Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS211407.roa
File:                     AS211407.roa (raw, json)
Hash identifier:          TAFNN8ZabCFIydE7cnSmBHMkWtH5G55IK5xYCEZZjzo=
Subject key identifier:   E6:D8:12:38:D5:09:24:D2:1D:C3:47:0A:56:11:EA:75:E0:14:67:93
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       4B8DAEADE3DA72EB2824CEB2A4C261CDFB691698
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS211407.roa
Signing time:             Sat 04 Apr 2026 05:26:38 +0000
ROA not before:           Sat 04 Apr 2026 05:21:38 +0000
ROA not after:            Sat 03 Apr 2027 05:26:38 +0000
asID:                     211407
IP address blocks:        45.158.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:8d:ae:ad:e3:da:72:eb:28:24:ce:b2:a4:c2:61:cd:fb:69:16:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Apr  4 05:21:38 2026 GMT
            Not After : Apr  3 05:26:38 2027 GMT
        Subject: CN=E6D81238D50924D21DC3470A5611EA75E0146793
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:04:25:97:1a:36:dd:a8:a1:cc:2b:36:e3:ec:
                    92:c4:b2:a1:df:58:1c:d1:73:db:f1:0b:f7:38:3c:
                    b4:4b:bb:19:99:1c:4e:6f:27:74:66:ae:f8:fa:39:
                    95:8e:15:d3:9f:fb:d4:f9:73:45:fe:6b:3f:df:76:
                    d6:0d:62:e4:16:e4:14:75:ae:81:ee:6e:d6:f1:3e:
                    c2:3b:3e:a8:90:5a:85:6e:53:fe:91:ca:e7:85:8d:
                    62:bc:cc:7a:60:b3:8f:79:92:c0:c5:6c:17:85:3d:
                    33:fb:80:25:6b:4d:af:03:a4:7c:56:63:da:d5:1a:
                    3d:dc:3a:35:f4:c0:a1:8c:59:e3:69:e6:7a:88:f7:
                    b3:69:da:c7:6e:6d:31:17:ed:31:e9:10:c7:19:19:
                    23:5c:18:6a:6e:8e:be:a5:b3:6b:42:2c:c8:40:46:
                    a1:76:b0:04:a9:89:7a:62:b8:b9:45:85:16:83:6b:
                    5c:f7:6a:b9:bc:fc:dd:31:30:ef:8a:d2:7d:28:a7:
                    1e:bb:a0:5a:58:f3:2d:81:40:d4:e8:11:2a:02:69:
                    d9:5f:5d:95:c3:65:ab:f7:eb:06:0e:07:0a:cb:8e:
                    42:85:63:5d:7b:e4:06:93:f0:df:94:33:bb:c3:d8:
                    2c:11:b4:23:ce:a0:c4:6e:4d:bd:3d:a4:aa:46:77:
                    ba:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:D8:12:38:D5:09:24:D2:1D:C3:47:0A:56:11:EA:75:E0:14:67:93
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS211407.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:7b:d5:84:44:fa:98:cc:27:de:b9:91:ae:9c:93:bd:36:79:
         66:cf:3b:70:a1:36:6b:75:4b:c6:ff:82:1d:f1:9f:e2:49:b1:
         2a:17:b9:35:49:53:0d:0d:3f:78:66:02:fa:7e:bb:0f:04:25:
         5b:94:7c:3f:96:47:b3:9a:73:2a:99:32:da:86:9b:a0:4d:82:
         e0:12:36:ae:28:b3:3f:00:14:0c:70:1e:e5:ba:45:d6:30:43:
         27:90:96:10:83:2c:38:1e:34:6a:40:a7:a2:4d:88:46:fd:77:
         76:e6:f7:d2:41:3e:54:5b:d7:fe:e6:60:e8:93:6a:cc:c2:e1:
         8f:7b:76:0c:4b:09:c1:55:7b:e2:3f:40:02:f5:94:d6:40:79:
         0f:aa:33:eb:b3:85:af:4a:34:c7:43:e6:a1:a7:68:18:ba:ab:
         4b:80:8f:81:8a:bb:91:41:cc:36:3c:d3:9e:be:29:b4:6b:68:
         0b:71:20:85:15:e5:b1:2c:73:36:58:28:91:a9:c3:c4:41:c8:
         b1:e3:c6:0c:63:34:79:56:38:99:2c:10:a4:4f:07:7f:d7:08:
         ad:e6:d3:39:fb:b4:21:2b:58:d0:f1:47:04:29:2e:4a:a7:20:
         89:70:a5:b9:f4:d4:5e:a1:1e:81:64:58:f1:05:c1:02:cf:c2:
         26:4f:76:97
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUS42urePacusoJM6ypMJhzftpFpgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjA0MDQwNTIxMzhaFw0yNzA0MDMwNTI2MzhaMDMxMTAvBgNV
BAMTKEU2RDgxMjM4RDUwOTI0RDIxREMzNDcwQTU2MTFFQTc1RTAxNDY3OTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrBCWXGjbdqKHMKzbj7JLEsqHf
WBzRc9vxC/c4PLRLuxmZHE5vJ3Rmrvj6OZWOFdOf+9T5c0X+az/fdtYNYuQW5BR1
roHubtbxPsI7PqiQWoVuU/6RyueFjWK8zHpgs495ksDFbBeFPTP7gCVrTa8DpHxW
Y9rVGj3cOjX0wKGMWeNp5nqI97Np2sdubTEX7THpEMcZGSNcGGpujr6ls2tCLMhA
RqF2sASpiXpiuLlFhRaDa1z3arm8/N0xMO+K0n0opx67oFpY8y2BQNToESoCadlf
XZXDZav36wYOBwrLjkKFY1175AaT8N+UM7vD2CwRtCPOoMRuTb09pKpGd7orAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU5tgSONUJJNIdw0cKVhHqdeAUZ5MwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjExNDA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ4K
MA0GCSqGSIb3DQEBCwUAA4IBAQBGe9WERPqYzCfeuZGunJO9NnlmzztwoTZrdUvG
/4Id8Z/iSbEqF7k1SVMNDT94ZgL6frsPBCVblHw/lkezmnMqmTLahpugTYLgEjau
KLM/ABQMcB7lukXWMEMnkJYQgyw4HjRqQKeiTYhG/Xd25vfSQT5UW9f+5mDok2rM
wuGPe3YMSwnBVXviP0AC9ZTWQHkPqjPrs4WvSjTHQ+ahp2gYuqtLgI+BiruRQcw2
PNOevim0a2gLcSCFFeWxLHM2WCiRqcPEQcix48YMYzR5VjiZLBCkTwd/1wit5tM5
+7QhK1jQ8UcEKS5KpyCJcKW59NReoR6BZFjxBcECz8ImT3aX
-----END CERTIFICATE-----