Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213767.roa
File:                     AS213767.roa (raw, json)
Hash identifier:          pPUb6lXw7YSi2OUeCEwSb/T92cUzfpOa5C/tsMk8IB8=
Subject key identifier:   57:48:C4:6B:67:32:00:F0:1D:76:54:03:ED:92:D8:0E:B3:03:8A:C3
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       2A41B98BAC911E9EE8EDBFDF2085280507CC7DA7
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213767.roa
Signing time:             Thu 26 Feb 2026 04:08:27 +0000
ROA not before:           Thu 26 Feb 2026 04:03:27 +0000
ROA not after:            Thu 25 Feb 2027 04:08:27 +0000
asID:                     213767
IP address blocks:        2a0f:85c1:8f5::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:41:b9:8b:ac:91:1e:9e:e8:ed:bf:df:20:85:28:05:07:cc:7d:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Feb 26 04:03:27 2026 GMT
            Not After : Feb 25 04:08:27 2027 GMT
        Subject: CN=5748C46B673200F01D765403ED92D80EB3038AC3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:2e:39:79:15:22:4a:7f:cf:50:ab:ed:04:51:
                    7f:7d:ab:84:fb:87:e4:10:57:d8:e3:c9:d1:3d:51:
                    1c:5c:47:fc:7d:34:0c:10:d8:ed:99:60:b7:cb:69:
                    2d:e9:4d:f6:f8:f9:6d:2b:ee:a1:e6:71:0c:07:70:
                    1a:f9:98:6b:fc:f1:0c:10:ef:9d:ae:fe:52:de:7c:
                    32:14:d3:56:be:66:93:86:63:10:0b:ca:64:3f:c8:
                    20:91:a4:8a:9e:02:2d:8b:62:6b:4e:80:87:24:23:
                    8d:22:51:cc:1d:b3:78:23:c2:2e:45:2c:0f:43:14:
                    1e:0b:99:46:18:a4:fc:48:f8:08:5e:a8:0c:0d:49:
                    8d:cf:2f:92:7f:20:cb:4a:82:91:e7:7d:8a:8c:6a:
                    ec:da:f3:3b:3b:0b:3e:d6:f6:71:c4:56:bd:7d:80:
                    24:0b:e8:b9:d8:77:dc:5c:f9:cf:24:a0:85:07:9c:
                    2d:47:21:d5:8d:8c:0c:5f:39:bb:a6:80:71:21:d2:
                    9e:ab:d2:47:95:c0:a0:86:5a:b5:5c:03:29:61:3d:
                    31:35:ab:cf:6c:26:b3:4e:ba:19:1f:70:b9:eb:36:
                    f9:1e:36:94:6a:f1:17:53:f3:0b:05:68:29:4d:f6:
                    3f:0d:e8:13:83:83:7d:21:52:28:3b:3e:ad:d4:a0:
                    ba:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:48:C4:6B:67:32:00:F0:1D:76:54:03:ED:92:D8:0E:B3:03:8A:C3
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213767.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:8f5::/48

    Signature Algorithm: sha256WithRSAEncryption
         3c:75:8d:2c:1f:2c:3f:32:d9:17:d9:01:fd:b7:7f:0c:e0:18:
         f1:f1:d0:60:9b:8c:bd:35:38:5e:f5:e3:64:11:c1:43:22:d5:
         cb:12:f6:68:a4:01:1f:d3:ab:17:e4:f8:bc:2d:5a:a4:9a:df:
         f2:3b:c6:97:8c:fa:91:b4:98:6d:71:e1:ad:3d:94:e8:ae:03:
         cf:15:63:17:f6:26:7b:65:31:a2:14:13:e1:e3:ff:ee:38:10:
         f6:56:a4:eb:2e:6b:fa:25:7f:d8:68:b0:8d:87:7b:b2:fa:3d:
         a9:84:d1:40:e7:da:da:c7:87:87:e5:ec:5a:9f:a9:88:01:9b:
         71:1b:c1:90:37:b3:56:8e:65:a7:87:fe:13:2d:b9:d3:4d:d4:
         45:37:1a:f6:05:66:bc:33:1a:4f:04:47:04:62:69:7a:da:e5:
         77:10:aa:cd:25:ab:84:d2:9f:10:47:ea:c1:72:ec:79:e6:8d:
         82:b6:ce:a0:e2:9f:43:ef:72:dc:47:41:1c:10:24:e0:b0:b0:
         f6:3a:69:f4:e2:7a:f5:28:96:84:d6:88:25:55:87:8d:25:1b:
         ee:a6:32:b6:2a:00:9b:08:d1:22:62:d1:0f:15:d8:5c:11:12:
         f6:5e:74:b6:b4:32:80:47:b0:c2:46:9a:86:4a:59:98:b0:b9:
         90:9c:76:24
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUKkG5i6yRHp7o7b/fIIUoBQfMfacwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjAyMjYwNDAzMjdaFw0yNzAyMjUwNDA4MjdaMDMxMTAvBgNV
BAMTKDU3NDhDNDZCNjczMjAwRjAxRDc2NTQwM0VEOTJEODBFQjMwMzhBQzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXLjl5FSJKf89Qq+0EUX99q4T7
h+QQV9jjydE9URxcR/x9NAwQ2O2ZYLfLaS3pTfb4+W0r7qHmcQwHcBr5mGv88QwQ
752u/lLefDIU01a+ZpOGYxALymQ/yCCRpIqeAi2LYmtOgIckI40iUcwds3gjwi5F
LA9DFB4LmUYYpPxI+AheqAwNSY3PL5J/IMtKgpHnfYqMauza8zs7Cz7W9nHEVr19
gCQL6LnYd9xc+c8koIUHnC1HIdWNjAxfObumgHEh0p6r0keVwKCGWrVcAylhPTE1
q89sJrNOuhkfcLnrNvkeNpRq8RdT8wsFaClN9j8N6BODg30hUig7Pq3UoLqJAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUV0jEa2cyAPAddlQD7ZLYDrMDisMwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzNzY3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQj1MA0GCSqGSIb3DQEBCwUAA4IBAQA8dY0sHyw/MtkX2QH9t38M4Bjx8dBgm4y9
NThe9eNkEcFDItXLEvZopAEf06sX5Pi8LVqkmt/yO8aXjPqRtJhtceGtPZTorgPP
FWMX9iZ7ZTGiFBPh4//uOBD2VqTrLmv6JX/YaLCNh3uy+j2phNFA59rax4eH5exa
n6mIAZtxG8GQN7NWjmWnh/4TLbnTTdRFNxr2BWa8MxpPBEcEYml62uV3EKrNJauE
0p8QR+rBcux55o2Cts6g4p9D73LcR0EcECTgsLD2Omn04nr1KJaE1oglVYeNJRvu
pjK2KgCbCNEiYtEPFdhcERL2XnS2tDKAR7DCRpqGSlmYsLmQnHYk
-----END CERTIFICATE-----