Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS212001.roa
File:                     AS212001.roa (raw, json)
Hash identifier:          oNYfE4JhxZ6QS2y6k7nEtNghVQUDcbYWcgGjs6L2KPk=
Subject key identifier:   D5:5C:56:E5:EC:57:33:E5:1E:C8:73:00:0D:C9:70:5C:27:62:1F:0A
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       3A65A121294C51A7E35AB7000AB89559BE0F8426
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS212001.roa
Signing time:             Mon 09 Feb 2026 23:08:22 +0000
ROA not before:           Mon 09 Feb 2026 23:03:22 +0000
ROA not after:            Mon 08 Feb 2027 23:08:22 +0000
asID:                     212001
IP address blocks:        2a0f:85c1:bb3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:65:a1:21:29:4c:51:a7:e3:5a:b7:00:0a:b8:95:59:be:0f:84:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Feb  9 23:03:22 2026 GMT
            Not After : Feb  8 23:08:22 2027 GMT
        Subject: CN=D55C56E5EC5733E51EC873000DC9705C27621F0A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:43:24:fa:4d:f8:fc:c6:34:15:20:bb:84:1e:
                    0d:25:d4:5a:6e:9b:35:13:e4:7f:5a:cf:1c:96:4f:
                    7c:3c:8a:f1:51:12:c7:16:2d:16:f9:c6:58:c2:cc:
                    bc:b7:a1:ad:da:57:0b:7a:af:81:95:17:91:33:e9:
                    d2:99:10:5d:71:ca:cf:1f:60:87:99:f7:23:ee:13:
                    14:0d:d9:b7:0f:7c:23:e1:58:e7:f6:0d:2e:a0:45:
                    50:3f:85:d5:7c:8b:52:0c:8c:96:11:31:18:2b:8c:
                    83:9e:33:1f:60:1a:b3:cc:8a:af:ff:c1:68:e5:d2:
                    47:c3:6d:97:6e:c0:3b:5b:f1:d7:70:5d:53:1e:b0:
                    f1:df:0c:7b:45:07:e6:6b:c8:a3:39:01:03:b6:d3:
                    8a:55:dc:4b:43:83:bd:d5:ef:f1:b0:5d:8e:ef:fd:
                    f1:50:f1:26:cd:31:e7:6d:58:f9:03:12:ac:65:14:
                    2e:5c:b7:f7:40:7d:0a:02:c6:0c:b8:d1:38:b4:90:
                    b8:58:fb:ac:c5:20:94:b0:32:11:1c:9c:58:a1:b2:
                    2a:b6:2c:77:a6:34:05:c3:48:db:bf:3b:e1:79:f9:
                    7c:48:a8:c6:34:6e:d6:8d:07:60:d8:d3:d6:a6:00:
                    4a:02:e2:ce:48:b1:0e:b7:12:7a:1d:6e:48:83:4b:
                    ac:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:5C:56:E5:EC:57:33:E5:1E:C8:73:00:0D:C9:70:5C:27:62:1F:0A
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS212001.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:bb3::/48

    Signature Algorithm: sha256WithRSAEncryption
         84:b6:c9:a0:18:80:29:cc:98:e4:6b:40:dd:91:f4:c3:4a:28:
         61:c6:ce:7e:b0:4d:2b:51:51:c6:8a:49:2c:3f:a4:dd:5d:c1:
         72:81:2b:59:22:2c:f8:25:30:8a:bb:2e:14:08:25:5a:bb:b0:
         47:38:a1:75:de:a5:9a:bd:15:41:83:42:a6:b1:50:01:c9:75:
         fd:39:d4:83:e5:60:69:3f:73:5d:47:00:8e:50:aa:6b:fc:66:
         ee:95:83:f9:28:3c:1a:76:0c:8d:22:8b:0c:90:c8:59:8e:37:
         ce:ea:4c:69:1f:42:15:d2:98:d0:c2:aa:9a:e0:1f:e8:72:85:
         ac:66:b6:88:7f:79:2c:60:bc:9f:6f:19:7d:b7:1f:da:0b:40:
         33:6a:5f:91:f2:cb:c3:e3:fb:a3:c5:e0:2f:f8:45:3a:d8:a1:
         bb:bf:73:2f:60:7e:7f:02:46:6f:2d:da:93:fe:0b:9f:11:6b:
         5c:ce:88:c5:aa:be:26:ec:38:80:48:64:76:bc:ad:57:3b:8c:
         16:d1:e8:66:2a:fc:be:d9:44:32:4b:3e:5b:ce:3f:b8:01:a3:
         3d:f6:0a:2c:20:92:8e:bd:6d:a5:d9:94:89:5c:53:4b:05:01:
         6b:60:0b:74:a6:87:b4:14:51:39:77:64:fe:1d:b1:96:b3:83:
         aa:d8:95:dc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUOmWhISlMUafjWrcACriVWb4PhCYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjAyMDkyMzAzMjJaFw0yNzAyMDgyMzA4MjJaMDMxMTAvBgNV
BAMTKEQ1NUM1NkU1RUM1NzMzRTUxRUM4NzMwMDBEQzk3MDVDMjc2MjFGMEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNQyT6Tfj8xjQVILuEHg0l1Fpu
mzUT5H9azxyWT3w8ivFREscWLRb5xljCzLy3oa3aVwt6r4GVF5Ez6dKZEF1xys8f
YIeZ9yPuExQN2bcPfCPhWOf2DS6gRVA/hdV8i1IMjJYRMRgrjIOeMx9gGrPMiq//
wWjl0kfDbZduwDtb8ddwXVMesPHfDHtFB+ZryKM5AQO204pV3EtDg73V7/GwXY7v
/fFQ8SbNMedtWPkDEqxlFC5ct/dAfQoCxgy40Ti0kLhY+6zFIJSwMhEcnFihsiq2
LHemNAXDSNu/O+F5+XxIqMY0btaNB2DY09amAEoC4s5IsQ63EnodbkiDS6wTAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU1VxW5exXM+UeyHMADclwXCdiHwowHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEyMDAxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQuzMA0GCSqGSIb3DQEBCwUAA4IBAQCEtsmgGIApzJjka0DdkfTDSihhxs5+sE0r
UVHGikksP6TdXcFygStZIiz4JTCKuy4UCCVau7BHOKF13qWavRVBg0KmsVAByXX9
OdSD5WBpP3NdRwCOUKpr/GbulYP5KDwadgyNIosMkMhZjjfO6kxpH0IV0pjQwqqa
4B/ocoWsZraIf3ksYLyfbxl9tx/aC0Azal+R8svD4/ujxeAv+EU62KG7v3MvYH5/
AkZvLdqT/gufEWtczojFqr4m7DiASGR2vK1XO4wW0ehmKvy+2UQySz5bzj+4AaM9
9gosIJKOvW2l2ZSJXFNLBQFrYAt0poe0FFE5d2T+HbGWs4Oq2JXc
-----END CERTIFICATE-----