Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS216349.roa
File:                     AS216349.roa (raw, json)
Hash identifier:          Sevsx6IRppHY7ogJMEx3yKneBp75nLoX/a4CezLSOYw=
Subject key identifier:   7A:5E:2E:0D:A3:01:B3:B9:1A:40:6A:75:61:F6:DE:11:56:56:84:84
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       12794B4C0D8F7E4FF4502D3A33B0BFCFCC3727B5
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS216349.roa
Signing time:             Thu 12 Jun 2025 14:10:21 +0000
ROA not before:           Thu 12 Jun 2025 14:05:21 +0000
ROA not after:            Thu 11 Jun 2026 14:10:21 +0000
asID:                     216349
IP address blocks:        2a0a:9e02::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 12:46:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:79:4b:4c:0d:8f:7e:4f:f4:50:2d:3a:33:b0:bf:cf:cc:37:27:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 12 14:05:21 2025 GMT
            Not After : Jun 11 14:10:21 2026 GMT
        Subject: CN=7A5E2E0DA301B3B91A406A7561F6DE1156568484
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:06:aa:45:28:da:55:7c:f5:d1:fb:6c:2b:b0:
                    50:72:45:57:fc:42:ab:87:ea:1a:8a:1a:5b:6a:ec:
                    96:cc:ac:ae:46:e2:52:fa:82:82:3c:4b:43:6c:57:
                    9d:ea:d7:b3:3d:7c:95:fc:03:54:36:58:11:0e:db:
                    42:2d:0b:72:81:a4:5d:d7:a2:d0:16:4a:47:5f:ab:
                    0a:e6:5d:c1:0e:03:23:a0:f9:72:76:99:13:45:f2:
                    10:2e:cc:f2:78:90:6b:11:89:1b:00:76:09:2c:ad:
                    69:e5:a8:de:af:cd:66:7d:81:76:9d:22:fb:78:f6:
                    a4:83:4d:cf:de:00:2b:34:67:ea:a2:6c:d4:bf:a3:
                    38:69:72:48:14:57:9a:a1:99:44:3e:ba:d9:cf:fb:
                    59:86:2c:b1:8a:88:82:dc:e0:31:9c:5b:11:28:f5:
                    20:d5:12:b0:f7:cc:ad:c0:a3:d9:59:51:ff:e6:ea:
                    48:bd:8f:68:f0:c0:c8:14:a9:44:03:de:2b:53:24:
                    43:cd:14:f3:48:72:1b:db:b8:ab:88:ce:12:c3:7a:
                    28:d1:61:1d:73:0f:9c:ad:d2:55:6d:47:87:20:d3:
                    51:45:f4:56:98:8d:fd:34:52:a1:88:7c:37:01:44:
                    80:8e:63:38:d9:6a:42:e4:5f:53:fa:30:a0:f2:17:
                    5e:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:5E:2E:0D:A3:01:B3:B9:1A:40:6A:75:61:F6:DE:11:56:56:84:84
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS216349.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:9e02::/32

    Signature Algorithm: sha256WithRSAEncryption
         2c:58:7c:52:8e:84:67:35:12:47:e4:53:5b:0e:f7:86:09:6e:
         5f:8e:38:75:8c:a9:db:d8:6f:58:e8:f2:f0:bf:6a:34:4c:2f:
         bc:67:c4:d2:5c:22:4f:6c:14:f6:89:7f:a0:77:b6:3a:84:5b:
         a3:d9:fe:cd:56:77:36:20:e8:1e:27:c2:29:95:1d:d3:f6:ca:
         df:7b:05:68:0b:18:68:56:c2:50:cb:d0:d2:dc:4c:a5:3a:f2:
         f9:66:e1:b9:0c:4d:5d:d1:14:ea:5f:a4:b9:54:1f:64:f6:b2:
         4d:f1:4f:fe:d3:68:29:a6:23:3a:c9:d6:c5:7f:20:bb:7e:86:
         31:5d:ef:21:c5:ce:78:e6:1d:af:90:03:c9:0b:55:59:e2:ec:
         0d:07:ba:9e:14:8f:5e:1f:45:58:e9:da:64:3a:b6:d7:ac:07:
         c2:fb:1d:83:a7:13:89:20:ec:61:f0:57:bd:ff:0b:a9:e9:e5:
         18:89:37:6a:16:a3:d5:91:17:1a:07:4d:30:49:8b:6e:27:49:
         e8:50:2b:7c:33:70:75:6f:83:65:70:76:1e:12:b5:91:3e:4d:
         fd:7f:19:83:e5:63:3b:1f:ac:ef:77:41:d4:63:9b:b9:be:bb:
         f3:16:1e:73:6f:53:d5:a5:d5:d9:57:5f:9a:a8:36:89:b1:00:
         8e:5c:58:28
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIUEnlLTA2Pfk/0UC06M7C/z8w3J7UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MTIxNDA1MjFaFw0yNjA2MTExNDEwMjFaMDMxMTAvBgNV
BAMTKDdBNUUyRTBEQTMwMUIzQjkxQTQwNkE3NTYxRjZERTExNTY1Njg0ODQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIBqpFKNpVfPXR+2wrsFByRVf8
QquH6hqKGltq7JbMrK5G4lL6goI8S0NsV53q17M9fJX8A1Q2WBEO20ItC3KBpF3X
otAWSkdfqwrmXcEOAyOg+XJ2mRNF8hAuzPJ4kGsRiRsAdgksrWnlqN6vzWZ9gXad
Ivt49qSDTc/eACs0Z+qibNS/ozhpckgUV5qhmUQ+utnP+1mGLLGKiILc4DGcWxEo
9SDVErD3zK3Ao9lZUf/m6ki9j2jwwMgUqUQD3itTJEPNFPNIchvbuKuIzhLDeijR
YR1zD5yt0lVtR4cg01FF9FaYjf00UqGIfDcBRICOYzjZakLkX1P6MKDyF16fAgMB
AAGjggILMIICBzAdBgNVHQ4EFgQUel4uDaMBs7kaQGp1YfbeEVZWhIQwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE2MzQ5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgqe
AjANBgkqhkiG9w0BAQsFAAOCAQEALFh8Uo6EZzUSR+RTWw73hgluX444dYyp29hv
WOjy8L9qNEwvvGfE0lwiT2wU9ol/oHe2OoRbo9n+zVZ3NiDoHifCKZUd0/bK33sF
aAsYaFbCUMvQ0txMpTry+WbhuQxNXdEU6l+kuVQfZPayTfFP/tNoKaYjOsnWxX8g
u36GMV3vIcXOeOYdr5ADyQtVWeLsDQe6nhSPXh9FWOnaZDq216wHwvsdg6cTiSDs
YfBXvf8LqenlGIk3ahaj1ZEXGgdNMEmLbidJ6FArfDNwdW+DZXB2HhK1kT5N/X8Z
g+VjOx+s73dB1GObub678xYec29T1aXV2Vdfmqg2ibEAjlxYKA==
-----END CERTIFICATE-----