Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS216100.roa
File:                     AS216100.roa (raw, json)
Hash identifier:          XSAb9ntH+SapPtsMoHXyXpz2Cm0z2QrWTXwZ2yUA7RU=
Subject key identifier:   82:6F:68:8E:11:84:D9:D0:08:2D:A9:B9:B2:30:C8:FB:C2:0B:80:96
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       52B8264B4748E2D510A60EC794E9422D0777F621
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS216100.roa
Signing time:             Wed 06 Aug 2025 10:12:00 +0000
ROA not before:           Wed 06 Aug 2025 10:07:00 +0000
ROA not after:            Wed 05 Aug 2026 10:12:00 +0000
asID:                     216100
IP address blocks:        2a14:7580:fff7::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:25:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:b8:26:4b:47:48:e2:d5:10:a6:0e:c7:94:e9:42:2d:07:77:f6:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Aug  6 10:07:00 2025 GMT
            Not After : Aug  5 10:12:00 2026 GMT
        Subject: CN=826F688E1184D9D0082DA9B9B230C8FBC20B8096
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:61:a5:c9:d9:b9:b9:6e:0e:de:8b:cf:7b:5e:
                    61:6f:b6:7e:e5:38:d3:a3:ee:34:01:3b:4b:c9:dc:
                    35:3b:80:c3:2a:6d:2d:72:da:97:fe:42:4a:4f:63:
                    74:1b:95:48:b0:61:0c:f7:a6:48:74:1b:d9:df:8f:
                    5e:fa:84:d9:df:95:61:f6:62:f2:65:79:83:4c:0a:
                    11:eb:cb:2a:05:16:f4:0f:7a:82:3c:e7:2c:4e:19:
                    af:13:fc:88:3b:49:c3:d8:af:28:0c:12:da:15:98:
                    7a:cd:b4:5d:17:39:c2:14:1f:08:00:a7:39:54:54:
                    43:79:46:20:9d:5c:e4:58:a7:1c:ac:b4:5a:28:d7:
                    5f:27:fe:0c:c3:fa:43:10:e1:34:0c:cf:51:e5:26:
                    1c:09:4f:aa:1f:18:ee:cd:74:83:bf:6d:f1:b9:ea:
                    a6:75:ae:6c:47:e7:a1:53:90:45:ae:3b:e6:bf:bb:
                    0a:b0:cc:72:4f:32:8d:8e:88:8f:97:6f:6a:2f:bd:
                    98:93:84:39:2b:f7:b3:c7:c5:29:d9:5c:51:07:f8:
                    e7:fa:70:09:c5:07:c9:cf:5e:8e:75:0e:03:24:3e:
                    f2:a8:9b:5a:da:bd:2b:1e:2b:df:a3:4b:bd:fb:8a:
                    e6:c8:ff:c5:0e:2e:4f:6b:ab:cc:5f:aa:94:d1:78:
                    5d:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:6F:68:8E:11:84:D9:D0:08:2D:A9:B9:B2:30:C8:FB:C2:0B:80:96
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS216100.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:fff7::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:a0:41:31:98:a1:65:6c:a9:d4:6d:9e:80:64:33:17:87:09:
         3f:b3:ae:04:dd:c6:72:0e:cd:96:e8:36:bd:f5:87:02:b3:16:
         ed:b6:be:9e:bf:85:a5:b1:7d:3f:d5:4a:4b:8d:a6:9b:fe:00:
         f8:3c:28:32:36:5f:b1:09:1e:53:72:91:ec:99:71:63:81:3a:
         ef:5d:50:8a:ab:eb:75:81:50:5e:c4:51:81:93:61:dc:8f:7e:
         6c:9e:d0:2a:f3:4b:96:bc:f1:7e:53:4b:e5:05:ef:3a:b2:93:
         ff:d9:bd:89:ba:2b:85:ec:51:0c:1a:5f:75:30:bb:36:1e:bc:
         9c:4b:b8:2a:21:60:3d:c8:59:08:b5:19:d1:3e:85:04:8f:3e:
         34:e7:6c:f7:12:5d:0f:b2:93:a7:3b:7d:cd:94:d4:02:c4:9f:
         20:57:1a:58:63:89:89:33:55:56:4a:24:65:a0:c2:65:1a:65:
         64:75:fd:05:20:ab:fd:a5:28:f6:b0:c1:e7:03:fb:a4:5f:d8:
         06:d3:fe:fa:2c:ff:b2:28:67:75:57:51:c4:6f:bf:c7:1f:c8:
         78:3a:ab:9c:8b:69:20:a1:8f:64:8c:82:a3:62:9f:61:17:99:
         b1:97:52:14:5d:de:54:c7:df:ff:f4:35:28:40:13:7f:e9:58:
         70:d8:95:f1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUUrgmS0dI4tUQpg7HlOlCLQd39iEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTA4MDYxMDA3MDBaFw0yNjA4MDUxMDEyMDBaMDMxMTAvBgNV
BAMTKDgyNkY2ODhFMTE4NEQ5RDAwODJEQTlCOUIyMzBDOEZCQzIwQjgwOTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaYaXJ2bm5bg7ei897XmFvtn7l
ONOj7jQBO0vJ3DU7gMMqbS1y2pf+QkpPY3QblUiwYQz3pkh0G9nfj176hNnflWH2
YvJleYNMChHryyoFFvQPeoI85yxOGa8T/Ig7ScPYrygMEtoVmHrNtF0XOcIUHwgA
pzlUVEN5RiCdXORYpxystFoo118n/gzD+kMQ4TQMz1HlJhwJT6ofGO7NdIO/bfG5
6qZ1rmxH56FTkEWuO+a/uwqwzHJPMo2OiI+Xb2ovvZiThDkr97PHxSnZXFEH+Of6
cAnFB8nPXo51DgMkPvKom1ravSseK9+jS737iubI/8UOLk9rq8xfqpTReF2xAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUgm9ojhGE2dAILam5sjDI+8ILgJYwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjE2MTAwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhR1
gP/3MA0GCSqGSIb3DQEBCwUAA4IBAQCLoEExmKFlbKnUbZ6AZDMXhwk/s64E3cZy
Ds2W6Da99YcCsxbttr6ev4WlsX0/1UpLjaab/gD4PCgyNl+xCR5TcpHsmXFjgTrv
XVCKq+t1gVBexFGBk2Hcj35sntAq80uWvPF+U0vlBe86spP/2b2JuiuF7FEMGl91
MLs2HrycS7gqIWA9yFkItRnRPoUEjz4052z3El0PspOnO33NlNQCxJ8gVxpYY4mJ
M1VWSiRloMJlGmVkdf0FIKv9pSj2sMHnA/ukX9gG0/76LP+yKGd1V1HEb7/HH8h4
Oquci2kgoY9kjIKjYp9hF5mxl1IUXd5Ux9//9DUoQBN/6Vhw2JXx
-----END CERTIFICATE-----