Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS213607.roa
File:                     AS213607.roa (raw, json)
Hash identifier:          eYxx/jMipA74lbHqOgkTpYNP0dD0a0uLP0MYIxvi9SE=
Subject key identifier:   07:2D:86:15:38:D2:62:BA:2B:95:68:8D:FA:88:29:D3:C2:B2:35:55
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       6A2BC986603AC0BF100A8EA0D015DEC6C5C30CE2
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS213607.roa
Signing time:             Fri 24 Apr 2026 14:35:59 +0000
ROA not before:           Fri 24 Apr 2026 14:30:59 +0000
ROA not after:            Fri 23 Apr 2027 14:35:59 +0000
asID:                     213607
IP address blocks:        51.194.99.0/24 maxlen: 24
                          51.194.117.0/24 maxlen: 24
                          78.105.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:2b:c9:86:60:3a:c0:bf:10:0a:8e:a0:d0:15:de:c6:c5:c3:0c:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Apr 24 14:30:59 2026 GMT
            Not After : Apr 23 14:35:59 2027 GMT
        Subject: CN=072D861538D262BA2B95688DFA8829D3C2B23555
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:1b:5e:41:2d:d9:98:b2:cf:a3:3b:fb:00:7c:
                    f0:4b:d2:b1:fd:f9:85:6c:f5:1f:50:43:a5:06:fc:
                    6d:2d:bb:59:94:53:9d:ed:d7:35:15:ea:30:f1:80:
                    66:13:a3:ac:19:6f:b6:db:61:ad:d7:ad:63:ab:65:
                    04:3e:fc:c4:a1:2d:31:03:bf:c5:f9:e8:90:11:0f:
                    c8:db:9a:ad:ba:a7:63:a4:87:3f:a9:af:d7:bc:5a:
                    02:4c:4f:b0:17:41:09:d5:fb:80:97:2a:b8:51:ca:
                    6f:ef:1a:87:8f:2e:e9:bb:8e:bf:3e:44:5b:e9:0f:
                    89:c6:63:36:ca:89:b6:22:08:45:9d:e8:a8:7b:af:
                    cd:27:ea:58:7f:2f:7c:19:6c:62:6a:77:6a:22:36:
                    60:2b:8d:cb:8a:ba:80:a0:fa:19:0d:bc:7f:9c:52:
                    6b:d9:88:74:41:b0:2f:58:30:2a:77:b2:67:53:ce:
                    da:4f:4d:e6:3b:e9:c6:b3:b7:cc:1d:95:2d:9a:f9:
                    8b:5c:99:95:e3:bc:96:3e:a4:c9:e7:c6:d6:d7:fd:
                    bb:3a:12:33:9b:a4:c1:70:ee:56:d0:22:e2:7a:b4:
                    17:c3:99:c6:58:ae:bf:d8:3e:fb:28:af:f3:2a:f1:
                    d5:33:9e:ec:c2:12:1c:89:be:19:44:5a:a8:ad:22:
                    75:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:2D:86:15:38:D2:62:BA:2B:95:68:8D:FA:88:29:D3:C2:B2:35:55
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS213607.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.194.99.0/24
                  51.194.117.0/24
                  78.105.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:83:10:04:41:3f:df:70:b6:94:76:4e:b3:09:2d:ab:79:dd:
         f0:ac:93:a6:47:8b:96:36:57:db:60:89:c4:99:73:80:48:71:
         e8:a1:06:e8:2f:42:f9:dd:3b:47:6e:c8:3c:25:48:8d:9a:76:
         8e:8a:44:ff:19:e7:bb:0b:e1:af:f7:f8:f5:22:71:18:83:be:
         c0:be:25:43:42:1a:d9:1f:55:34:6d:76:75:92:f8:b4:60:96:
         34:28:70:b6:a5:b2:3d:e5:ba:67:9e:81:4c:55:fd:f5:67:35:
         f4:99:9b:c2:77:27:1a:af:6e:48:67:cf:ac:ac:55:ae:8d:7a:
         94:dc:8e:a6:8c:17:d5:98:82:e8:97:e5:8b:21:63:85:c6:27:
         f3:62:8a:a2:cb:d7:e8:93:2d:cf:89:0c:57:ce:1b:b1:63:6d:
         0c:fc:9f:55:0f:eb:3a:5b:02:94:31:4c:d1:4d:e9:80:4f:84:
         ab:15:35:12:89:2e:ca:4d:44:a8:ac:6d:ff:9d:73:ac:a6:09:
         d1:36:47:a9:3f:81:bc:af:42:29:18:e1:21:5c:fa:60:24:18:
         f0:13:d1:d0:1c:9a:77:73:67:7f:2c:3a:f4:38:c0:f0:af:e0:
         d1:67:7a:db:93:76:cb:a6:f1:ed:87:1b:2c:3d:21:8d:9c:21:
         99:dc:2f:7a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUaivJhmA6wL8QCo6g0BXexsXDDOIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA0MjQxNDMwNTlaFw0yNzA0MjMxNDM1NTlaMDMxMTAvBgNV
BAMTKDA3MkQ4NjE1MzhEMjYyQkEyQjk1Njg4REZBODgyOUQzQzJCMjM1NTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoG15BLdmYss+jO/sAfPBL0rH9
+YVs9R9QQ6UG/G0tu1mUU53t1zUV6jDxgGYTo6wZb7bbYa3XrWOrZQQ+/MShLTED
v8X56JARD8jbmq26p2Okhz+pr9e8WgJMT7AXQQnV+4CXKrhRym/vGoePLum7jr8+
RFvpD4nGYzbKibYiCEWd6Kh7r80n6lh/L3wZbGJqd2oiNmArjcuKuoCg+hkNvH+c
UmvZiHRBsC9YMCp3smdTztpPTeY76cazt8wdlS2a+YtcmZXjvJY+pMnnxtbX/bs6
EjObpMFw7lbQIuJ6tBfDmcZYrr/YPvsor/Mq8dUznuzCEhyJvhlEWqitInVpAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUBy2GFTjSYrorlWiN+ogp08KyNVUwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMjEzNjA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAM8Jj
AwQAM8J1AwQATmlgMA0GCSqGSIb3DQEBCwUAA4IBAQB1gxAEQT/fcLaUdk6zCS2r
ed3wrJOmR4uWNlfbYInEmXOASHHooQboL0L53TtHbsg8JUiNmnaOikT/Gee7C+Gv
9/j1InEYg77AviVDQhrZH1U0bXZ1kvi0YJY0KHC2pbI95bpnnoFMVf31ZzX0mZvC
dycar25IZ8+srFWujXqU3I6mjBfVmILol+WLIWOFxifzYoqiy9foky3PiQxXzhux
Y20M/J9VD+s6WwKUMUzRTemAT4SrFTUSiS7KTUSorG3/nXOspgnRNkepP4G8r0Ip
GOEhXPpgJBjwE9HQHJp3c2d/LDr0OMDwr+DRZ3rbk3bLpvHthxssPSGNnCGZ3C96
-----END CERTIFICATE-----