Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS216211.roa
File:                     AS216211.roa (raw, json)
Hash identifier:          rbPb9fxoEDO9QCQDvcKBP6W1l6gmCRNkIgW51UhYBn0=
Subject key identifier:   D4:1E:0F:30:49:75:D7:DE:C6:34:63:CA:B2:15:FB:63:D3:68:C6:C7
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       1D13DF8E7788B352218BC428230D65B8D36A187C
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS216211.roa
Signing time:             Thu 09 Apr 2026 10:48:21 +0000
ROA not before:           Thu 09 Apr 2026 10:43:21 +0000
ROA not after:            Thu 08 Apr 2027 10:48:21 +0000
asID:                     216211
IP address blocks:        82.40.40.0/21 maxlen: 24
                          2a13:9500:116::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:13:df:8e:77:88:b3:52:21:8b:c4:28:23:0d:65:b8:d3:6a:18:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr  9 10:43:21 2026 GMT
            Not After : Apr  8 10:48:21 2027 GMT
        Subject: CN=D41E0F304975D7DEC63463CAB215FB63D368C6C7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:79:27:35:8f:1c:53:03:5b:59:8b:fe:ac:0d:
                    31:34:49:8e:20:10:a9:61:1c:e8:00:15:dd:b0:9d:
                    6f:6b:ad:4d:80:08:37:fd:ca:b3:a1:ea:98:d6:74:
                    e6:d0:c1:a3:e3:41:52:1b:95:26:47:98:de:c3:e6:
                    a2:cc:7f:b5:61:42:46:3d:22:f6:27:4c:45:34:40:
                    dc:d0:49:4c:42:df:2b:94:51:e3:1c:11:1b:ed:0a:
                    d8:c1:48:f9:b5:8c:51:72:13:ad:93:d9:b5:06:43:
                    ad:dd:a8:27:6f:75:06:ae:c3:5f:57:09:b0:c8:74:
                    f8:fb:45:e9:0c:6e:63:c7:59:8d:44:74:1f:36:bb:
                    2f:e8:f5:2c:99:53:31:52:26:b3:6d:39:f2:5b:de:
                    f1:58:3c:cd:a7:e8:82:5d:bf:94:09:53:e2:02:d7:
                    4a:3b:85:8c:7f:bf:66:bd:a7:fd:60:70:8d:30:dc:
                    2a:29:49:cd:fa:82:4d:88:de:6f:65:28:be:82:99:
                    b0:a5:e0:ac:48:29:ba:59:3c:83:78:cb:d4:66:a8:
                    0d:00:ad:50:96:9f:a8:76:8f:d7:32:18:34:1b:1f:
                    17:b6:37:9a:bb:c2:b8:11:e7:99:c2:81:45:d9:91:
                    67:43:90:20:4c:2a:73:48:18:78:fe:c5:6d:c2:cb:
                    53:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:1E:0F:30:49:75:D7:DE:C6:34:63:CA:B2:15:FB:63:D3:68:C6:C7
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS216211.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.40.40.0/21
                IPv6:
                  2a13:9500:116::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:e6:42:e1:1f:d9:8b:62:90:c4:d9:62:ff:78:64:62:64:46:
         93:52:49:40:09:65:ca:a6:6b:f7:2a:6a:2e:38:c2:87:84:c8:
         f5:5d:80:77:28:a5:a7:52:67:e4:86:dc:29:20:10:f4:27:1f:
         a1:97:7a:37:fa:38:8c:6f:f4:48:ec:cc:fc:58:e5:7b:8b:b2:
         b2:f5:53:cf:aa:3c:8e:75:1f:ed:8a:f8:60:ba:a0:4f:63:04:
         65:9f:f9:38:52:6d:67:a1:43:b9:c6:c5:4c:ab:55:27:d5:a9:
         bc:64:29:06:07:c2:4f:56:f2:21:09:cf:07:15:b5:78:a6:fe:
         e3:8b:a6:93:90:a3:af:ae:b9:3c:5e:3d:2c:d7:5d:6e:88:9b:
         97:86:39:1f:ae:51:d5:ff:57:ec:e5:47:f4:61:8e:64:ee:9d:
         8a:37:6c:a3:c2:15:7a:0a:be:26:c1:c8:56:48:5c:7a:52:a4:
         5b:40:14:0d:08:e6:90:56:e6:fe:bd:6f:ac:8c:8c:4e:71:ca:
         ae:e4:36:7a:5a:e6:4b:85:b2:50:bc:2b:c0:71:7d:1f:ca:af:
         e4:1c:48:48:a7:17:c0:77:d2:36:9c:da:fc:8c:bf:23:09:ad:
         5e:f5:08:c4:c3:1e:15:06:ae:ae:8c:71:94:60:bf:7e:3a:ff:
         c4:ef:1c:b4
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIUHRPfjneIs1Ihi8QoIw1luNNqGHwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MDkxMDQzMjFaFw0yNzA0MDgxMDQ4MjFaMDMxMTAvBgNV
BAMTKEQ0MUUwRjMwNDk3NUQ3REVDNjM0NjNDQUIyMTVGQjYzRDM2OEM2QzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3eSc1jxxTA1tZi/6sDTE0SY4g
EKlhHOgAFd2wnW9rrU2ACDf9yrOh6pjWdObQwaPjQVIblSZHmN7D5qLMf7VhQkY9
IvYnTEU0QNzQSUxC3yuUUeMcERvtCtjBSPm1jFFyE62T2bUGQ63dqCdvdQauw19X
CbDIdPj7RekMbmPHWY1EdB82uy/o9SyZUzFSJrNtOfJb3vFYPM2n6IJdv5QJU+IC
10o7hYx/v2a9p/1gcI0w3CopSc36gk2I3m9lKL6CmbCl4KxIKbpZPIN4y9RmqA0A
rVCWn6h2j9cyGDQbHxe2N5q7wrgR55nCgUXZkWdDkCBMKnNIGHj+xW3Cy1P/AgMB
AAGjggIbMIICFzAdBgNVHQ4EFgQU1B4PMEl1197GNGPKshX7Y9NoxscwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE2MjExLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDUigo
MA8EAgACMAkDBwAqE5UAARYwDQYJKoZIhvcNAQELBQADggEBAJ7mQuEf2YtikMTZ
Yv94ZGJkRpNSSUAJZcqma/cqai44woeEyPVdgHcopadSZ+SG3CkgEPQnH6GXejf6
OIxv9EjszPxY5XuLsrL1U8+qPI51H+2K+GC6oE9jBGWf+ThSbWehQ7nGxUyrVSfV
qbxkKQYHwk9W8iEJzwcVtXim/uOLppOQo6+uuTxePSzXXW6Im5eGOR+uUdX/V+zl
R/RhjmTunYo3bKPCFXoKvibByFZIXHpSpFtAFA0I5pBW5v69b6yMjE5xyq7kNnpa
5kuFslC8K8BxfR/Kr+QcSEinF8B30jac2vyMvyMJrV71CMTDHhUGrq6McZRgv346
/8TvHLQ=
-----END CERTIFICATE-----