Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS216414.roa
File:                     AS216414.roa (raw, json)
Hash identifier:          yRD47N7ELPO0/aoIWUkaRZvSByEOgk26rOxAqSUymjs=
Subject key identifier:   C1:E0:E0:B6:96:33:90:2C:E6:54:3A:4F:0C:8E:6A:57:18:3C:46:1F
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       3BD9A6BA66A4078E08D62151662433FE49288796
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS216414.roa
Signing time:             Wed 17 Sep 2025 05:55:07 +0000
ROA not before:           Wed 17 Sep 2025 05:50:07 +0000
ROA not after:            Wed 16 Sep 2026 05:55:07 +0000
asID:                     216414
IP address blocks:        141.11.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:d9:a6:ba:66:a4:07:8e:08:d6:21:51:66:24:33:fe:49:28:87:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Sep 17 05:50:07 2025 GMT
            Not After : Sep 16 05:55:07 2026 GMT
        Subject: CN=C1E0E0B69633902CE6543A4F0C8E6A57183C461F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:51:2f:fb:d0:d6:4f:19:ad:79:c8:16:57:e8:
                    53:35:1a:b1:56:3c:d6:60:08:e0:0b:c5:10:a1:55:
                    03:1e:b7:c1:86:61:61:bb:17:4f:20:50:71:50:35:
                    93:42:51:f1:ec:e9:27:40:d9:39:1f:14:9b:aa:7b:
                    d6:c4:2a:92:30:6e:51:d4:75:4a:37:09:53:d3:3b:
                    ff:04:4b:f4:a2:4f:73:92:fa:5f:06:53:3f:28:5d:
                    bf:f7:be:df:4c:91:8c:ca:42:5b:13:6a:2d:d8:82:
                    d0:c1:13:75:ac:ae:13:60:ab:d9:90:1a:34:52:6a:
                    85:ef:14:50:b5:c7:17:71:bd:cf:50:49:93:11:a4:
                    db:50:86:a2:b7:6c:7a:4c:09:15:f0:2b:5e:f5:c7:
                    93:71:31:ee:e5:0b:5b:14:e1:f2:a9:ab:27:8c:07:
                    50:0c:42:d3:c8:6a:4c:57:7c:9d:d4:92:a4:5d:fa:
                    83:36:38:b6:7e:95:95:1b:45:e8:bb:50:c1:08:08:
                    85:eb:f5:9b:c3:f6:fe:71:a5:29:95:02:32:a2:4c:
                    55:27:7c:a2:97:15:05:87:41:94:53:1c:73:c2:eb:
                    6e:2f:b8:dd:f2:21:d4:6f:a4:13:5b:29:28:f5:33:
                    fb:d2:85:25:4e:96:f8:e6:86:81:3f:c5:1a:f3:ea:
                    45:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:E0:E0:B6:96:33:90:2C:E6:54:3A:4F:0C:8E:6A:57:18:3C:46:1F
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS216414.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:13:26:eb:aa:fe:62:09:a4:61:94:e3:a3:40:7a:a2:7c:d8:
         3e:67:c4:82:36:3a:0a:b3:67:aa:32:ac:9e:b5:08:37:27:9c:
         c3:b9:e3:f1:04:96:dd:85:0a:94:72:31:a6:09:f4:05:c9:8a:
         91:6c:67:8a:a8:28:32:45:5f:aa:aa:e1:b2:f5:18:26:41:dd:
         6a:08:80:cc:57:be:51:e9:7d:1a:3b:c2:a5:2d:23:ca:23:80:
         bd:0a:e6:f2:1e:7b:3d:aa:45:c2:2b:4d:5e:12:72:53:67:33:
         4c:64:89:3a:76:1e:dd:3d:5d:d6:98:38:68:f3:80:db:d4:05:
         aa:ca:04:8d:60:29:3b:90:db:df:dc:5f:50:39:da:52:a0:26:
         be:e4:a2:45:bb:3d:cd:e8:48:df:5c:3a:74:e9:fd:4c:2c:cc:
         f9:b9:31:46:87:96:a3:c7:f0:71:49:94:7a:c5:93:ee:4f:5d:
         84:02:95:9b:bf:3a:52:c2:7d:c5:fd:9f:8b:81:96:eb:bb:76:
         aa:e3:1a:fc:3c:e8:c0:51:72:90:1b:6a:46:17:1a:2d:13:fc:
         18:30:aa:68:a3:80:f0:6c:54:61:19:57:ee:26:4e:87:46:07:
         df:6d:0d:85:42:23:90:5d:8a:cf:59:28:6a:7b:21:11:00:b0:
         78:5b:44:c4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUO9mmumakB44I1iFRZiQz/kkoh5YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA5MTcwNTUwMDdaFw0yNjA5MTYwNTU1MDdaMDMxMTAvBgNV
BAMTKEMxRTBFMEI2OTYzMzkwMkNFNjU0M0E0RjBDOEU2QTU3MTgzQzQ2MUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8US/70NZPGa15yBZX6FM1GrFW
PNZgCOALxRChVQMet8GGYWG7F08gUHFQNZNCUfHs6SdA2TkfFJuqe9bEKpIwblHU
dUo3CVPTO/8ES/SiT3OS+l8GUz8oXb/3vt9MkYzKQlsTai3YgtDBE3WsrhNgq9mQ
GjRSaoXvFFC1xxdxvc9QSZMRpNtQhqK3bHpMCRXwK171x5NxMe7lC1sU4fKpqyeM
B1AMQtPIakxXfJ3UkqRd+oM2OLZ+lZUbRei7UMEICIXr9ZvD9v5xpSmVAjKiTFUn
fKKXFQWHQZRTHHPC624vuN3yIdRvpBNbKSj1M/vShSVOlvjmhoE/xRrz6kX1AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUweDgtpYzkCzmVDpPDI5qVxg8Rh8wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE2NDE0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQv3
MA0GCSqGSIb3DQEBCwUAA4IBAQCDEybrqv5iCaRhlOOjQHqifNg+Z8SCNjoKs2eq
MqyetQg3J5zDuePxBJbdhQqUcjGmCfQFyYqRbGeKqCgyRV+qquGy9RgmQd1qCIDM
V75R6X0aO8KlLSPKI4C9CubyHns9qkXCK01eEnJTZzNMZIk6dh7dPV3WmDho84Db
1AWqygSNYCk7kNvf3F9QOdpSoCa+5KJFuz3N6EjfXDp06f1MLMz5uTFGh5ajx/Bx
SZR6xZPuT12EApWbvzpSwn3F/Z+LgZbru3aq4xr8POjAUXKQG2pGFxotE/wYMKpo
o4DwbFRhGVfuJk6HRgffbQ2FQiOQXYrPWShqeyERALB4W0TE
-----END CERTIFICATE-----