Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS216223.roa
File:                     AS216223.roa (raw, json)
Hash identifier:          DMKoUSjJl/L5dhyhmiV5PBbXg7/ylodhERuwc6Xdml0=
Subject key identifier:   F0:5F:47:53:46:E3:8A:0B:4A:82:84:EE:7A:44:84:49:F0:89:95:23
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       49822BEB6C075CEA8BFED90A21B802B8C45DE9EC
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS216223.roa
Signing time:             Sat 13 Sep 2025 02:22:12 +0000
ROA not before:           Sat 13 Sep 2025 02:17:12 +0000
ROA not after:            Sat 12 Sep 2026 02:22:12 +0000
asID:                     216223
IP address blocks:        2a0f:85c1:d44::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:82:2b:eb:6c:07:5c:ea:8b:fe:d9:0a:21:b8:02:b8:c4:5d:e9:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Sep 13 02:17:12 2025 GMT
            Not After : Sep 12 02:22:12 2026 GMT
        Subject: CN=F05F475346E38A0B4A8284EE7A448449F0899523
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:1f:6b:0c:3e:48:09:79:fc:4b:f9:4f:1c:86:
                    bf:04:39:95:15:90:e2:94:c0:0f:5a:dc:42:c3:fc:
                    34:3d:e4:93:d6:1f:8d:70:21:f4:74:bc:93:ee:3e:
                    0c:92:43:60:f5:b3:75:89:c0:1c:2f:1b:ee:48:14:
                    74:ce:35:1b:58:c7:a0:e8:09:a1:be:bc:64:77:31:
                    50:f7:e4:3d:69:9f:0a:15:1e:3d:c9:76:ca:8a:4b:
                    0e:2d:19:22:df:84:c9:f2:e1:1b:8c:81:23:78:cb:
                    eb:cd:ba:d1:2c:d6:a4:a4:2a:2c:c6:8b:76:74:1c:
                    e6:84:c4:60:0e:ba:b6:7b:44:f8:69:08:16:5a:d4:
                    2c:65:67:3b:fd:fb:4d:17:8b:f6:c8:20:b9:1e:ca:
                    e3:02:32:cc:6f:c9:63:cc:0d:66:7e:1e:ce:44:73:
                    b8:b1:bb:d2:a5:85:02:e3:1f:30:d0:01:75:a4:ab:
                    53:14:2c:83:15:4a:54:89:74:93:a7:38:13:9d:7b:
                    51:b9:70:fa:35:91:ca:3f:ba:f4:01:54:11:26:41:
                    eb:70:63:17:cd:97:96:c8:87:1c:a6:92:04:62:dc:
                    ef:61:1e:03:c3:85:fb:d1:7a:61:8c:ba:1e:2a:1c:
                    38:cf:53:dd:12:d9:ae:e1:52:a6:9d:c7:54:e4:9b:
                    aa:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:5F:47:53:46:E3:8A:0B:4A:82:84:EE:7A:44:84:49:F0:89:95:23
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS216223.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:d44::/48

    Signature Algorithm: sha256WithRSAEncryption
         01:ae:9c:85:66:61:82:53:8b:b3:09:b0:93:7c:6c:c1:ee:d6:
         b3:ed:80:9f:5e:1f:a8:90:54:25:aa:55:aa:45:6f:cf:47:98:
         0c:2f:45:34:1a:33:d3:63:4f:ea:db:df:99:b1:4f:a3:e9:c6:
         ea:65:b2:42:ac:45:6a:8f:57:60:65:63:80:bf:b5:24:da:c5:
         c5:95:83:08:3b:8f:98:bc:4b:9d:32:40:2d:c2:33:6c:e1:96:
         71:5f:87:de:d1:7c:98:ae:b1:cd:2b:13:f7:6d:a8:01:db:6c:
         55:fe:8c:3c:b8:b1:d3:69:cb:b1:8d:5a:34:fe:4d:32:2a:da:
         bf:d4:57:ff:91:d3:a4:c7:f8:88:4b:e1:b7:22:e1:7e:7c:98:
         c9:62:62:0a:65:f1:b3:4e:97:5b:6c:32:e2:38:ce:3e:d6:41:
         eb:78:3d:9f:8a:7b:2a:68:c4:47:69:d7:ba:fb:ca:15:4c:bf:
         62:ed:d1:50:54:d0:3c:42:54:79:26:20:b9:36:b7:44:0c:a4:
         81:46:0a:fc:10:1b:06:ed:1e:23:ce:4f:17:21:ba:18:1a:90:
         71:f7:d3:57:0a:18:b6:b1:d6:af:68:3a:6c:ca:54:31:ca:16:
         7b:e0:41:06:3b:8a:22:d3:1c:fb:aa:45:e7:b6:85:34:df:3e:
         a2:72:b3:98
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUSYIr62wHXOqL/tkKIbgCuMRd6ewwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA5MTMwMjE3MTJaFw0yNjA5MTIwMjIyMTJaMDMxMTAvBgNV
BAMTKEYwNUY0NzUzNDZFMzhBMEI0QTgyODRFRTdBNDQ4NDQ5RjA4OTk1MjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrH2sMPkgJefxL+U8chr8EOZUV
kOKUwA9a3ELD/DQ95JPWH41wIfR0vJPuPgySQ2D1s3WJwBwvG+5IFHTONRtYx6Do
CaG+vGR3MVD35D1pnwoVHj3JdsqKSw4tGSLfhMny4RuMgSN4y+vNutEs1qSkKizG
i3Z0HOaExGAOurZ7RPhpCBZa1CxlZzv9+00Xi/bIILkeyuMCMsxvyWPMDWZ+Hs5E
c7ixu9KlhQLjHzDQAXWkq1MULIMVSlSJdJOnOBOde1G5cPo1kco/uvQBVBEmQetw
YxfNl5bIhxymkgRi3O9hHgPDhfvRemGMuh4qHDjPU90S2a7hUqadx1Tkm6pVAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU8F9HU0bjigtKgoTuekSESfCJlSMwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE2MjIzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQ1EMA0GCSqGSIb3DQEBCwUAA4IBAQABrpyFZmGCU4uzCbCTfGzB7taz7YCfXh+o
kFQlqlWqRW/PR5gML0U0GjPTY0/q29+ZsU+j6cbqZbJCrEVqj1dgZWOAv7Uk2sXF
lYMIO4+YvEudMkAtwjNs4ZZxX4fe0XyYrrHNKxP3bagB22xV/ow8uLHTacuxjVo0
/k0yKtq/1Ff/kdOkx/iIS+G3IuF+fJjJYmIKZfGzTpdbbDLiOM4+1kHreD2finsq
aMRHade6+8oVTL9i7dFQVNA8QlR5JiC5NrdEDKSBRgr8EBsG7R4jzk8XIboYGpBx
99NXChi2sdavaDpsylQxyhZ74EEGO4oi0xz7qkXntoU03z6icrOY
-----END CERTIFICATE-----