Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS212384.roa
File:                     AS212384.roa (raw, json)
Hash identifier:          M3hl+hBA7o95YYB072aWLbJQ67D0UwasKBlPcSRpWFg=
Subject key identifier:   25:43:76:F4:83:32:9F:C7:5F:AD:C6:BB:3B:12:4F:41:EE:E6:0D:EA
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       28C93BA9F4A715C92A0A3B8940ED46F71BD9BFFC
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS212384.roa
Signing time:             Tue 16 Sep 2025 00:55:07 +0000
ROA not before:           Tue 16 Sep 2025 00:50:07 +0000
ROA not after:            Tue 15 Sep 2026 00:55:07 +0000
asID:                     212384
IP address blocks:        141.11.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:c9:3b:a9:f4:a7:15:c9:2a:0a:3b:89:40:ed:46:f7:1b:d9:bf:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Sep 16 00:50:07 2025 GMT
            Not After : Sep 15 00:55:07 2026 GMT
        Subject: CN=254376F483329FC75FADC6BB3B124F41EEE60DEA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:25:8b:8d:73:a5:cc:04:76:e0:93:6d:eb:e1:
                    6c:ff:7d:c8:5a:de:2b:d8:e1:d4:dd:ff:9b:92:4c:
                    32:62:9d:35:f5:a7:d3:8b:85:c6:55:d8:27:f8:69:
                    f5:1e:ae:d2:fc:5b:95:ac:b3:d7:90:87:c6:88:dd:
                    e2:c6:f7:bd:7a:f0:0c:78:ff:2d:0f:79:a7:e0:9d:
                    12:10:2e:fd:c5:31:2b:d2:be:4a:01:6b:ec:de:e3:
                    4d:81:82:20:64:50:4b:c1:12:47:df:4a:e1:8b:9f:
                    55:30:d1:8a:3d:f9:33:29:fd:07:05:ab:81:cd:66:
                    94:bf:c4:c6:ec:2e:61:4d:3d:61:7b:56:b5:2f:05:
                    14:15:da:b3:59:a3:4c:cc:c4:07:56:0b:13:88:9d:
                    5a:2f:3a:b3:0d:65:94:fd:0d:d9:1b:1f:66:07:9a:
                    36:1c:e4:c0:d0:d3:fe:c7:48:1d:cb:20:c6:91:9a:
                    a8:c5:92:d1:c2:ef:37:3e:e8:44:32:37:7b:12:c2:
                    b3:7a:67:f4:c3:2a:17:0c:2e:07:f7:2f:12:d1:c3:
                    46:e6:a0:dd:3d:71:f6:4b:72:cf:7b:5a:76:6c:d0:
                    31:e3:f3:54:52:2f:9e:86:0f:c3:9a:53:ad:9d:7e:
                    d5:60:40:73:89:ef:48:fa:fe:74:de:0f:1a:5b:bf:
                    c2:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:43:76:F4:83:32:9F:C7:5F:AD:C6:BB:3B:12:4F:41:EE:E6:0D:EA
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS212384.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:2a:62:65:5e:e9:c0:5f:11:ac:f5:78:97:14:e7:28:1c:30:
         5c:bd:ef:a2:0c:6b:6b:9f:1a:38:87:ad:d0:32:21:dc:76:84:
         a1:f1:9c:19:96:e4:6a:2f:4f:df:13:46:00:27:20:d1:88:f3:
         37:6d:2a:1c:01:d9:3f:13:56:83:00:a6:6d:b8:fc:fb:df:fc:
         df:eb:b1:ae:f9:6c:62:df:cc:ba:2a:e7:e6:91:90:36:61:f9:
         0b:9c:da:c2:fc:95:10:b1:66:8d:20:c3:d1:66:e7:9a:18:9f:
         d3:e1:41:a8:89:7e:34:53:44:52:43:7d:e1:2a:43:b9:b3:d5:
         4d:1c:af:02:f3:03:42:de:62:17:bb:c3:49:0e:ba:84:ba:f9:
         e5:6d:52:6d:81:27:db:a1:07:5a:2a:a8:60:90:4e:5b:ad:9f:
         ca:94:a1:ea:e6:8e:d5:13:78:33:98:93:b8:b2:69:e5:91:6d:
         c9:24:1c:ad:55:18:a8:4f:49:20:af:ef:b1:46:64:95:2a:05:
         cd:c0:ba:2e:5d:85:39:fa:f0:ea:38:da:55:df:9e:a2:e3:44:
         ad:5e:75:34:17:0a:63:ae:b0:a5:43:4f:6d:a5:4d:3e:bb:24:
         47:d9:67:2a:1e:42:7a:6f:24:62:37:b0:d5:33:f6:99:6f:21:
         ec:ad:76:06
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUKMk7qfSnFckqCjuJQO1G9xvZv/wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA5MTYwMDUwMDdaFw0yNjA5MTUwMDU1MDdaMDMxMTAvBgNV
BAMTKDI1NDM3NkY0ODMzMjlGQzc1RkFEQzZCQjNCMTI0RjQxRUVFNjBERUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/JYuNc6XMBHbgk23r4Wz/fcha
3ivY4dTd/5uSTDJinTX1p9OLhcZV2Cf4afUertL8W5Wss9eQh8aI3eLG97168Ax4
/y0PeafgnRIQLv3FMSvSvkoBa+ze402BgiBkUEvBEkffSuGLn1Uw0Yo9+TMp/QcF
q4HNZpS/xMbsLmFNPWF7VrUvBRQV2rNZo0zMxAdWCxOInVovOrMNZZT9DdkbH2YH
mjYc5MDQ0/7HSB3LIMaRmqjFktHC7zc+6EQyN3sSwrN6Z/TDKhcMLgf3LxLRw0bm
oN09cfZLcs97WnZs0DHj81RSL56GD8OaU62dftVgQHOJ70j6/nTeDxpbv8IfAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUJUN29IMyn8dfrca7OxJPQe7mDeowHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjEyMzg0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQvy
MA0GCSqGSIb3DQEBCwUAA4IBAQAIKmJlXunAXxGs9XiXFOcoHDBcve+iDGtrnxo4
h63QMiHcdoSh8ZwZluRqL0/fE0YAJyDRiPM3bSocAdk/E1aDAKZtuPz73/zf67Gu
+Wxi38y6KufmkZA2YfkLnNrC/JUQsWaNIMPRZueaGJ/T4UGoiX40U0RSQ33hKkO5
s9VNHK8C8wNC3mIXu8NJDrqEuvnlbVJtgSfboQdaKqhgkE5brZ/KlKHq5o7VE3gz
mJO4smnlkW3JJBytVRioT0kgr++xRmSVKgXNwLouXYU5+vDqONpV356i40StXnU0
FwpjrrClQ09tpU0+uyRH2WcqHkJ6byRiN7DVM/aZbyHsrXYG
-----END CERTIFICATE-----