Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS212150.roa
File:                     AS212150.roa (raw, json)
Hash identifier:          mjco3R1x9J7MNIak3g0DsE0kng3bDwl1/tS1bDtktss=
Subject key identifier:   AB:DD:CB:6E:16:F8:06:C5:C2:5C:E4:D7:3B:17:C2:6A:DB:4B:91:DA
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       5243D955A53B863A52E5DD06A0007144951C8949
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS212150.roa
Signing time:             Sat 07 Feb 2026 22:03:34 +0000
ROA not before:           Sat 07 Feb 2026 21:58:34 +0000
ROA not after:            Sat 06 Feb 2027 22:03:34 +0000
asID:                     212150
IP address blocks:        155.117.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:43:d9:55:a5:3b:86:3a:52:e5:dd:06:a0:00:71:44:95:1c:89:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Feb  7 21:58:34 2026 GMT
            Not After : Feb  6 22:03:34 2027 GMT
        Subject: CN=ABDDCB6E16F806C5C25CE4D73B17C26ADB4B91DA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:30:65:66:6d:28:dd:fd:86:42:cd:1a:a1:64:
                    92:23:23:69:89:1a:ec:af:1d:1f:98:a9:0a:26:bd:
                    3d:0e:01:6d:95:f8:44:92:05:4b:d8:c8:2e:c5:0f:
                    1f:f6:8e:3e:bc:55:2e:ee:a6:4f:f2:fe:4a:3b:d5:
                    f7:8b:04:91:a8:26:f4:ae:07:9e:27:65:0d:66:72:
                    cd:a2:0d:cc:06:3c:d7:c5:69:02:98:6e:4e:59:ef:
                    78:c8:4f:02:cc:51:c0:16:d4:63:24:56:ba:d7:c2:
                    5e:66:17:8a:7f:ee:96:3b:d4:63:ca:8a:d0:7a:e0:
                    46:e9:39:78:ff:97:87:a8:30:66:b6:33:10:cd:c8:
                    f2:6c:81:0a:d8:c3:ee:b9:11:50:2e:eb:ed:64:c9:
                    ec:7a:25:5e:7d:75:db:60:ac:14:f0:cf:53:42:5e:
                    ad:58:bf:65:68:36:e1:e4:e0:4f:52:b4:e8:87:77:
                    bf:ff:ca:1a:ef:b2:9e:62:b4:a2:9a:e9:4a:3c:a7:
                    71:2b:8e:df:35:b1:a5:e4:cf:61:4e:6e:58:44:f0:
                    fb:83:ae:7a:9d:e3:fd:00:52:36:4b:25:38:2a:1f:
                    66:bc:37:58:ed:f7:02:ba:4d:0b:88:78:f0:6e:ba:
                    f0:16:de:66:2f:32:fc:cd:e5:75:26:cd:af:c6:b7:
                    a8:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:DD:CB:6E:16:F8:06:C5:C2:5C:E4:D7:3B:17:C2:6A:DB:4B:91:DA
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS212150.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:a5:96:68:e2:2c:a7:25:ea:f6:54:d4:10:41:69:94:30:c4:
         de:2d:7d:18:3c:61:a2:74:e7:9f:ba:df:90:4d:63:75:81:0e:
         22:d9:55:33:c6:b8:91:04:00:32:08:7f:e0:09:96:a2:33:d7:
         a4:a7:dc:37:bd:4c:dd:9c:e5:4c:60:f6:39:9e:0d:22:c3:51:
         8e:8d:2e:6f:1f:3f:6a:6e:0d:e8:f7:8f:d5:86:e5:d0:a0:10:
         3d:ad:05:9c:4a:bf:a4:70:fe:e8:16:9f:18:fa:6c:cf:5c:b2:
         f0:d1:13:a9:da:d0:6e:54:19:9a:ab:5d:5a:ff:1f:a0:1a:69:
         4b:6d:4d:11:39:b7:0c:61:72:a6:20:53:56:ac:2a:a7:2e:6e:
         a3:58:4e:b1:95:82:5e:dd:17:68:4b:37:9d:11:2c:52:62:d4:
         fa:9e:12:25:c4:0f:58:fb:98:38:8c:9f:68:71:7e:03:3e:63:
         e4:19:05:30:4f:9f:7b:d8:73:86:a1:dc:87:d4:67:8d:82:de:
         d5:97:79:13:94:d6:cb:08:78:da:cd:e5:f6:c3:0a:62:d0:62:
         c4:a8:a3:25:16:01:d5:41:68:b7:d8:84:0d:ed:f1:e9:57:8f:
         92:f3:07:6b:bf:db:5a:86:0e:b5:9a:b2:ff:87:b1:ae:76:e4:
         0b:a9:c4:e4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUUkPZVaU7hjpS5d0GoABxRJUciUkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAyMDcyMTU4MzRaFw0yNzAyMDYyMjAzMzRaMDMxMTAvBgNV
BAMTKEFCRERDQjZFMTZGODA2QzVDMjVDRTRENzNCMTdDMjZBREI0QjkxREEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkMGVmbSjd/YZCzRqhZJIjI2mJ
GuyvHR+YqQomvT0OAW2V+ESSBUvYyC7FDx/2jj68VS7upk/y/ko71feLBJGoJvSu
B54nZQ1mcs2iDcwGPNfFaQKYbk5Z73jITwLMUcAW1GMkVrrXwl5mF4p/7pY71GPK
itB64EbpOXj/l4eoMGa2MxDNyPJsgQrYw+65EVAu6+1kyex6JV59ddtgrBTwz1NC
Xq1Yv2VoNuHk4E9StOiHd7//yhrvsp5itKKa6Uo8p3Erjt81saXkz2FOblhE8PuD
rnqd4/0AUjZLJTgqH2a8N1jt9wK6TQuIePBuuvAW3mYvMvzN5XUmza/Gt6iTAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUq93Lbhb4BsXCXOTXOxfCattLkdowHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjEyMTUwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAm3WR
MA0GCSqGSIb3DQEBCwUAA4IBAQCfpZZo4iynJer2VNQQQWmUMMTeLX0YPGGidOef
ut+QTWN1gQ4i2VUzxriRBAAyCH/gCZaiM9ekp9w3vUzdnOVMYPY5ng0iw1GOjS5v
Hz9qbg3o94/VhuXQoBA9rQWcSr+kcP7oFp8Y+mzPXLLw0ROp2tBuVBmaq11a/x+g
GmlLbU0RObcMYXKmIFNWrCqnLm6jWE6xlYJe3RdoSzedESxSYtT6nhIlxA9Y+5g4
jJ9ocX4DPmPkGQUwT5972HOGodyH1GeNgt7Vl3kTlNbLCHjazeX2wwpi0GLEqKMl
FgHVQWi32IQN7fHpV4+S8wdrv9tahg61mrL/h7GuduQLqcTk
-----END CERTIFICATE-----