Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS210532.roa
File:                     AS210532.roa (raw, json)
Hash identifier:          W7/3efAzy43pLe5+vd4q4h3qW8LUtpxAH3DaC4t1OuQ=
Subject key identifier:   D1:40:A0:DE:7A:9C:02:57:88:FF:6A:B7:61:78:5B:B9:F4:36:DE:5A
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       45D8FD468DD5A5232BD7D0E0630DDB52FD3BAC00
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS210532.roa
Signing time:             Fri 25 Jul 2025 08:07:40 +0000
ROA not before:           Fri 25 Jul 2025 08:02:40 +0000
ROA not after:            Fri 24 Jul 2026 08:07:40 +0000
asID:                     210532
IP address blocks:        2a0f:85c1:27::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 08:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:d8:fd:46:8d:d5:a5:23:2b:d7:d0:e0:63:0d:db:52:fd:3b:ac:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:40 2025 GMT
            Not After : Jul 24 08:07:40 2026 GMT
        Subject: CN=D140A0DE7A9C025788FF6AB761785BB9F436DE5A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:7e:58:11:a4:65:db:63:59:c2:8c:95:af:41:
                    51:10:89:e1:d2:49:50:35:aa:8a:d9:df:27:53:de:
                    fe:2f:86:b5:85:61:a2:68:b7:fe:60:6a:fe:f4:06:
                    43:0a:4a:cd:c8:d6:bc:84:14:2f:4c:0e:d0:93:27:
                    93:1a:51:8a:04:f1:a1:6d:33:ea:94:77:28:63:98:
                    7d:04:be:4d:95:7d:eb:7d:eb:83:00:da:20:31:26:
                    d5:e8:17:fb:64:79:ed:3c:87:db:24:1f:a4:1e:94:
                    2d:00:36:0e:4b:53:cb:f9:4e:c8:58:b6:f1:37:be:
                    ed:c2:00:64:7b:95:96:4b:9e:8f:e0:80:e0:c2:b2:
                    45:75:82:33:99:fa:34:38:df:53:6b:a7:dd:72:49:
                    2e:13:ae:89:b2:bd:a9:40:c7:8b:cd:b9:42:10:2d:
                    d0:e9:d5:a3:d9:25:6a:6a:e8:a2:2e:d9:cc:7a:9b:
                    0e:c6:04:73:a1:bb:91:33:57:7d:b0:dc:0b:7c:30:
                    7a:e3:14:22:56:01:4e:d6:07:1b:10:bf:04:79:18:
                    67:db:1d:9f:98:6e:f2:00:0b:ff:11:18:99:5c:bf:
                    e8:39:98:d0:72:18:b4:a1:e8:82:e6:1a:b3:25:49:
                    3e:1b:66:05:fe:9d:42:4a:d1:3c:3a:e1:68:2a:3d:
                    04:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:40:A0:DE:7A:9C:02:57:88:FF:6A:B7:61:78:5B:B9:F4:36:DE:5A
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS210532.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:27::/48

    Signature Algorithm: sha256WithRSAEncryption
         9c:b9:0d:e2:26:8b:71:63:f5:ba:7d:95:61:ab:49:71:fb:65:
         bb:0a:7d:b1:9f:9a:3d:72:8e:00:2a:6b:da:c7:a9:67:31:60:
         22:60:23:41:9b:af:88:9d:47:fa:45:2f:dc:67:1e:4f:3c:fb:
         6f:f5:b5:2f:ec:23:6e:92:d3:09:12:69:80:a6:8c:74:18:1c:
         74:51:3d:6a:8d:82:a1:07:09:89:4c:da:75:e2:7d:e4:88:64:
         72:0d:d7:05:15:47:01:78:9b:03:4c:5c:f6:b3:34:e3:0a:03:
         12:b4:78:1c:2b:b9:ce:91:14:a3:bc:89:e0:54:3a:0e:e9:bc:
         8b:ce:f3:40:cc:95:af:7f:06:99:51:00:2e:b9:a0:88:75:4b:
         89:ab:05:cd:fe:ba:0a:af:2a:06:c5:56:15:fa:78:7e:bc:c8:
         5f:c2:d2:37:9e:49:85:35:8e:f4:6a:4f:ca:b8:82:35:41:21:
         9d:3e:fb:3a:01:92:dd:83:66:bd:55:a0:ea:00:72:e6:67:a9:
         48:5a:79:84:f7:c0:14:0b:fd:07:e4:62:d5:83:58:ee:51:a7:
         8a:14:55:54:a4:d3:e0:1b:bd:b0:fe:65:57:0d:aa:1e:ec:00:
         b4:49:f5:0e:8b:b7:cd:4f:b5:a1:07:be:8a:71:44:e5:d9:7f:
         c1:b6:14:d2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIURdj9Ro3VpSMr19DgYw3bUv07rAAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyNDBaFw0yNjA3MjQwODA3NDBaMDMxMTAvBgNV
BAMTKEQxNDBBMERFN0E5QzAyNTc4OEZGNkFCNzYxNzg1QkI5RjQzNkRFNUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqflgRpGXbY1nCjJWvQVEQieHS
SVA1qorZ3ydT3v4vhrWFYaJot/5gav70BkMKSs3I1ryEFC9MDtCTJ5MaUYoE8aFt
M+qUdyhjmH0Evk2Vfet964MA2iAxJtXoF/tkee08h9skH6QelC0ANg5LU8v5TshY
tvE3vu3CAGR7lZZLno/ggODCskV1gjOZ+jQ431Nrp91ySS4TromyvalAx4vNuUIQ
LdDp1aPZJWpq6KIu2cx6mw7GBHOhu5EzV32w3At8MHrjFCJWAU7WBxsQvwR5GGfb
HZ+YbvIAC/8RGJlcv+g5mNByGLSh6ILmGrMlST4bZgX+nUJK0Tw64WgqPQQHAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU0UCg3nqcAleI/2q3YXhbufQ23lowHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEwNTMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQAnMA0GCSqGSIb3DQEBCwUAA4IBAQCcuQ3iJotxY/W6fZVhq0lx+2W7Cn2xn5o9
co4AKmvax6lnMWAiYCNBm6+InUf6RS/cZx5PPPtv9bUv7CNuktMJEmmApox0GBx0
UT1qjYKhBwmJTNp14n3kiGRyDdcFFUcBeJsDTFz2szTjCgMStHgcK7nOkRSjvIng
VDoO6byLzvNAzJWvfwaZUQAuuaCIdUuJqwXN/roKryoGxVYV+nh+vMhfwtI3nkmF
NY70ak/KuII1QSGdPvs6AZLdg2a9VaDqAHLmZ6lIWnmE98AUC/0H5GLVg1juUaeK
FFVUpNPgG72w/mVXDaoe7AC0SfUOi7fNT7WhB76KcUTl2X/BthTS
-----END CERTIFICATE-----