Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS212335.roa
File:                     AS212335.roa (raw, json)
Hash identifier:          l38HrQVF0Xc3KG6vBVWekLmRsCcnEkXdyD8f98A4o7I=
Subject key identifier:   7C:8B:A8:23:D5:15:82:5C:A4:9A:68:E3:28:8E:0B:EC:DC:FC:08:C7
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       4600A8C538C4E59E944D854DF25CCD180BF5EC66
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS212335.roa
Signing time:             Mon 09 Mar 2026 07:46:48 +0000
ROA not before:           Mon 09 Mar 2026 07:41:48 +0000
ROA not after:            Mon 08 Mar 2027 07:46:48 +0000
asID:                     212335
IP address blocks:        141.11.97.0/24 maxlen: 24
                          141.11.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 06:49:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:00:a8:c5:38:c4:e5:9e:94:4d:85:4d:f2:5c:cd:18:0b:f5:ec:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Mar  9 07:41:48 2026 GMT
            Not After : Mar  8 07:46:48 2027 GMT
        Subject: CN=7C8BA823D515825CA49A68E3288E0BECDCFC08C7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:7a:07:36:27:ea:98:b5:96:17:2e:50:8a:07:
                    67:19:cb:9c:00:62:60:28:d2:e1:a4:94:89:d9:8c:
                    9e:e3:99:c7:f2:23:16:b3:cd:80:ae:15:65:1f:1a:
                    0c:57:c5:30:c7:df:ca:1c:04:8a:f0:a7:aa:a7:60:
                    8f:5d:3d:f0:69:bb:77:c9:8a:e8:07:5a:f5:ff:04:
                    88:e5:db:78:78:e8:20:f9:53:ba:8f:fc:31:92:fc:
                    f7:2f:86:13:91:17:3a:ed:52:67:e1:4f:77:db:4c:
                    43:e3:9d:39:e7:f9:5e:72:72:23:9d:ee:20:4f:5d:
                    50:bf:87:e1:1b:e8:67:79:05:a1:fb:e8:c6:f9:c9:
                    0c:17:06:74:03:25:0c:7d:d9:e7:a2:44:6c:97:83:
                    48:b0:75:6c:4b:c4:25:d3:42:3a:b4:da:45:d7:b2:
                    3a:88:06:55:45:f3:7f:36:b1:17:a3:60:e6:39:6a:
                    3a:91:52:cc:37:8e:22:28:ce:5b:48:cf:ee:6e:bb:
                    b8:08:43:bf:f8:54:58:97:ef:83:81:c4:9d:c8:0d:
                    75:42:ee:9c:5d:af:98:0f:d8:2d:f8:90:3c:91:6d:
                    f7:6a:d8:9a:37:db:75:46:fd:3c:13:88:b9:f4:aa:
                    3b:90:3e:a4:2f:d0:0d:5f:50:1f:8a:15:2f:96:f6:
                    81:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:8B:A8:23:D5:15:82:5C:A4:9A:68:E3:28:8E:0B:EC:DC:FC:08:C7
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS212335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.97.0/24
                  141.11.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:57:48:09:d2:13:0c:fd:35:e0:19:46:58:df:d2:67:28:49:
         54:ef:e2:f7:f8:31:98:3a:bf:8f:d8:63:14:1c:ec:76:9c:4f:
         9a:97:28:18:c9:ca:4a:bc:8a:41:70:36:2b:a1:1e:bf:ca:07:
         d2:56:0d:45:20:33:e0:96:4f:10:6d:8b:34:b0:26:1b:3a:20:
         7a:a1:9e:ed:5b:a6:f3:f3:2e:e9:a2:f4:7e:ae:a0:00:a3:f7:
         a3:8e:88:db:7f:ef:db:50:45:3f:fd:82:d8:51:c9:62:70:fd:
         7d:30:ea:f3:57:fa:3a:d1:a4:03:68:22:5c:ab:4c:ee:40:72:
         de:12:26:40:ea:c2:d5:9f:db:10:80:e8:f3:eb:35:8a:ca:ce:
         52:b8:2a:70:72:71:cf:1d:7a:d8:86:76:43:5f:68:98:dd:6c:
         61:0b:bd:2b:52:0d:4c:b0:d4:a6:c2:bc:29:9b:8f:6b:0d:e3:
         95:81:95:96:56:2a:27:f8:9b:ba:2d:dd:8e:bd:8f:44:a8:f2:
         18:30:fb:25:0e:ec:33:18:e2:f3:6a:73:69:53:76:78:cf:13:
         63:a3:26:92:14:8b:bc:17:91:3e:90:2b:d5:f3:f8:c9:b6:92:
         df:97:8a:cd:fe:f6:0d:b8:ee:34:aa:df:4e:70:3b:a3:0f:80:
         93:66:f3:17
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIURgCoxTjE5Z6UTYVN8lzNGAv17GYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjAzMDkwNzQxNDhaFw0yNzAzMDgwNzQ2NDhaMDMxMTAvBgNV
BAMTKDdDOEJBODIzRDUxNTgyNUNBNDlBNjhFMzI4OEUwQkVDRENGQzA4QzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbegc2J+qYtZYXLlCKB2cZy5wA
YmAo0uGklInZjJ7jmcfyIxazzYCuFWUfGgxXxTDH38ocBIrwp6qnYI9dPfBpu3fJ
iugHWvX/BIjl23h46CD5U7qP/DGS/PcvhhORFzrtUmfhT3fbTEPjnTnn+V5yciOd
7iBPXVC/h+Eb6Gd5BaH76Mb5yQwXBnQDJQx92eeiRGyXg0iwdWxLxCXTQjq02kXX
sjqIBlVF8382sRejYOY5ajqRUsw3jiIozltIz+5uu7gIQ7/4VFiX74OBxJ3IDXVC
7pxdr5gP2C34kDyRbfdq2Jo323VG/TwTiLn0qjuQPqQv0A1fUB+KFS+W9oHZAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUfIuoI9UVglykmmjjKI4L7Nz8CMcwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjEyMzM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjQth
AwQAjQt+MA0GCSqGSIb3DQEBCwUAA4IBAQByV0gJ0hMM/TXgGUZY39JnKElU7+L3
+DGYOr+P2GMUHOx2nE+alygYycpKvIpBcDYroR6/ygfSVg1FIDPglk8QbYs0sCYb
OiB6oZ7tW6bz8y7povR+rqAAo/ejjojbf+/bUEU//YLYUclicP19MOrzV/o60aQD
aCJcq0zuQHLeEiZA6sLVn9sQgOjz6zWKys5SuCpwcnHPHXrYhnZDX2iY3WxhC70r
Ug1MsNSmwrwpm49rDeOVgZWWVion+Ju6Ld2OvY9EqPIYMPslDuwzGOLzanNpU3Z4
zxNjoyaSFIu8F5E+kCvV8/jJtpLfl4rN/vYNuO40qt9OcDujD4CTZvMX
-----END CERTIFICATE-----