraXiQ4/nOYF1ukd9yiGNVspquVIiqi7WFS4R6XyQM
WXf+U2tOiMKoxVENtgAkfyqUOvRolxGvue1KBYeBgbrKsaHt4Km39AbLM+uvs7HN
0ywSuMoepDQr4Sfo5eW7mmdv+i+wP90i6icKGiQdHxBhVoJXWxgwc9Uu7Hz6cHKr
AcVn+3XFPYUFz+BuxLwgUGiyJ8cI1GPByB2MlBEZrsdg9M+OHkhp8JSr0BvVAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUDGW7zinwzV4gKTlAfL7GNhf+92UwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzNDgxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg+F
wQvQMA0GCSqGSIb3DQEBCwUAA4IBAQDGpIXbJ/6UkW34648Bh/kahRPNqOFc5w7W
zdckxmOyxQXc7eVal69wYhPiy7S2YhilGpnaGT0o9L7uCRG77jaE9bqwo6MJJRp+
qS0N2s45opISk92aPNvvfQ1vwIgz8AqxpYKlrE6/utEK1Kj02srv/8QSTOydlfHA
Kyvu/mCdoc1x5SB6WMw+vOBgbwqPl+Cvwh1q7+NKjZLixyMAh4ZU3z/u0Wd0oNY9
Ut4t/PJz5WM6B4256WDnN5OOf1NQ//JTtOyfFdi+cder2JMLjc2wREQa7AEUtl9N
0DNrU6y3jChVqiSAeNvLfzYPXqcA49VD2bz3b1kYelu5SUd/kGwS
-----END CERTIFICATE-----