Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS212238.roa
File:                     AS212238.roa (raw, json)
Hash identifier:          q7UR8fry12Sz5HYqbRyDA5qQGbUaCM7TPE9GPkzRZkA=
Subject key identifier:   0D:D3:6C:30:6E:E0:68:99:60:4B:4D:D6:B7:E1:4E:8D:1D:09:A2:95
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       6959EF32AEF0957DBDBD535158FF54EA82A4360D
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS212238.roa
Signing time:             Sun 24 May 2026 00:00:10 +0000
ROA not before:           Sat 23 May 2026 23:55:10 +0000
ROA not after:            Sun 23 May 2027 00:00:10 +0000
asID:                     212238
IP address blocks:        45.151.46.0/24 maxlen: 24
                          193.142.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 17:54:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:59:ef:32:ae:f0:95:7d:bd:bd:53:51:58:ff:54:ea:82:a4:36:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: May 23 23:55:10 2026 GMT
            Not After : May 23 00:00:10 2027 GMT
        Subject: CN=0DD36C306EE06899604B4DD6B7E14E8D1D09A295
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:fb:55:72:8a:2d:e3:5e:ed:bf:48:d1:e4:4e:
                    3d:c7:2b:3d:8c:40:74:af:29:75:43:86:16:c7:2f:
                    64:b8:b7:3a:09:eb:02:67:e1:f9:2d:9b:e2:b0:f5:
                    83:79:a6:be:e7:ed:48:5e:28:2a:c0:9c:2b:ad:60:
                    77:7c:a6:4f:fa:1e:8c:62:01:76:74:5a:a4:3c:ff:
                    86:57:d8:b3:b7:46:41:bb:37:51:79:ea:fe:68:76:
                    fd:36:f3:55:43:5e:16:e0:0a:25:04:f1:93:a1:b2:
                    93:56:b7:b3:b5:be:6a:46:ed:b1:e2:ad:3d:15:e8:
                    16:71:dc:44:c2:93:e7:7d:fd:4e:02:98:76:3b:49:
                    6c:12:d4:91:93:19:a5:53:a0:3f:62:64:eb:f1:8f:
                    c9:a8:ce:54:1c:4e:39:4c:3c:f2:38:c5:46:08:77:
                    2b:62:0b:8e:7f:9c:1b:7e:94:c1:21:84:ee:d0:cd:
                    8f:0f:b7:95:63:32:e3:d0:a6:1d:17:e8:76:1f:c2:
                    65:e2:81:01:d6:a7:6a:b8:b0:6d:ff:d5:cf:d9:2b:
                    0e:e9:ed:bc:bf:f1:0e:78:c4:e4:d0:b6:0e:a7:06:
                    42:6f:cb:8c:3b:e5:08:45:18:41:99:3f:9c:34:90:
                    aa:38:8b:a8:4c:53:3f:1a:38:28:64:f3:ea:b6:31:
                    09:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:D3:6C:30:6E:E0:68:99:60:4B:4D:D6:B7:E1:4E:8D:1D:09:A2:95
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS212238.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.46.0/24
                  193.142.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:80:99:d7:f1:e4:01:57:2c:71:0a:3a:b2:72:bc:79:72:1f:
         14:9a:af:fe:77:30:04:e6:57:a3:9b:d1:c2:8c:ef:d3:60:75:
         93:d1:1b:4b:68:ec:1f:79:31:f9:96:be:8c:bb:56:39:03:e1:
         97:2b:3e:78:2c:a9:4a:fb:88:d3:31:08:0e:6e:32:f5:e5:e4:
         c3:8c:51:3a:b8:2b:a1:09:18:a3:f3:ca:45:dd:d2:46:35:7e:
         db:96:47:60:7a:15:53:78:88:dc:e9:bd:20:6a:fc:25:a3:02:
         6c:8c:0e:a9:b6:16:8a:47:7a:92:de:06:93:16:f7:6b:74:cb:
         66:f3:70:fd:b8:9f:98:7c:18:2e:19:b6:96:a0:74:45:c5:1e:
         2b:ad:37:ac:0d:eb:19:a5:18:9e:5a:58:04:a6:10:5d:46:38:
         bb:09:39:d5:d7:93:ae:c6:54:ba:8d:64:21:8f:ce:f5:81:37:
         aa:9b:39:f7:f2:d5:b8:46:9a:db:21:2a:4c:55:12:1e:8a:d3:
         36:a0:92:5c:c4:d4:13:1e:62:ce:d8:8d:5b:4f:fb:d1:42:69:
         f0:39:3e:19:66:d3:3a:49:f8:16:3c:14:f3:61:c3:c3:5f:88:
         ee:41:2a:95:9e:97:78:24:26:47:6d:3f:53:89:14:57:d6:a7:
         3c:d6:13:46
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUaVnvMq7wlX29vVNRWP9U6oKkNg0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjA1MjMyMzU1MTBaFw0yNzA1MjMwMDAwMTBaMDMxMTAvBgNV
BAMTKDBERDM2QzMwNkVFMDY4OTk2MDRCNERENkI3RTE0RThEMUQwOUEyOTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCr+1Vyii3jXu2/SNHkTj3HKz2M
QHSvKXVDhhbHL2S4tzoJ6wJn4fktm+Kw9YN5pr7n7UheKCrAnCutYHd8pk/6Hoxi
AXZ0WqQ8/4ZX2LO3RkG7N1F56v5odv0281VDXhbgCiUE8ZOhspNWt7O1vmpG7bHi
rT0V6BZx3ETCk+d9/U4CmHY7SWwS1JGTGaVToD9iZOvxj8mozlQcTjlMPPI4xUYI
dytiC45/nBt+lMEhhO7QzY8Pt5VjMuPQph0X6HYfwmXigQHWp2q4sG3/1c/ZKw7p
7by/8Q54xOTQtg6nBkJvy4w75QhFGEGZP5w0kKo4i6hMUz8aOChk8+q2MQkTAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUDdNsMG7gaJlgS03Wt+FOjR0JopUwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjEyMjM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZcu
AwQAwY4WMA0GCSqGSIb3DQEBCwUAA4IBAQCIgJnX8eQBVyxxCjqycrx5ch8Umq/+
dzAE5lejm9HCjO/TYHWT0RtLaOwfeTH5lr6Mu1Y5A+GXKz54LKlK+4jTMQgObjL1
5eTDjFE6uCuhCRij88pF3dJGNX7blkdgehVTeIjc6b0gavwlowJsjA6pthaKR3qS
3gaTFvdrdMtm83D9uJ+YfBguGbaWoHRFxR4rrTesDesZpRieWlgEphBdRji7CTnV
15OuxlS6jWQhj871gTeqmzn38tW4RprbISpMVRIeitM2oJJcxNQTHmLO2I1bT/vR
QmnwOT4ZZtM6SfgWPBTzYcPDX4juQSqVnpd4JCZHbT9TiRRX1qc81hNG
-----END CERTIFICATE-----