Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213434.roa
File:                     AS213434.roa (raw, json)
Hash identifier:          olh0NrS+zhTqFmQ8HR1kqyS90wXJJIcUdl9uuBQ8D38=
Subject key identifier:   E3:B8:81:A1:A4:A9:E7:5B:12:90:4D:19:C4:44:F2:50:89:CF:41:72
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       02E08AAE093CF20FFB7CE2171F54B5E4E6BFACAB
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213434.roa
Signing time:             Tue 03 Feb 2026 19:08:22 +0000
ROA not before:           Tue 03 Feb 2026 19:03:22 +0000
ROA not after:            Tue 02 Feb 2027 19:08:22 +0000
asID:                     213434
IP address blocks:        2a0f:85c1:b79::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:e0:8a:ae:09:3c:f2:0f:fb:7c:e2:17:1f:54:b5:e4:e6:bf:ac:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Feb  3 19:03:22 2026 GMT
            Not After : Feb  2 19:08:22 2027 GMT
        Subject: CN=E3B881A1A4A9E75B12904D19C444F25089CF4172
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:0c:99:de:2e:bc:ef:89:9d:b0:23:2e:d1:fe:
                    cd:79:d4:cf:ce:e4:49:28:3b:88:03:a5:c0:d3:83:
                    4e:41:2e:14:5d:5b:f3:28:88:18:81:55:1f:26:27:
                    57:75:86:2a:24:aa:62:b7:42:de:08:29:96:64:65:
                    c8:23:5b:9e:b1:44:e8:1b:87:20:db:32:92:46:90:
                    d6:bb:91:0f:0e:de:01:9a:0d:fc:5b:05:ae:20:fc:
                    46:93:4d:19:ec:21:bc:3c:a1:78:29:0b:7c:20:17:
                    a6:f8:ae:59:34:c8:8e:d8:61:39:0d:f6:a6:93:0a:
                    32:93:c7:2e:4d:af:b9:6c:06:34:e1:08:5f:6c:a4:
                    7b:ee:a5:4c:0d:4a:a8:76:ee:e0:67:64:81:b6:32:
                    df:a3:c8:02:a2:3b:83:11:21:aa:44:0e:c0:f4:fc:
                    03:6b:16:f4:d5:66:15:04:93:3f:05:1a:7f:dc:31:
                    12:73:6d:e2:3d:ff:85:6e:21:c1:94:77:c3:d4:92:
                    7b:f2:46:5b:49:68:6b:15:a1:f5:b7:01:56:97:75:
                    9d:b8:a5:48:f4:cd:5d:82:00:b8:5b:8f:d7:1e:3a:
                    ac:09:25:83:d3:8b:7f:69:09:48:8a:0e:b2:75:e0:
                    72:d3:bd:83:23:20:2c:d5:48:aa:03:f2:27:9e:ea:
                    08:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:B8:81:A1:A4:A9:E7:5B:12:90:4D:19:C4:44:F2:50:89:CF:41:72
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213434.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:b79::/48

    Signature Algorithm: sha256WithRSAEncryption
         17:47:d3:0f:fc:e8:41:4a:37:3d:88:18:69:d4:45:ee:12:43:
         8d:85:ea:ce:14:91:c0:9b:c2:94:9f:cb:73:94:f7:2e:63:66:
         07:81:e9:2d:41:4c:c4:40:99:5f:71:77:63:5f:2f:f7:fb:22:
         8b:f8:9f:5d:74:9c:f8:a2:d3:d7:71:16:18:9f:e1:07:d7:be:
         31:13:58:bf:86:3f:a4:fb:ee:c0:e7:4f:be:bf:20:d8:c2:dc:
         23:9e:f6:bf:3d:2d:d8:51:f5:7e:c2:42:e7:70:36:24:73:73:
         41:bd:10:13:aa:67:4f:20:01:ff:da:a9:93:0f:39:72:a5:70:
         74:8a:2a:c7:32:b7:68:98:d3:61:28:c8:cf:27:41:6d:96:62:
         9a:cd:57:ee:db:cf:79:a4:94:e5:7b:9e:4d:58:78:14:52:13:
         c1:10:b8:1f:6d:4f:cc:20:f9:69:1f:68:e9:b0:63:c8:92:9d:
         3d:69:dc:93:44:90:c7:3c:8d:a3:b7:b0:ab:fb:ab:d8:73:30:
         07:69:a8:94:5d:dc:8c:7f:3b:a8:4f:dc:f6:ed:79:e6:ef:81:
         81:af:fc:ff:39:a5:d4:92:0a:90:9b:75:d7:1c:67:48:f4:3b:
         02:b1:42:9a:fe:4c:d0:7e:19:26:90:f2:64:ef:98:6d:7c:0e:
         af:aa:87:f4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUAuCKrgk88g/7fOIXH1S15Oa/rKswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjAyMDMxOTAzMjJaFw0yNzAyMDIxOTA4MjJaMDMxMTAvBgNV
BAMTKEUzQjg4MUExQTRBOUU3NUIxMjkwNEQxOUM0NDRGMjUwODlDRjQxNzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZDJneLrzviZ2wIy7R/s151M/O
5EkoO4gDpcDTg05BLhRdW/MoiBiBVR8mJ1d1hiokqmK3Qt4IKZZkZcgjW56xROgb
hyDbMpJGkNa7kQ8O3gGaDfxbBa4g/EaTTRnsIbw8oXgpC3wgF6b4rlk0yI7YYTkN
9qaTCjKTxy5Nr7lsBjThCF9spHvupUwNSqh27uBnZIG2Mt+jyAKiO4MRIapEDsD0
/ANrFvTVZhUEkz8FGn/cMRJzbeI9/4VuIcGUd8PUknvyRltJaGsVofW3AVaXdZ24
pUj0zV2CALhbj9ceOqwJJYPTi39pCUiKDrJ14HLTvYMjICzVSKoD8iee6gg/AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU47iBoaSp51sSkE0ZxETyUInPQXIwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzNDM0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQt5MA0GCSqGSIb3DQEBCwUAA4IBAQAXR9MP/OhBSjc9iBhp1EXuEkONherOFJHA
m8KUn8tzlPcuY2YHgektQUzEQJlfcXdjXy/3+yKL+J9ddJz4otPXcRYYn+EH174x
E1i/hj+k++7A50++vyDYwtwjnva/PS3YUfV+wkLncDYkc3NBvRATqmdPIAH/2qmT
DzlypXB0iirHMrdomNNhKMjPJ0FtlmKazVfu2895pJTle55NWHgUUhPBELgfbU/M
IPlpH2jpsGPIkp09adyTRJDHPI2jt7Cr+6vYczAHaaiUXdyMfzuoT9z27Xnm74GB
r/z/OaXUkgqQm3XXHGdI9DsCsUKa/kzQfhkmkPJk75htfA6vqof0
-----END CERTIFICATE-----