Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS213791.roa
File:                     AS213791.roa (raw, json)
Hash identifier:          BLyCOahPBUAxoa/ny3XVBmGbaYDZ/fkqlfH9pr0viKo=
Subject key identifier:   D8:1D:70:E6:C8:01:F4:10:71:6F:07:C4:A7:DF:21:51:04:4B:B1:B3
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       72C4654F3C0B1527C1B69EA47E6F301C1143D346
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS213791.roa
Signing time:             Wed 06 May 2026 15:40:37 +0000
ROA not before:           Wed 06 May 2026 15:35:37 +0000
ROA not after:            Wed 05 May 2027 15:40:37 +0000
asID:                     213791
IP address blocks:        141.11.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 08:58:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:c4:65:4f:3c:0b:15:27:c1:b6:9e:a4:7e:6f:30:1c:11:43:d3:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May  6 15:35:37 2026 GMT
            Not After : May  5 15:40:37 2027 GMT
        Subject: CN=D81D70E6C801F410716F07C4A7DF2151044BB1B3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:96:84:54:11:c8:3b:a5:2c:bb:62:81:27:d3:
                    3d:63:89:56:ff:31:63:f7:7e:eb:26:ab:40:a0:24:
                    ba:34:67:e9:6b:c9:12:b4:85:9e:ce:1b:79:59:98:
                    58:79:58:0b:58:b0:95:9f:74:b6:09:56:cf:98:e5:
                    41:8e:96:09:26:0f:e6:18:d6:92:f0:f5:a5:15:14:
                    37:5f:67:b1:e3:17:57:27:20:6b:c5:1f:f2:2f:a4:
                    34:74:fb:00:1a:fb:e6:ff:11:aa:04:8e:07:ff:06:
                    06:55:65:15:2b:d5:d9:23:ff:62:19:c0:c0:3b:ca:
                    7b:b7:b8:ed:d6:be:20:fb:74:55:c0:f6:46:a1:bb:
                    35:62:fa:7c:e5:e0:f2:d4:d8:a4:ad:bd:d5:ab:ca:
                    19:47:9c:a8:6a:15:95:8d:da:bc:d9:13:81:11:0f:
                    29:9d:2a:3f:b1:d5:05:18:c6:79:f6:f9:ed:a1:f8:
                    75:40:94:a5:c3:2e:c2:14:8e:2f:a7:bc:e8:56:41:
                    2c:39:29:f5:aa:3c:9e:00:29:47:b2:16:28:f8:d7:
                    12:8f:04:c3:c7:ee:ac:e4:ef:cc:e9:fc:eb:2b:12:
                    df:45:48:f6:52:d4:2c:d7:55:96:06:2e:10:94:c3:
                    64:30:d1:0e:31:b6:8b:2f:d4:5a:4a:72:6e:30:d5:
                    a6:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:1D:70:E6:C8:01:F4:10:71:6F:07:C4:A7:DF:21:51:04:4B:B1:B3
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS213791.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:33:4e:c4:3d:cb:eb:f7:9a:ae:30:8e:66:00:42:47:3c:d0:
         f8:76:0f:d9:a2:4a:cb:e9:4b:2c:c5:27:ef:30:69:2e:b9:d8:
         ee:da:8c:6a:1d:27:5b:a6:7d:09:a9:ec:e5:c6:69:3e:66:ca:
         e9:d5:ee:a2:51:48:e6:ce:56:db:81:b3:ab:87:a0:9e:4c:c3:
         fd:cb:bd:94:52:b7:f3:b3:2a:fb:23:57:12:05:30:f0:42:71:
         61:70:46:e2:42:45:91:35:d5:d4:d4:67:18:a0:bf:c0:df:95:
         0e:6e:4f:b8:b3:2a:cd:3f:11:77:80:57:53:fa:06:c0:5a:cc:
         cc:ca:3a:1d:97:d9:20:99:65:95:86:82:6a:22:74:b3:07:2b:
         66:5d:b5:61:25:2b:07:63:34:8e:a6:0f:26:87:3b:f7:1c:99:
         7b:c3:52:bc:3c:06:d4:a3:8e:a5:ac:fe:e0:32:79:2f:32:3b:
         68:20:b4:46:ff:7c:53:71:f8:94:ab:cd:06:9d:8e:27:5b:69:
         25:78:2e:f8:98:11:16:a8:96:08:6b:df:9d:9d:6e:c6:f4:23:
         47:44:46:3b:d9:57:bc:d8:d8:2f:de:84:61:3c:6f:61:31:a7:
         cd:41:79:e5:95:6a:f1:9f:70:3a:43:12:77:8a:a7:86:d6:c1:
         f3:a0:33:b1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUcsRlTzwLFSfBtp6kfm8wHBFD00YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA1MDYxNTM1MzdaFw0yNzA1MDUxNTQwMzdaMDMxMTAvBgNV
BAMTKEQ4MUQ3MEU2QzgwMUY0MTA3MTZGMDdDNEE3REYyMTUxMDQ0QkIxQjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtloRUEcg7pSy7YoEn0z1jiVb/
MWP3fusmq0CgJLo0Z+lryRK0hZ7OG3lZmFh5WAtYsJWfdLYJVs+Y5UGOlgkmD+YY
1pLw9aUVFDdfZ7HjF1cnIGvFH/IvpDR0+wAa++b/EaoEjgf/BgZVZRUr1dkj/2IZ
wMA7ynu3uO3WviD7dFXA9kahuzVi+nzl4PLU2KStvdWryhlHnKhqFZWN2rzZE4ER
DymdKj+x1QUYxnn2+e2h+HVAlKXDLsIUji+nvOhWQSw5KfWqPJ4AKUeyFij41xKP
BMPH7qzk78zp/OsrEt9FSPZS1CzXVZYGLhCUw2Qw0Q4xtosv1FpKcm4w1aa1AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU2B1w5sgB9BBxbwfEp98hUQRLsbMwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjEzNzkxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQtf
MA0GCSqGSIb3DQEBCwUAA4IBAQBWM07EPcvr95quMI5mAEJHPND4dg/ZokrL6Uss
xSfvMGkuudju2oxqHSdbpn0Jqezlxmk+Zsrp1e6iUUjmzlbbgbOrh6CeTMP9y72U
Urfzsyr7I1cSBTDwQnFhcEbiQkWRNdXU1GcYoL/A35UObk+4syrNPxF3gFdT+gbA
WszMyjodl9kgmWWVhoJqInSzBytmXbVhJSsHYzSOpg8mhzv3HJl7w1K8PAbUo46l
rP7gMnkvMjtoILRG/3xTcfiUq80GnY4nW2kleC74mBEWqJYIa9+dnW7G9CNHREY7
2Ve82Ngv3oRhPG9hMafNQXnllWrxn3A6QxJ3iqeG1sHzoDOx
-----END CERTIFICATE-----