Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS212683.roa
File:                     AS212683.roa (raw, json)
Hash identifier:          N8fBUVoI9iUZWhVYaEx2tC71Sub/hnmJM8/CsYHctQM=
Subject key identifier:   69:5E:39:00:A2:BC:67:6B:D1:1D:E0:1F:99:B4:C3:FD:E6:58:F7:E4
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       635244066ECD5A29459200DC33A0C5D69C7E6B78
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS212683.roa
Signing time:             Sun 19 Apr 2026 10:33:02 +0000
ROA not before:           Sun 19 Apr 2026 10:28:02 +0000
ROA not after:            Sun 18 Apr 2027 10:33:02 +0000
asID:                     212683
IP address blocks:        51.194.132.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:54:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:52:44:06:6e:cd:5a:29:45:92:00:dc:33:a0:c5:d6:9c:7e:6b:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Apr 19 10:28:02 2026 GMT
            Not After : Apr 18 10:33:02 2027 GMT
        Subject: CN=695E3900A2BC676BD11DE01F99B4C3FDE658F7E4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:0f:ce:38:23:a4:62:83:95:7e:4e:c1:41:ff:
                    2f:87:1a:ba:99:da:45:30:60:c9:16:cb:77:cb:04:
                    ec:ac:e3:af:75:da:bb:ea:f9:45:5c:7d:d2:5b:9b:
                    67:ef:7d:ad:86:90:95:d6:71:3a:89:ae:64:ae:ab:
                    59:aa:df:bc:66:f5:1d:88:f2:ba:37:b3:09:84:80:
                    20:28:6f:c8:df:2e:8f:32:e0:6a:8f:0c:4e:2a:f6:
                    71:a4:9d:c2:e1:55:9a:ad:61:75:61:56:60:b4:ab:
                    4c:e6:dc:2c:59:bb:8f:b2:8d:30:76:ac:5d:22:ed:
                    0c:37:57:45:c2:af:e5:33:83:54:76:95:85:bc:f0:
                    bf:50:fa:1c:6f:89:ab:12:26:4f:d0:46:00:e4:f6:
                    eb:64:7a:97:de:fb:93:ec:2f:4d:eb:5f:60:76:cb:
                    cc:41:14:15:64:d4:5a:b4:3a:f8:3c:b6:51:ec:07:
                    4f:06:ce:2b:16:a6:82:a9:fe:58:8a:a3:68:6b:8a:
                    cf:ac:1f:ef:66:bb:a8:01:c0:5c:56:11:f8:f3:7c:
                    61:ae:41:30:9e:90:2b:97:d8:c5:2d:01:98:1f:c2:
                    0b:a2:45:a3:84:0a:b4:9f:c5:12:70:14:a7:8c:1b:
                    e2:3a:f0:a6:7c:d9:5a:fc:9e:1f:4f:86:db:d5:5d:
                    72:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:5E:39:00:A2:BC:67:6B:D1:1D:E0:1F:99:B4:C3:FD:E6:58:F7:E4
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS212683.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.194.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         87:71:6e:16:9f:09:d3:33:52:c4:54:1e:2b:d8:e9:68:52:ee:
         2b:3f:6b:af:00:e9:4a:f3:17:89:64:d9:0e:19:ff:d6:a0:28:
         93:8b:70:4c:85:77:24:07:04:a2:19:1b:e2:d9:c1:0a:cf:a3:
         f9:6c:4c:f0:70:63:68:66:cc:f6:3e:c4:a7:65:f8:52:f9:dd:
         8a:37:ad:b7:3a:ac:e2:e9:78:e2:aa:60:a7:63:60:73:57:bc:
         f2:b6:f5:1f:24:ca:79:60:d3:fe:5c:50:cb:20:f4:ed:27:38:
         64:ec:62:36:af:d8:a7:ef:c4:45:dd:9d:9f:5c:93:4f:a8:c2:
         02:00:97:67:62:d6:bc:b6:85:15:66:b6:60:39:d5:17:c1:f9:
         ec:3f:c6:99:2a:69:ef:7e:69:08:50:fb:41:3b:bc:99:4e:06:
         b2:1e:27:24:a3:4d:bf:49:75:3d:66:b3:dc:19:98:9c:2f:ce:
         71:72:e7:8f:6c:70:d8:05:45:25:fa:8f:fe:6b:96:48:9c:4a:
         a9:ce:3a:dc:fd:85:2b:f1:5d:ab:72:78:aa:c7:63:7f:77:42:
         ad:2f:a5:db:7b:99:06:3b:6b:49:41:f3:ed:f9:25:a0:36:ee:
         57:a8:a6:ca:29:a3:ec:e1:e3:dc:a0:dc:f6:54:60:a5:6a:34:
         d8:b1:68:33
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUY1JEBm7NWilFkgDcM6DF1px+a3gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA0MTkxMDI4MDJaFw0yNzA0MTgxMDMzMDJaMDMxMTAvBgNV
BAMTKDY5NUUzOTAwQTJCQzY3NkJEMTFERTAxRjk5QjRDM0ZERTY1OEY3RTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyD844I6Rig5V+TsFB/y+HGrqZ
2kUwYMkWy3fLBOys46912rvq+UVcfdJbm2fvfa2GkJXWcTqJrmSuq1mq37xm9R2I
8ro3swmEgCAob8jfLo8y4GqPDE4q9nGkncLhVZqtYXVhVmC0q0zm3CxZu4+yjTB2
rF0i7Qw3V0XCr+Uzg1R2lYW88L9Q+hxviasSJk/QRgDk9utkepfe+5PsL03rX2B2
y8xBFBVk1Fq0Ovg8tlHsB08GzisWpoKp/liKo2hris+sH+9mu6gBwFxWEfjzfGGu
QTCekCuX2MUtAZgfwguiRaOECrSfxRJwFKeMG+I68KZ82Vr8nh9PhtvVXXKhAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUaV45AKK8Z2vRHeAfmbTD/eZY9+QwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMjEyNjgzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBM8KE
MA0GCSqGSIb3DQEBCwUAA4IBAQCHcW4WnwnTM1LEVB4r2OloUu4rP2uvAOlK8xeJ
ZNkOGf/WoCiTi3BMhXckBwSiGRvi2cEKz6P5bEzwcGNoZsz2PsSnZfhS+d2KN623
Oqzi6XjiqmCnY2BzV7zytvUfJMp5YNP+XFDLIPTtJzhk7GI2r9in78RF3Z2fXJNP
qMICAJdnYta8toUVZrZgOdUXwfnsP8aZKmnvfmkIUPtBO7yZTgayHicko02/SXU9
ZrPcGZicL85xcuePbHDYBUUl+o/+a5ZInEqpzjrc/YUr8V2rcniqx2N/d0KtL6Xb
e5kGO2tJQfPt+SWgNu5XqKbKKaPs4ePcoNz2VGClajTYsWgz
-----END CERTIFICATE-----