Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS213690.roa
File:                     AS213690.roa (raw, json)
Hash identifier:          SI90S+N4RTyVLPAkNdA3DWzhcyKFPzSZeJQqaXtsh7s=
Subject key identifier:   12:07:46:1C:9E:4C:B5:55:35:16:7B:58:29:E6:CA:46:48:B2:30:A0
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       29849D86C1B3B139FA3CBE4556A894F1F29E5241
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS213690.roa
Signing time:             Tue 09 Jun 2026 01:25:54 +0000
ROA not before:           Tue 09 Jun 2026 01:20:54 +0000
ROA not after:            Tue 08 Jun 2027 01:25:54 +0000
asID:                     213690
IP address blocks:        146.103.34.0/24 maxlen: 24
                          168.222.81.0/24 maxlen: 24
                          168.222.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 19:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:84:9d:86:c1:b3:b1:39:fa:3c:be:45:56:a8:94:f1:f2:9e:52:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun  9 01:20:54 2026 GMT
            Not After : Jun  8 01:25:54 2027 GMT
        Subject: CN=1207461C9E4CB55535167B5829E6CA4648B230A0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:1f:4b:e7:b0:af:33:35:1f:f3:dd:cc:f9:71:
                    72:46:6c:48:b0:05:d4:9a:3d:40:f0:2f:04:54:8b:
                    45:e4:2d:a6:4c:60:f6:7d:fc:5a:87:eb:68:b1:85:
                    02:12:12:d9:e1:f3:f0:81:8d:83:36:79:60:ac:05:
                    11:44:68:12:b1:85:f5:52:3e:e9:e3:96:d0:51:7a:
                    a2:bf:f9:1e:ac:0f:79:15:da:1a:46:fe:a9:56:5f:
                    9d:fa:43:fa:62:fc:2a:b7:b4:b1:b4:b1:82:bc:99:
                    1d:f6:24:fb:f7:49:9b:4f:6a:af:77:38:2f:14:f6:
                    db:66:89:f8:cb:66:53:3e:57:14:b1:3e:27:f5:7d:
                    84:b9:a6:44:fc:ab:55:2a:23:ce:ea:a0:bf:3e:f8:
                    6f:f0:fb:76:50:21:d6:e8:e5:e1:c7:f5:f0:6e:2d:
                    e3:95:24:24:56:3a:ae:c2:1e:cc:a5:85:b6:5a:8a:
                    e4:d5:91:e6:06:86:c1:28:9c:22:3b:a6:d3:c5:43:
                    6e:61:0e:95:b6:a1:e5:e7:6c:ac:44:4d:0e:7b:58:
                    3c:f2:10:94:6b:d5:62:2b:6b:6d:46:fa:70:40:8d:
                    de:17:4d:78:18:10:37:41:8e:19:d3:31:7e:0c:b7:
                    23:81:58:26:de:16:d2:be:90:2a:c1:76:18:11:8b:
                    50:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:07:46:1C:9E:4C:B5:55:35:16:7B:58:29:E6:CA:46:48:B2:30:A0
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS213690.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.34.0/24
                  168.222.81.0/24
                  168.222.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:86:8b:f3:95:99:df:28:21:0a:2a:fd:53:af:6d:27:4f:a6:
         ff:58:4f:df:63:e3:db:d1:5b:bf:69:9f:ab:2c:c1:90:1b:e3:
         f1:f7:d1:9e:ff:5e:9b:dc:04:cc:bc:f9:02:bf:59:e9:e1:2c:
         37:7c:74:0d:22:55:3c:cb:59:cb:63:f2:6c:15:39:78:12:66:
         c0:d7:40:1c:bc:89:80:59:8e:17:9d:73:25:85:5f:fa:12:06:
         d4:55:7b:04:f9:4c:5d:99:49:db:b4:24:98:4f:46:18:41:66:
         f9:6c:c6:b0:3e:8c:a9:cb:13:3e:27:c0:56:39:54:e8:88:a4:
         9d:cc:8c:ca:c0:49:6c:5f:8d:48:ca:0e:12:cb:f6:88:c4:cc:
         67:b9:b7:f1:ef:55:70:fe:0e:e8:c3:df:e7:cd:4f:cf:9f:1b:
         bb:9c:44:66:d2:f8:6b:48:6f:76:03:4d:40:ad:c0:da:8e:13:
         87:80:87:57:aa:6c:7e:0f:ce:d1:3f:de:91:d1:c2:90:4f:a6:
         cf:8b:e8:f4:12:4e:a0:88:b2:ab:44:2f:ff:85:91:de:a3:09:
         d5:37:ca:49:40:6b:93:d4:44:d4:39:7f:58:f5:d7:04:2f:64:
         b0:e7:56:95:71:30:ea:9e:06:c2:e6:b5:e8:50:4e:ef:fc:62:
         e9:66:46:a5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUKYSdhsGzsTn6PL5FVqiU8fKeUkEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MDkwMTIwNTRaFw0yNzA2MDgwMTI1NTRaMDMxMTAvBgNV
BAMTKDEyMDc0NjFDOUU0Q0I1NTUzNTE2N0I1ODI5RTZDQTQ2NDhCMjMwQTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClH0vnsK8zNR/z3cz5cXJGbEiw
BdSaPUDwLwRUi0XkLaZMYPZ9/FqH62ixhQISEtnh8/CBjYM2eWCsBRFEaBKxhfVS
PunjltBReqK/+R6sD3kV2hpG/qlWX536Q/pi/Cq3tLG0sYK8mR32JPv3SZtPaq93
OC8U9ttmifjLZlM+VxSxPif1fYS5pkT8q1UqI87qoL8++G/w+3ZQIdbo5eHH9fBu
LeOVJCRWOq7CHsylhbZaiuTVkeYGhsEonCI7ptPFQ25hDpW2oeXnbKxETQ57WDzy
EJRr1WIra21G+nBAjd4XTXgYEDdBjhnTMX4MtyOBWCbeFtK+kCrBdhgRi1BXAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUEgdGHJ5MtVU1FntYKebKRkiyMKAwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjEzNjkwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAkmci
AwQAqN5RAwQAqN5TMA0GCSqGSIb3DQEBCwUAA4IBAQCfhovzlZnfKCEKKv1Tr20n
T6b/WE/fY+Pb0Vu/aZ+rLMGQG+Px99Ge/16b3ATMvPkCv1np4Sw3fHQNIlU8y1nL
Y/JsFTl4EmbA10AcvImAWY4XnXMlhV/6EgbUVXsE+UxdmUnbtCSYT0YYQWb5bMaw
PoypyxM+J8BWOVToiKSdzIzKwElsX41Iyg4Sy/aIxMxnubfx71Vw/g7ow9/nzU/P
nxu7nERm0vhrSG92A01ArcDajhOHgIdXqmx+D87RP96R0cKQT6bPi+j0Ek6giLKr
RC//hZHeownVN8pJQGuT1ETUOX9Y9dcEL2Sw51aVcTDqngbC5rXoUE7v/GLpZkal
-----END CERTIFICATE-----