Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS211439.roa
File:                     AS211439.roa (raw, json)
Hash identifier:          JrRvoZpKdG7xJPQJ0J29wVv4dfvXh8ViiyQtkhUgbBU=
Subject key identifier:   8B:04:E3:ED:C9:00:7A:D0:DB:D3:2B:64:C1:6B:B5:F2:3F:EF:7B:29
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       125C4CBDDA7800CD88EC332918190218AE0F4ED0
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS211439.roa
Signing time:             Tue 24 Mar 2026 12:13:19 +0000
ROA not before:           Tue 24 Mar 2026 12:08:19 +0000
ROA not after:            Tue 23 Mar 2027 12:13:19 +0000
asID:                     211439
IP address blocks:        143.20.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 07:11:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:5c:4c:bd:da:78:00:cd:88:ec:33:29:18:19:02:18:ae:0f:4e:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Mar 24 12:08:19 2026 GMT
            Not After : Mar 23 12:13:19 2027 GMT
        Subject: CN=8B04E3EDC9007AD0DBD32B64C16BB5F23FEF7B29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:27:bc:ea:a8:a4:01:8a:7e:ba:21:47:88:5e:
                    94:5f:29:d1:01:2f:c4:7b:95:6d:12:0e:bb:0e:9c:
                    d3:9c:33:dd:55:e4:cf:4c:e2:34:81:2b:23:0c:d3:
                    10:b3:2c:01:3e:eb:bd:76:f2:ee:24:6a:1a:fe:5c:
                    00:8f:d0:91:6b:62:be:5c:10:50:5f:8d:60:8e:be:
                    cb:f5:d9:a0:0b:09:4f:ee:b2:e1:27:d8:a1:1b:ab:
                    da:61:77:d2:b6:55:7b:67:13:c8:83:a5:65:73:82:
                    4f:61:ac:53:d2:29:92:31:d5:50:49:af:dd:8a:5a:
                    e1:ab:bf:48:04:53:8e:e9:5f:e2:11:69:ab:36:74:
                    0c:24:9f:37:39:8d:29:65:28:24:8c:12:c5:2c:f9:
                    1f:27:88:9b:b4:15:bc:f6:08:a3:23:33:c5:14:b2:
                    7c:48:4f:5d:5c:83:90:65:fa:83:c9:4a:c3:1e:d1:
                    bc:92:3c:c8:20:de:92:de:d0:29:a1:8c:98:0f:0d:
                    7b:da:9b:e4:42:25:41:e6:ce:a0:a0:6e:e4:59:e8:
                    b1:8c:1d:f0:5e:55:b1:74:5d:66:ac:94:3c:ce:d0:
                    9d:16:0c:84:0a:eb:77:c4:aa:8b:bc:71:f1:c7:43:
                    69:61:27:89:c1:18:3a:1d:72:91:ed:65:e0:37:ce:
                    74:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:04:E3:ED:C9:00:7A:D0:DB:D3:2B:64:C1:6B:B5:F2:3F:EF:7B:29
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS211439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:63:79:a9:8f:7e:49:57:04:0e:55:96:dd:62:03:32:18:05:
         a5:f9:c4:a9:ab:60:d2:51:23:b5:7d:66:a5:d7:bf:1f:44:57:
         3c:55:75:b3:ef:3a:2f:80:ba:e9:fb:f0:49:26:82:a4:4c:cc:
         15:ad:2e:5c:33:55:d0:c4:b7:9b:98:f4:2d:77:b3:62:5c:ed:
         b2:b5:be:dc:27:16:95:e2:c4:a4:68:c8:d5:b5:77:99:48:8f:
         d3:27:62:c5:1f:82:73:2c:4b:68:5b:a6:24:29:2c:a1:99:7e:
         f8:df:90:de:91:8c:d0:05:ca:2f:d3:52:31:da:cd:d1:0a:90:
         81:18:b5:83:c1:9f:bd:d8:62:40:7c:51:74:18:f5:01:f5:30:
         92:9e:92:57:71:f7:eb:d0:5b:31:e5:1b:e8:ae:58:3d:ed:07:
         23:64:30:65:c1:e9:42:f2:9a:d4:bb:ff:0f:36:19:cc:b5:a1:
         32:f4:65:17:7b:a2:bc:8e:a1:9d:d3:69:93:1d:ce:19:f1:33:
         bd:4a:d5:28:17:83:aa:a2:89:43:06:fa:8f:d6:7e:25:5d:fd:
         3e:bf:67:37:13:03:2f:d3:ea:7b:fb:12:66:e2:af:d5:bf:46:
         7a:cf:45:92:b0:0c:a7:72:c5:17:29:9f:fd:d5:e0:e6:12:21:
         eb:62:6b:3f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUElxMvdp4AM2I7DMpGBkCGK4PTtAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjAzMjQxMjA4MTlaFw0yNzAzMjMxMjEzMTlaMDMxMTAvBgNV
BAMTKDhCMDRFM0VEQzkwMDdBRDBEQkQzMkI2NEMxNkJCNUYyM0ZFRjdCMjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7J7zqqKQBin66IUeIXpRfKdEB
L8R7lW0SDrsOnNOcM91V5M9M4jSBKyMM0xCzLAE+67128u4kahr+XACP0JFrYr5c
EFBfjWCOvsv12aALCU/usuEn2KEbq9phd9K2VXtnE8iDpWVzgk9hrFPSKZIx1VBJ
r92KWuGrv0gEU47pX+IRaas2dAwknzc5jSllKCSMEsUs+R8niJu0Fbz2CKMjM8UU
snxIT11cg5Bl+oPJSsMe0bySPMgg3pLe0CmhjJgPDXvam+RCJUHmzqCgbuRZ6LGM
HfBeVbF0XWaslDzO0J0WDIQK63fEqou8cfHHQ2lhJ4nBGDodcpHtZeA3znTVAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUiwTj7ckAetDb0ytkwWu18j/veykwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjExNDM5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxTU
MA0GCSqGSIb3DQEBCwUAA4IBAQCXY3mpj35JVwQOVZbdYgMyGAWl+cSpq2DSUSO1
fWal178fRFc8VXWz7zovgLrp+/BJJoKkTMwVrS5cM1XQxLebmPQtd7NiXO2ytb7c
JxaV4sSkaMjVtXeZSI/TJ2LFH4JzLEtoW6YkKSyhmX7435DekYzQBcov01Ix2s3R
CpCBGLWDwZ+92GJAfFF0GPUB9TCSnpJXcffr0Fsx5Rvorlg97QcjZDBlwelC8prU
u/8PNhnMtaEy9GUXe6K8jqGd02mTHc4Z8TO9StUoF4OqoolDBvqP1n4lXf0+v2c3
EwMv0+p7+xJm4q/Vv0Z6z0WSsAyncsUXKZ/91eDmEiHrYms/
-----END CERTIFICATE-----