Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS216069.roa
File:                     AS216069.roa (raw, json)
Hash identifier:          0u9nV7fDosuJ23dEKZTWcVoyIjlPez3R+VsdEhqyjkw=
Subject key identifier:   FE:7B:D5:13:07:6F:3F:FF:7B:09:7A:55:CF:2B:CD:6C:AB:F4:74:B6
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       2E0D0214E7804D29E6461CA127CAFE8476508C26
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS216069.roa
Signing time:             Mon 06 Oct 2025 02:17:19 +0000
ROA not before:           Mon 06 Oct 2025 02:12:19 +0000
ROA not after:            Mon 05 Oct 2026 02:17:19 +0000
asID:                     216069
IP address blocks:        2a14:7583:c000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:0d:02:14:e7:80:4d:29:e6:46:1c:a1:27:ca:fe:84:76:50:8c:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Oct  6 02:12:19 2025 GMT
            Not After : Oct  5 02:17:19 2026 GMT
        Subject: CN=FE7BD513076F3FFF7B097A55CF2BCD6CABF474B6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:d0:1b:4c:80:1a:7a:c6:3b:e9:d4:93:f4:99:
                    aa:97:97:65:a6:79:38:74:9e:f7:c2:e1:6e:62:60:
                    45:e6:b1:4a:f8:aa:af:80:33:06:1e:e7:c9:a4:a5:
                    93:e0:83:53:42:b1:3d:6b:42:29:56:6c:d3:3f:4c:
                    a9:ab:28:a0:0a:46:43:1d:b3:f1:30:0b:60:2d:e5:
                    f4:ee:78:f4:ac:4c:af:87:10:f2:d5:c0:f9:7f:59:
                    40:10:fa:74:eb:da:c9:04:11:63:a0:00:ba:5d:d4:
                    f1:d0:83:4e:b5:bd:c6:ff:a7:22:84:f2:b9:26:5e:
                    f1:4f:87:20:cc:7e:09:3f:b3:b3:bc:b0:28:31:0a:
                    97:ad:a5:0c:01:62:26:f4:18:0f:a9:b5:c9:e8:97:
                    a5:52:ae:de:e6:30:76:1a:d3:8e:2d:73:27:f7:74:
                    73:fb:b2:38:03:de:48:04:88:fb:2f:2d:9a:ac:12:
                    2c:f8:29:a6:b0:5a:a8:5a:ce:6f:ed:b3:81:77:88:
                    58:d3:0f:92:95:c3:98:1c:4e:c7:0f:a9:62:8f:ef:
                    a5:99:e5:d2:f3:53:4c:28:9e:65:f7:41:de:a7:f4:
                    b3:46:a2:55:dc:86:bb:bb:cd:02:17:68:60:b0:5c:
                    d4:c1:90:d2:eb:58:8c:19:b4:3e:ae:ec:fe:d9:48:
                    a1:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:7B:D5:13:07:6F:3F:FF:7B:09:7A:55:CF:2B:CD:6C:AB:F4:74:B6
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS216069.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7583:c000::/36

    Signature Algorithm: sha256WithRSAEncryption
         33:90:eb:75:10:1f:4b:6a:45:bf:ab:03:dd:d6:56:5d:ae:95:
         e6:f6:5b:ef:58:f3:b4:02:a2:41:3d:56:59:35:25:6a:50:9d:
         04:73:6a:6e:9b:ef:8a:c2:16:1a:1d:56:a7:96:34:6f:a8:e5:
         e3:49:05:b4:67:a2:57:51:7c:73:61:49:3f:07:42:9f:25:61:
         97:2e:15:03:f8:72:8d:a9:55:91:09:b8:d4:17:2d:e2:b4:14:
         d7:4a:26:d1:ba:18:b2:20:3a:d1:36:7c:29:06:6b:f3:09:c0:
         a0:60:e2:ca:fe:06:b2:31:2b:ce:af:17:b5:ef:4a:1e:88:c4:
         4e:47:e2:45:76:96:36:da:c4:a3:97:7f:cf:4e:66:2a:3a:4f:
         97:6c:7d:78:bd:d4:a8:0a:eb:83:5a:c9:cc:67:c8:66:bd:de:
         35:70:e0:77:b0:24:8d:48:71:ac:b5:36:19:01:26:78:67:a8:
         77:cc:40:69:85:41:13:e1:82:98:7f:b7:51:6c:ae:2e:ea:df:
         5a:38:cf:d3:3f:e4:74:81:b0:4b:ff:c2:68:a9:c8:2a:15:20:
         ea:8a:fe:e5:b8:80:ce:c3:a0:91:ed:9e:f6:35:0d:13:17:81:
         55:af:68:00:16:5b:8d:53:28:9d:7b:a7:0d:65:66:ae:92:0c:
         ab:b7:a6:22
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIULg0CFOeATSnmRhyhJ8r+hHZQjCYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTEwMDYwMjEyMTlaFw0yNjEwMDUwMjE3MTlaMDMxMTAvBgNV
BAMTKEZFN0JENTEzMDc2RjNGRkY3QjA5N0E1NUNGMkJDRDZDQUJGNDc0QjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQ0BtMgBp6xjvp1JP0maqXl2Wm
eTh0nvfC4W5iYEXmsUr4qq+AMwYe58mkpZPgg1NCsT1rQilWbNM/TKmrKKAKRkMd
s/EwC2At5fTuePSsTK+HEPLVwPl/WUAQ+nTr2skEEWOgALpd1PHQg061vcb/pyKE
8rkmXvFPhyDMfgk/s7O8sCgxCpetpQwBYib0GA+ptcnol6VSrt7mMHYa044tcyf3
dHP7sjgD3kgEiPsvLZqsEiz4KaawWqhazm/ts4F3iFjTD5KVw5gcTscPqWKP76WZ
5dLzU0wonmX3Qd6n9LNGolXchru7zQIXaGCwXNTBkNLrWIwZtD6u7P7ZSKFjAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQU/nvVEwdvP/97CXpVzyvNbKv0dLYwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjE2MDY5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhR1
g8AwDQYJKoZIhvcNAQELBQADggEBADOQ63UQH0tqRb+rA93WVl2uleb2W+9Y87QC
okE9Vlk1JWpQnQRzam6b74rCFhodVqeWNG+o5eNJBbRnoldRfHNhST8HQp8lYZcu
FQP4co2pVZEJuNQXLeK0FNdKJtG6GLIgOtE2fCkGa/MJwKBg4sr+BrIxK86vF7Xv
Sh6IxE5H4kV2ljbaxKOXf89OZio6T5dsfXi91KgK64NaycxnyGa93jVw4HewJI1I
cay1NhkBJnhnqHfMQGmFQRPhgph/t1Fsri7q31o4z9M/5HSBsEv/wmipyCoVIOqK
/uW4gM7DoJHtnvY1DRMXgVWvaAAWW41TKJ17pw1lZq6SDKu3piI=
-----END CERTIFICATE-----