Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS212969.roa
File:                     AS212969.roa (raw, json)
Hash identifier:          BPK36Y0DhAufPxlHBLvaHWgpMECgPBqOikshnZCNOqc=
Subject key identifier:   9A:FD:63:D2:0B:4D:A8:64:D7:74:36:96:93:6D:C3:80:AF:79:06:21
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       53D4231A85EA0D82C1201D3015B1F58DF1D2C2BF
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS212969.roa
Signing time:             Tue 03 Feb 2026 18:08:21 +0000
ROA not before:           Tue 03 Feb 2026 18:03:21 +0000
ROA not after:            Tue 02 Feb 2027 18:08:21 +0000
asID:                     212969
IP address blocks:        2a0f:85c1:ba8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:d4:23:1a:85:ea:0d:82:c1:20:1d:30:15:b1:f5:8d:f1:d2:c2:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Feb  3 18:03:21 2026 GMT
            Not After : Feb  2 18:08:21 2027 GMT
        Subject: CN=9AFD63D20B4DA864D7743696936DC380AF790621
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:86:1d:b9:72:8a:d1:ac:f2:87:b3:cb:2a:7e:
                    e1:33:ce:d9:c8:d7:f9:2b:b7:05:f5:ad:d0:09:b9:
                    c3:b0:0f:83:8a:67:24:bd:6c:ab:d0:02:06:59:e4:
                    3c:3e:38:5c:db:09:33:c9:09:1c:ac:09:78:c2:e7:
                    13:79:c4:09:cd:55:b4:7d:31:e4:9d:92:78:50:b6:
                    a4:19:8f:d6:04:7f:e9:2d:47:1f:05:7a:4c:a6:f1:
                    41:fb:a7:33:4f:5d:c3:9b:79:4b:31:8d:ef:11:86:
                    0c:27:03:9c:ff:9c:89:b9:33:4f:32:03:08:40:8f:
                    dc:c8:70:6a:75:bc:48:22:35:ab:3e:f9:3d:39:6e:
                    bf:8e:96:e1:3d:2c:79:76:3e:28:9d:1f:d0:41:c4:
                    a4:a3:3f:b9:7d:92:01:18:d6:cf:05:be:3d:d1:76:
                    4f:46:a2:d4:c2:49:75:2d:f2:a3:40:f8:e0:56:4d:
                    29:6b:fb:2d:0b:ca:75:3d:a3:11:61:6c:f2:ec:23:
                    a6:64:f9:af:67:29:c4:37:58:b0:ad:f4:c3:03:ec:
                    20:c9:67:01:a0:d6:b6:f0:e3:05:10:bb:9e:ea:c9:
                    e3:4f:ab:eb:7c:1c:90:73:85:c4:5d:8b:1a:e4:d3:
                    66:71:94:c3:8d:0f:3d:fd:23:00:89:d3:8c:0b:c8:
                    a4:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:FD:63:D2:0B:4D:A8:64:D7:74:36:96:93:6D:C3:80:AF:79:06:21
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS212969.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:ba8::/48

    Signature Algorithm: sha256WithRSAEncryption
         44:7c:e9:d9:ef:6d:8c:f9:55:34:cc:84:bb:da:49:71:e8:3e:
         91:f3:62:6a:4d:66:4e:4a:d2:19:e1:a8:bb:be:34:3f:93:60:
         a1:42:54:fa:ba:6e:b6:ef:d2:71:70:24:bb:3b:0a:65:1e:73:
         2f:2e:3f:f9:82:e9:bb:ba:db:97:76:26:9b:d0:75:dc:c4:7f:
         a0:a8:cf:88:e0:e8:91:c3:f0:8c:15:c1:9d:e9:3f:6f:a9:ad:
         a7:53:02:c8:19:7a:ca:53:b8:ea:6b:af:2c:5a:f0:fc:b6:56:
         12:47:c9:28:04:4e:46:d9:fc:5a:68:ce:68:40:3f:c3:cc:3d:
         c7:7d:ff:00:ae:8e:89:ee:a4:92:c1:a5:e9:76:56:5a:18:6c:
         16:46:c2:ee:f6:50:d3:60:3c:f2:c0:ae:b4:6c:7b:16:07:3e:
         c5:82:cb:5f:4f:ec:4e:3e:ed:d0:f7:5e:d6:a3:75:aa:c2:e3:
         ec:fc:20:cd:f6:a8:a6:16:94:0e:48:49:d5:eb:43:a0:6c:e9:
         d0:bd:6b:f9:4f:39:09:11:4d:e1:e2:53:ed:3f:d0:6c:99:59:
         ec:4b:d3:cf:3d:6a:55:29:f7:5c:f1:96:b4:e8:b6:a5:47:b6:
         b4:77:32:71:aa:39:25:e5:7f:57:ad:fe:1c:9c:23:24:63:c7:
         60:a0:fc:cb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUU9QjGoXqDYLBIB0wFbH1jfHSwr8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjAyMDMxODAzMjFaFw0yNzAyMDIxODA4MjFaMDMxMTAvBgNV
BAMTKDlBRkQ2M0QyMEI0REE4NjRENzc0MzY5NjkzNkRDMzgwQUY3OTA2MjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD4hh25corRrPKHs8sqfuEzztnI
1/krtwX1rdAJucOwD4OKZyS9bKvQAgZZ5Dw+OFzbCTPJCRysCXjC5xN5xAnNVbR9
MeSdknhQtqQZj9YEf+ktRx8Fekym8UH7pzNPXcObeUsxje8RhgwnA5z/nIm5M08y
AwhAj9zIcGp1vEgiNas++T05br+OluE9LHl2PiidH9BBxKSjP7l9kgEY1s8Fvj3R
dk9GotTCSXUt8qNA+OBWTSlr+y0LynU9oxFhbPLsI6Zk+a9nKcQ3WLCt9MMD7CDJ
ZwGg1rbw4wUQu57qyeNPq+t8HJBzhcRdixrk02ZxlMONDz39IwCJ04wLyKQ9AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUmv1j0gtNqGTXdDaWk23DgK95BiEwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEyOTY5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQuoMA0GCSqGSIb3DQEBCwUAA4IBAQBEfOnZ722M+VU0zIS72klx6D6R82JqTWZO
StIZ4ai7vjQ/k2ChQlT6um6279JxcCS7OwplHnMvLj/5gum7utuXdiab0HXcxH+g
qM+I4OiRw/CMFcGd6T9vqa2nUwLIGXrKU7jqa68sWvD8tlYSR8koBE5G2fxaaM5o
QD/DzD3Hff8Aro6J7qSSwaXpdlZaGGwWRsLu9lDTYDzywK60bHsWBz7FgstfT+xO
Pu3Q917Wo3WqwuPs/CDN9qimFpQOSEnV60OgbOnQvWv5TzkJEU3h4lPtP9BsmVns
S9PPPWpVKfdc8Za06LalR7a0dzJxqjkl5X9Xrf4cnCMkY8dgoPzL
-----END CERTIFICATE-----