Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS211729.roa
File:                     AS211729.roa (raw, json)
Hash identifier:          pw4GAaX4l2RdIjD090NbauUfFhOMeXskDnyJCjLBQOw=
Subject key identifier:   C2:17:71:7C:2E:25:CD:CE:09:AF:39:8C:60:FF:34:2B:D0:54:33:F7
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       1D3A86696F06E2B1B8320329FF559AFFCFCFD344
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS211729.roa
Signing time:             Mon 09 Feb 2026 23:08:22 +0000
ROA not before:           Mon 09 Feb 2026 23:03:22 +0000
ROA not after:            Mon 08 Feb 2027 23:08:22 +0000
asID:                     211729
IP address blocks:        2a0f:85c1:bba::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:3a:86:69:6f:06:e2:b1:b8:32:03:29:ff:55:9a:ff:cf:cf:d3:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Feb  9 23:03:22 2026 GMT
            Not After : Feb  8 23:08:22 2027 GMT
        Subject: CN=C217717C2E25CDCE09AF398C60FF342BD05433F7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:31:f3:8f:e6:50:4b:93:21:ab:09:cb:9b:b4:
                    92:23:48:87:99:f7:e0:e5:26:c8:d0:99:a3:d7:23:
                    09:62:5a:88:67:73:73:86:26:36:f3:27:6e:43:9b:
                    a8:ac:ff:32:d5:cc:4f:5b:2d:c4:cf:27:67:04:e4:
                    fa:e2:7f:c0:ce:60:94:63:0a:36:7e:10:de:b3:bd:
                    32:94:71:70:6a:24:58:54:71:de:de:e3:be:68:3a:
                    ca:ba:b8:21:ee:9c:72:6f:c8:46:de:69:73:42:0f:
                    30:db:45:29:5c:f3:77:29:86:c3:a6:81:d1:1e:78:
                    ae:b3:98:ba:46:68:cf:4a:6d:e2:6a:67:68:05:25:
                    f1:88:97:e4:10:c8:1f:ac:20:95:43:5c:11:a3:b8:
                    b8:0a:9c:ad:ed:c7:c0:2c:7e:54:8d:d0:45:9e:9b:
                    a7:c2:2b:c0:38:bf:0a:a8:9c:03:ec:dd:a9:54:d3:
                    5f:9f:93:f7:46:2a:3b:82:05:b0:39:98:7e:4f:5a:
                    ff:3d:2e:2a:ce:e8:47:e2:75:ab:cc:29:61:a9:7f:
                    51:e5:61:cb:85:f2:fe:74:d7:ba:ec:8d:79:72:18:
                    da:01:5d:20:95:33:f5:4c:d4:c1:f8:15:95:fc:0a:
                    cc:7e:40:ba:9f:78:67:d2:a6:cf:bb:13:10:19:2e:
                    9e:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:17:71:7C:2E:25:CD:CE:09:AF:39:8C:60:FF:34:2B:D0:54:33:F7
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS211729.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:bba::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:5c:09:81:b9:6b:c0:4e:7f:c8:b3:e8:15:89:a5:25:f2:fc:
         78:50:87:52:d6:e0:85:a3:87:cf:ad:77:1a:5c:8b:a2:05:ae:
         bc:99:18:fa:84:2a:ec:94:1f:c8:96:d8:36:8a:19:3e:fe:fd:
         8e:35:41:4b:c1:83:d1:8a:84:0b:54:15:d0:ac:d1:d6:a6:07:
         c7:25:ad:02:a4:9b:9b:a0:63:f5:13:7e:87:68:aa:ca:12:24:
         17:81:9e:e3:e1:33:c0:39:c2:49:7e:b2:5b:12:fb:ce:61:e5:
         19:59:24:43:69:ce:2b:a5:63:7d:b4:7d:2c:3d:e3:62:c2:80:
         86:38:3d:dc:08:40:4e:aa:1a:e0:42:f5:90:12:bb:59:c1:a2:
         45:1d:44:04:73:19:d1:97:78:6d:d0:c1:75:9f:b1:43:66:fb:
         5f:fd:9e:c2:a0:4e:fb:01:cc:1e:a3:76:ae:5e:d1:ba:43:db:
         92:1f:28:16:0e:7f:4f:cd:b6:47:ef:9c:e7:40:d1:73:3b:ef:
         72:b2:1e:43:72:ba:c3:3e:05:a1:f2:3a:03:a0:ac:26:15:7b:
         e0:b8:a5:0b:6a:ae:f4:bc:b3:dc:8b:0a:e4:0e:3f:41:e9:6e:
         50:ce:ad:f5:6c:7a:01:7d:9b:2d:ea:93:ec:18:ec:a7:51:3c:
         1d:16:3b:f3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUHTqGaW8G4rG4MgMp/1Wa/8/P00QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjAyMDkyMzAzMjJaFw0yNzAyMDgyMzA4MjJaMDMxMTAvBgNV
BAMTKEMyMTc3MTdDMkUyNUNEQ0UwOUFGMzk4QzYwRkYzNDJCRDA1NDMzRjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFMfOP5lBLkyGrCcubtJIjSIeZ
9+DlJsjQmaPXIwliWohnc3OGJjbzJ25Dm6is/zLVzE9bLcTPJ2cE5Prif8DOYJRj
CjZ+EN6zvTKUcXBqJFhUcd7e475oOsq6uCHunHJvyEbeaXNCDzDbRSlc83cphsOm
gdEeeK6zmLpGaM9KbeJqZ2gFJfGIl+QQyB+sIJVDXBGjuLgKnK3tx8AsflSN0EWe
m6fCK8A4vwqonAPs3alU01+fk/dGKjuCBbA5mH5PWv89LirO6EfidavMKWGpf1Hl
YcuF8v5017rsjXlyGNoBXSCVM/VM1MH4FZX8Csx+QLqfeGfSps+7ExAZLp4jAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUwhdxfC4lzc4JrzmMYP80K9BUM/cwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjExNzI5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQu6MA0GCSqGSIb3DQEBCwUAA4IBAQCOXAmBuWvATn/Is+gViaUl8vx4UIdS1uCF
o4fPrXcaXIuiBa68mRj6hCrslB/Iltg2ihk+/v2ONUFLwYPRioQLVBXQrNHWpgfH
Ja0CpJuboGP1E36HaKrKEiQXgZ7j4TPAOcJJfrJbEvvOYeUZWSRDac4rpWN9tH0s
PeNiwoCGOD3cCEBOqhrgQvWQErtZwaJFHUQEcxnRl3ht0MF1n7FDZvtf/Z7CoE77
Acweo3auXtG6Q9uSHygWDn9PzbZH75znQNFzO+9ysh5DcrrDPgWh8joDoKwmFXvg
uKULaq70vLPciwrkDj9B6W5Qzq31bHoBfZst6pPsGOynUTwdFjvz
-----END CERTIFICATE-----