Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS211577.roa
File:                     AS211577.roa (raw, json)
Hash identifier:          wsLU1I3Bs6xHV66zD2uTdKf3P5cSkPYSA0JEXvMfdqE=
Subject key identifier:   55:A4:FA:25:55:CD:FB:87:91:EC:54:47:AA:F5:05:44:67:AA:C3:FC
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       612E10CEA0796F21EC658981304F7E7C962CC884
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS211577.roa
Signing time:             Mon 02 Feb 2026 00:08:16 +0000
ROA not before:           Mon 02 Feb 2026 00:03:16 +0000
ROA not after:            Mon 01 Feb 2027 00:08:16 +0000
asID:                     211577
IP address blocks:        2a13:9500:12f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:2e:10:ce:a0:79:6f:21:ec:65:89:81:30:4f:7e:7c:96:2c:c8:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Feb  2 00:03:16 2026 GMT
            Not After : Feb  1 00:08:16 2027 GMT
        Subject: CN=55A4FA2555CDFB8791EC5447AAF5054467AAC3FC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:f3:05:79:0e:8a:0c:08:ee:17:c4:64:5d:2a:
                    d0:50:b0:92:c2:56:d8:10:7e:4f:33:4d:3a:1e:e4:
                    2c:d3:d7:b6:38:e1:55:e6:92:f8:07:80:53:44:5e:
                    7b:84:88:ad:40:51:89:41:f0:fc:37:f7:3b:be:7e:
                    98:04:c0:7e:3c:71:51:3c:4b:22:6c:d0:77:d9:54:
                    3b:c1:ef:63:53:d2:9c:c6:e9:b8:bb:11:b6:1a:84:
                    76:de:ca:73:be:2c:a9:8a:4e:a6:93:28:21:5a:e2:
                    50:a8:ad:0e:0d:98:ba:df:c0:71:4f:8a:34:56:fb:
                    cb:21:5d:2b:1c:6d:76:79:a0:86:69:98:d9:60:5a:
                    6f:71:9a:43:22:bb:c7:16:80:93:e6:38:e7:e2:1b:
                    44:52:6d:f5:f4:b1:e6:b4:2f:3d:ce:1f:c3:0a:3c:
                    b4:c8:4e:80:e8:1f:93:69:82:1f:a1:09:6f:0d:69:
                    a6:0f:d3:7b:21:0b:a4:0a:99:a6:70:c7:94:02:f6:
                    9f:42:b9:5e:88:59:17:d3:d0:1e:90:70:8c:0a:6d:
                    2d:ee:13:f0:5e:fc:5a:30:5f:6e:65:a3:15:98:8e:
                    2c:05:66:a2:03:69:9a:74:95:22:5c:73:24:c2:84:
                    01:e3:47:36:58:15:c5:d3:98:3d:16:fc:cc:91:fe:
                    f9:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:A4:FA:25:55:CD:FB:87:91:EC:54:47:AA:F5:05:44:67:AA:C3:FC
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS211577.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:12f::/48

    Signature Algorithm: sha256WithRSAEncryption
         45:4c:d3:d1:fc:7f:8b:34:1d:4c:4b:41:91:1b:32:b4:6e:23:
         95:52:e0:c7:b5:17:86:b5:ef:95:9b:fa:2b:00:ce:27:74:f6:
         02:1d:b3:02:bf:76:3a:cb:75:3f:75:24:91:6c:ca:f0:69:00:
         df:e3:3d:d8:ad:61:f3:2c:c5:6b:35:8a:a2:98:e2:2c:68:ee:
         3c:17:5b:cf:e4:eb:eb:f9:a7:05:56:29:bf:9b:23:61:8f:47:
         64:8a:23:2d:5b:f6:b3:2a:da:82:69:30:b3:57:61:a6:a0:fb:
         cf:56:60:5f:db:5b:a2:e4:86:ab:db:95:56:9f:f2:e1:08:0b:
         73:9f:8f:b0:85:11:81:b5:32:9b:ec:e5:03:2c:16:f9:30:a4:
         f8:2e:1a:e7:fa:9f:80:8e:80:ea:1c:fb:9b:b8:9c:ed:b9:a8:
         f7:a5:df:55:91:45:41:bd:42:26:c7:ca:db:f8:64:ab:e5:e8:
         a1:6c:1f:9c:dd:77:44:55:99:2d:13:1e:0d:38:f5:6f:f4:2d:
         9f:57:b1:62:65:42:e4:2c:8d:ea:3f:31:5c:73:29:30:7c:c7:
         6e:52:ed:2f:e2:b6:cb:dc:4c:ab:cb:f7:64:a6:eb:7d:9c:1c:
         34:90:da:05:ab:ba:08:5c:94:1b:f0:cd:05:cd:df:bc:ec:cd:
         a0:99:ea:99
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUYS4QzqB5byHsZYmBME9+fJYsyIQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAyMDIwMDAzMTZaFw0yNzAyMDEwMDA4MTZaMDMxMTAvBgNV
BAMTKDU1QTRGQTI1NTVDREZCODc5MUVDNTQ0N0FBRjUwNTQ0NjdBQUMzRkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCU8wV5DooMCO4XxGRdKtBQsJLC
VtgQfk8zTToe5CzT17Y44VXmkvgHgFNEXnuEiK1AUYlB8Pw39zu+fpgEwH48cVE8
SyJs0HfZVDvB72NT0pzG6bi7EbYahHbeynO+LKmKTqaTKCFa4lCorQ4NmLrfwHFP
ijRW+8shXSscbXZ5oIZpmNlgWm9xmkMiu8cWgJPmOOfiG0RSbfX0sea0Lz3OH8MK
PLTIToDoH5Npgh+hCW8NaaYP03shC6QKmaZwx5QC9p9CuV6IWRfT0B6QcIwKbS3u
E/Be/FowX25loxWYjiwFZqIDaZp0lSJccyTChAHjRzZYFcXTmD0W/MyR/vkXAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUVaT6JVXN+4eR7FRHqvUFRGeqw/wwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjExNTc3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAEvMA0GCSqGSIb3DQEBCwUAA4IBAQBFTNPR/H+LNB1MS0GRGzK0biOVUuDHtReG
te+Vm/orAM4ndPYCHbMCv3Y6y3U/dSSRbMrwaQDf4z3YrWHzLMVrNYqimOIsaO48
F1vP5Ovr+acFVim/myNhj0dkiiMtW/azKtqCaTCzV2GmoPvPVmBf21ui5Iar25VW
n/LhCAtzn4+whRGBtTKb7OUDLBb5MKT4Lhrn+p+AjoDqHPubuJztuaj3pd9VkUVB
vUImx8rb+GSr5eihbB+c3XdEVZktEx4NOPVv9C2fV7FiZULkLI3qPzFccykwfMdu
Uu0v4rbL3Eyry/dkput9nBw0kNoFq7oIXJQb8M0Fzd+87M2gmeqZ
-----END CERTIFICATE-----