Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS216245.roa
File:                     AS216245.roa (raw, json)
Hash identifier:          983ZqZQ/M1N4Ys2GP9IKSJCoe8Ctw19eEkzuo0IHU/I=
Subject key identifier:   7C:C4:09:DB:E6:FD:1F:3D:24:BA:95:A2:A7:EA:93:67:20:3E:B9:44
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       6EB4AF6C1CF62EB876879A0FC152F81518FAFB12
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS216245.roa
Signing time:             Tue 24 Feb 2026 00:46:51 +0000
ROA not before:           Tue 24 Feb 2026 00:41:51 +0000
ROA not after:            Tue 23 Feb 2027 00:46:51 +0000
asID:                     216245
IP address blocks:        143.14.104.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:b4:af:6c:1c:f6:2e:b8:76:87:9a:0f:c1:52:f8:15:18:fa:fb:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Feb 24 00:41:51 2026 GMT
            Not After : Feb 23 00:46:51 2027 GMT
        Subject: CN=7CC409DBE6FD1F3D24BA95A2A7EA9367203EB944
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fc:24:67:e5:de:93:46:af:78:62:27:21:cd:24:
                    0b:8c:d5:49:a8:0a:71:13:c6:e0:c7:78:c2:c6:21:
                    fb:f4:5c:4c:85:62:ab:cd:2b:b4:6f:30:0b:45:85:
                    c0:7a:c1:88:d3:54:e8:37:22:cc:c5:4d:93:a5:74:
                    4c:fb:14:36:49:de:44:52:5b:cc:3c:60:72:b9:57:
                    1d:a8:bc:91:82:bb:03:99:22:67:74:87:04:bc:cd:
                    4c:66:4a:10:0b:6e:ef:ff:1a:a7:51:90:40:53:f9:
                    db:8d:09:5a:64:36:f3:9c:ec:a8:63:90:16:69:c8:
                    86:4a:31:da:ad:c5:52:c4:ba:9f:9b:06:c0:1c:f7:
                    8c:67:40:45:e0:fc:ec:6b:e6:c0:69:c0:8e:0e:bf:
                    80:80:93:6d:18:0f:4d:68:be:37:ca:b9:e6:ed:54:
                    ef:36:71:27:5e:87:cc:3d:94:05:49:28:84:1f:3a:
                    0f:3c:b0:e8:89:fe:85:52:6b:4c:87:69:d6:25:19:
                    6a:c7:bf:12:90:de:74:24:0b:90:4f:6c:1a:f7:22:
                    3b:c4:90:4e:02:61:6e:a8:1b:f1:de:30:30:ed:43:
                    76:86:9a:34:de:78:59:e4:c7:3e:bb:fe:01:25:a5:
                    8d:63:20:81:7c:a7:20:4b:58:44:f6:f5:38:d6:ea:
                    f2:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:C4:09:DB:E6:FD:1F:3D:24:BA:95:A2:A7:EA:93:67:20:3E:B9:44
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS216245.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6e:38:ba:13:07:01:19:57:54:46:67:99:62:43:d6:43:52:1b:
         81:32:06:9c:91:05:69:74:10:38:83:25:ab:64:2d:73:ac:9b:
         7d:4f:46:2b:67:6c:7c:b4:3e:5b:0b:a0:8c:2b:ca:09:cb:be:
         9b:b5:f3:85:0a:ad:b2:9e:2a:d9:8b:e4:48:d6:1c:78:fc:70:
         fe:60:10:17:a4:b9:02:a7:2a:1b:c7:22:ab:7e:d8:1a:be:8f:
         f7:09:2f:9d:2c:05:61:b9:fa:58:9f:04:24:e8:a7:62:59:7a:
         3c:19:e7:67:c9:32:25:23:af:07:18:ce:ab:dc:fe:32:a8:2d:
         1b:46:93:ce:3c:e9:53:55:56:2d:a5:a8:3b:54:fe:4d:fe:a9:
         2a:28:d1:16:e5:31:cc:23:26:5e:f7:f0:a5:c4:b8:63:f2:3e:
         cf:4a:20:b7:88:7f:45:f3:7e:23:85:63:27:16:64:0d:3c:00:
         6e:4e:6d:d2:e6:c2:f4:69:c7:81:c5:b2:ec:41:62:3a:5e:57:
         49:31:63:4a:95:50:f5:15:72:8a:ba:f0:8c:91:1e:2b:93:22:
         56:8a:4f:71:8f:54:9d:7e:40:72:55:99:2b:fd:da:78:81:5c:
         31:ba:ff:63:43:92:16:d3:4f:95:c2:f6:a3:cc:7d:1c:5c:b9:
         b2:a3:d9:b8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUbrSvbBz2Lrh2h5oPwVL4FRj6+xIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAyMjQwMDQxNTFaFw0yNzAyMjMwMDQ2NTFaMDMxMTAvBgNV
BAMTKDdDQzQwOURCRTZGRDFGM0QyNEJBOTVBMkE3RUE5MzY3MjAzRUI5NDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD8JGfl3pNGr3hiJyHNJAuM1Umo
CnETxuDHeMLGIfv0XEyFYqvNK7RvMAtFhcB6wYjTVOg3IszFTZOldEz7FDZJ3kRS
W8w8YHK5Vx2ovJGCuwOZImd0hwS8zUxmShALbu//GqdRkEBT+duNCVpkNvOc7Khj
kBZpyIZKMdqtxVLEup+bBsAc94xnQEXg/Oxr5sBpwI4Ov4CAk20YD01ovjfKuebt
VO82cSdeh8w9lAVJKIQfOg88sOiJ/oVSa0yHadYlGWrHvxKQ3nQkC5BPbBr3IjvE
kE4CYW6oG/HeMDDtQ3aGmjTeeFnkxz67/gElpY1jIIF8pyBLWET29TjW6vLNAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUfMQJ2+b9Hz0kupWip+qTZyA+uUQwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE2MjQ1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCjw5o
MA0GCSqGSIb3DQEBCwUAA4IBAQBuOLoTBwEZV1RGZ5liQ9ZDUhuBMgackQVpdBA4
gyWrZC1zrJt9T0YrZ2x8tD5bC6CMK8oJy76btfOFCq2ynirZi+RI1hx4/HD+YBAX
pLkCpyobxyKrftgavo/3CS+dLAVhufpYnwQk6KdiWXo8GednyTIlI68HGM6r3P4y
qC0bRpPOPOlTVVYtpag7VP5N/qkqKNEW5THMIyZe9/ClxLhj8j7PSiC3iH9F834j
hWMnFmQNPABuTm3S5sL0aceBxbLsQWI6XldJMWNKlVD1FXKKuvCMkR4rkyJWik9x
j1SdfkByVZkr/dp4gVwxuv9jQ5IW00+VwvajzH0cXLmyo9m4
-----END CERTIFICATE-----