Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS210538.roa
File:                     AS210538.roa (raw, json)
Hash identifier:          LTkwGhLPpP35Kywha+JMRHOmnFNA0vsOk9wtSmf9xvg=
Subject key identifier:   40:25:DC:FE:00:B4:AB:3F:DF:A9:09:10:A8:A4:DE:F8:E6:67:57:E0
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       37AE547B99CBF691BEE0D1101E6CF5FBA64E05E2
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS210538.roa
Signing time:             Mon 09 Mar 2026 20:46:48 +0000
ROA not before:           Mon 09 Mar 2026 20:41:48 +0000
ROA not after:            Mon 08 Mar 2027 20:46:48 +0000
asID:                     210538
IP address blocks:        141.11.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 06:49:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:ae:54:7b:99:cb:f6:91:be:e0:d1:10:1e:6c:f5:fb:a6:4e:05:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Mar  9 20:41:48 2026 GMT
            Not After : Mar  8 20:46:48 2027 GMT
        Subject: CN=4025DCFE00B4AB3FDFA90910A8A4DEF8E66757E0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:67:26:c9:54:7d:cc:97:08:20:76:0c:04:59:
                    c9:fe:73:5f:a2:63:c8:7a:b6:d4:68:58:4b:4d:7d:
                    fb:28:a6:84:87:cf:c5:dc:fa:6e:a8:74:5e:28:57:
                    e4:7c:75:5d:1c:59:d4:b5:9b:bc:28:66:06:b7:1f:
                    02:fb:86:ca:a0:6d:97:46:41:1d:00:46:21:74:54:
                    e1:63:da:86:6f:c2:50:82:1c:a1:54:f2:94:5c:3c:
                    31:8b:1d:05:b4:8c:86:f1:6a:76:2f:5f:f3:4a:40:
                    60:33:74:53:2f:cc:ec:5a:f2:d6:85:58:c3:e6:13:
                    ea:b1:51:20:da:6a:3b:f4:30:7e:5a:8d:a1:1f:13:
                    c5:29:97:c0:b6:20:bd:5c:14:55:3a:2f:4f:83:2d:
                    b2:b4:1f:27:48:74:71:b3:59:9d:09:11:92:b2:03:
                    5a:4f:4b:c6:6d:c9:3a:cd:f8:f0:c8:c7:6f:9e:cf:
                    be:a9:24:2c:ab:02:a8:40:a2:1a:a2:d6:35:72:30:
                    d3:c1:0b:fb:3c:32:2b:cf:d6:f2:e4:b2:fc:98:8f:
                    63:e8:e9:7c:2b:c4:5e:fd:e7:30:b7:af:7d:35:35:
                    5d:60:0e:89:0e:de:d8:c1:f8:6b:b6:5b:0f:54:67:
                    35:39:5e:d5:5a:82:65:e9:6e:86:77:70:b7:64:23:
                    cb:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:25:DC:FE:00:B4:AB:3F:DF:A9:09:10:A8:A4:DE:F8:E6:67:57:E0
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS210538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:c0:09:de:a0:19:5b:be:e3:4b:6f:66:aa:74:06:f1:7f:a9:
         24:3a:e1:f8:93:65:16:ea:c0:e6:03:b3:d5:36:ea:48:11:f0:
         d4:45:6c:bc:81:ae:7e:dd:16:f5:f7:18:21:10:be:d6:e1:03:
         51:45:75:9e:ee:3a:23:18:f2:d8:e1:0f:75:c6:39:b8:ce:79:
         87:ba:7e:54:7e:3d:7a:e9:a3:b0:6f:26:46:00:44:7d:41:a6:
         b9:68:7e:73:20:b9:05:f4:b4:6b:55:fb:86:2e:03:cd:e3:ab:
         eb:06:78:66:8a:86:8c:78:b0:8d:c2:38:20:9d:aa:26:7c:71:
         6b:b0:08:ec:1b:fd:a7:a6:44:8e:ba:1b:7a:47:36:9a:62:88:
         53:69:78:77:53:f8:1a:b0:3e:b7:a1:e9:76:6c:33:f3:15:dc:
         b6:ce:3a:0f:ea:4d:d6:ff:29:98:6e:58:88:69:c6:2b:fa:44:
         35:b3:e0:8d:95:8a:82:71:89:9e:58:49:80:26:94:40:f3:83:
         1e:1e:49:ef:12:ff:57:f5:44:f1:91:fd:c6:44:6d:07:74:36:
         90:94:1d:35:91:9c:c6:65:bb:22:94:59:d5:41:af:a1:0c:bc:
         8a:88:54:6b:a3:68:34:f8:32:04:17:80:3c:92:2c:ad:0d:ec:
         ce:f1:b3:34
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUN65Ue5nL9pG+4NEQHmz1+6ZOBeIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjAzMDkyMDQxNDhaFw0yNzAzMDgyMDQ2NDhaMDMxMTAvBgNV
BAMTKDQwMjVEQ0ZFMDBCNEFCM0ZERkE5MDkxMEE4QTRERUY4RTY2NzU3RTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkZybJVH3MlwggdgwEWcn+c1+i
Y8h6ttRoWEtNffsopoSHz8Xc+m6odF4oV+R8dV0cWdS1m7woZga3HwL7hsqgbZdG
QR0ARiF0VOFj2oZvwlCCHKFU8pRcPDGLHQW0jIbxanYvX/NKQGAzdFMvzOxa8taF
WMPmE+qxUSDaajv0MH5ajaEfE8Upl8C2IL1cFFU6L0+DLbK0HydIdHGzWZ0JEZKy
A1pPS8ZtyTrN+PDIx2+ez76pJCyrAqhAohqi1jVyMNPBC/s8MivP1vLksvyYj2Po
6XwrxF795zC3r301NV1gDokO3tjB+Gu2Ww9UZzU5XtVagmXpboZ3cLdkI8vRAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUQCXc/gC0qz/fqQkQqKTe+OZnV+AwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjEwNTM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQtt
MA0GCSqGSIb3DQEBCwUAA4IBAQApwAneoBlbvuNLb2aqdAbxf6kkOuH4k2UW6sDm
A7PVNupIEfDURWy8ga5+3Rb19xghEL7W4QNRRXWe7jojGPLY4Q91xjm4znmHun5U
fj166aOwbyZGAER9Qaa5aH5zILkF9LRrVfuGLgPN46vrBnhmioaMeLCNwjggnaom
fHFrsAjsG/2npkSOuht6RzaaYohTaXh3U/gasD63oel2bDPzFdy2zjoP6k3W/ymY
bliIacYr+kQ1s+CNlYqCcYmeWEmAJpRA84MeHknvEv9X9UTxkf3GRG0HdDaQlB01
kZzGZbsilFnVQa+hDLyKiFRro2g0+DIEF4A8kiytDezO8bM0
-----END CERTIFICATE-----