Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS211338.roa
File:                     AS211338.roa (raw, json)
Hash identifier:          kLo6nuePCHwHzh5sjIBjF5FVIfCSUoHVg3Hl115dDd4=
Subject key identifier:   2E:2A:D2:CD:2F:1E:D8:B8:40:DC:A0:4E:BF:C6:C7:23:2F:8E:E5:52
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       6749B773C73F2E644A5950289BA5A81621A5CAB2
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS211338.roa
Signing time:             Wed 25 Feb 2026 22:08:27 +0000
ROA not before:           Wed 25 Feb 2026 22:03:27 +0000
ROA not after:            Wed 24 Feb 2027 22:08:27 +0000
asID:                     211338
IP address blocks:        2a0f:85c1:bf2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:49:b7:73:c7:3f:2e:64:4a:59:50:28:9b:a5:a8:16:21:a5:ca:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Feb 25 22:03:27 2026 GMT
            Not After : Feb 24 22:08:27 2027 GMT
        Subject: CN=2E2AD2CD2F1ED8B840DCA04EBFC6C7232F8EE552
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:c3:5f:52:54:d5:d0:47:94:a0:a8:ed:71:45:
                    6f:fd:54:dc:c3:72:ea:6e:1e:ec:93:ca:09:1c:56:
                    22:59:a4:5f:b9:82:88:79:a1:0c:de:04:37:c7:50:
                    f1:15:b8:c7:ea:be:63:3b:13:75:77:0b:e1:c5:9f:
                    e0:3f:d6:ba:39:bc:b5:49:a6:55:c5:7e:39:8d:e7:
                    34:53:07:38:9f:54:01:27:7a:18:a3:e1:e8:00:bd:
                    da:8a:38:6c:47:17:04:b5:91:6b:b9:2e:af:d1:9c:
                    6f:50:97:35:46:31:09:27:cc:f9:ef:d6:ed:e6:a6:
                    88:53:4b:de:ab:f3:46:90:e0:41:cd:dd:25:48:89:
                    60:5d:5c:eb:9f:74:28:64:c3:ad:11:3c:fa:4c:02:
                    7a:83:9e:a2:26:fc:68:e1:a2:71:45:fb:76:f9:df:
                    af:31:e9:7a:2d:7c:44:c8:48:0c:ac:13:f6:4b:c8:
                    92:53:f7:2b:a9:b8:ba:68:40:82:67:15:11:96:8f:
                    a7:ae:a4:8b:fa:b8:c3:b8:eb:3b:85:24:bd:13:3c:
                    eb:cb:dc:4c:dc:9f:52:47:36:75:a2:01:8a:33:82:
                    a0:53:5e:1f:e0:26:5d:ee:c1:c0:d6:ea:23:e1:8d:
                    e2:b5:0e:74:91:31:ab:3e:cb:dd:dc:f8:d5:61:4d:
                    9a:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:2A:D2:CD:2F:1E:D8:B8:40:DC:A0:4E:BF:C6:C7:23:2F:8E:E5:52
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS211338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:bf2::/48

    Signature Algorithm: sha256WithRSAEncryption
         a7:d4:5c:17:bf:bc:7a:9e:8e:1a:0d:ac:c5:c6:06:62:3e:f7:
         81:a1:5f:c3:da:1b:4a:5e:83:96:be:dc:24:63:ea:c3:ed:20:
         f0:19:39:ee:bb:a6:99:1c:1f:c8:c6:b3:30:12:51:e8:3d:d4:
         92:0b:aa:4c:61:4b:47:73:4a:f5:e9:6f:53:bc:1d:cc:1a:a2:
         59:45:6d:7c:b5:a3:a0:39:11:6e:a4:04:48:dc:16:ce:dd:50:
         7c:2c:21:4e:62:60:26:16:1f:8d:86:dc:d7:02:59:1e:95:1b:
         3b:b6:57:4a:07:fe:58:1a:2b:b7:59:b0:e9:02:35:64:55:1a:
         e3:5f:fb:11:cb:7a:8a:a2:93:98:26:f9:62:b1:5e:c9:bd:a0:
         63:df:a2:71:16:20:35:ab:0e:95:90:cb:72:67:3d:b8:27:12:
         6c:3a:95:37:55:63:ab:59:02:8e:4c:5c:96:55:50:ac:45:41:
         20:2e:2b:10:f0:18:ec:00:42:80:5b:7a:0b:1c:24:16:43:75:
         cd:c5:ad:0c:55:71:a8:4b:bd:92:6e:f2:81:ae:8d:8e:09:65:
         66:95:50:82:ef:5c:c3:a4:59:3a:01:59:b8:8e:41:73:d5:71:
         88:80:d8:ad:6e:84:ea:3e:5a:86:fd:45:06:b8:78:a4:89:5a:
         a2:24:ae:f0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUZ0m3c8c/LmRKWVAom6WoFiGlyrIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjAyMjUyMjAzMjdaFw0yNzAyMjQyMjA4MjdaMDMxMTAvBgNV
BAMTKDJFMkFEMkNEMkYxRUQ4Qjg0MERDQTA0RUJGQzZDNzIzMkY4RUU1NTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzw19SVNXQR5SgqO1xRW/9VNzD
cupuHuyTygkcViJZpF+5goh5oQzeBDfHUPEVuMfqvmM7E3V3C+HFn+A/1ro5vLVJ
plXFfjmN5zRTBzifVAEnehij4egAvdqKOGxHFwS1kWu5Lq/RnG9QlzVGMQknzPnv
1u3mpohTS96r80aQ4EHN3SVIiWBdXOufdChkw60RPPpMAnqDnqIm/GjhonFF+3b5
368x6XotfETISAysE/ZLyJJT9yupuLpoQIJnFRGWj6eupIv6uMO46zuFJL0TPOvL
3Ezcn1JHNnWiAYozgqBTXh/gJl3uwcDW6iPhjeK1DnSRMas+y93c+NVhTZqTAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQULirSzS8e2LhA3KBOv8bHIy+O5VIwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjExMzM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQvyMA0GCSqGSIb3DQEBCwUAA4IBAQCn1FwXv7x6no4aDazFxgZiPveBoV/D2htK
XoOWvtwkY+rD7SDwGTnuu6aZHB/IxrMwElHoPdSSC6pMYUtHc0r16W9TvB3MGqJZ
RW18taOgORFupARI3BbO3VB8LCFOYmAmFh+NhtzXAlkelRs7tldKB/5YGiu3WbDp
AjVkVRrjX/sRy3qKopOYJvlisV7JvaBj36JxFiA1qw6VkMtyZz24JxJsOpU3VWOr
WQKOTFyWVVCsRUEgLisQ8BjsAEKAW3oLHCQWQ3XNxa0MVXGoS72SbvKBro2OCWVm
lVCC71zDpFk6AVm4jkFz1XGIgNitboTqPlqG/UUGuHikiVqiJK7w
-----END CERTIFICATE-----