Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS216294.roa
File:                     AS216294.roa (raw, json)
Hash identifier:          hOCb9gAwg8keDmSTjOSKgOQdl6NNT64BhL4U1wZL0NY=
Subject key identifier:   77:9A:08:13:BD:C7:96:24:E7:91:DF:31:6D:93:EB:44:22:B6:23:60
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       74729ADBA5FD6ADAC951378DD7E0CE948D0924DD
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS216294.roa
Signing time:             Fri 20 Feb 2026 06:08:26 +0000
ROA not before:           Fri 20 Feb 2026 06:03:26 +0000
ROA not after:            Fri 19 Feb 2027 06:08:26 +0000
asID:                     216294
IP address blocks:        2a0f:85c1:bbe::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:72:9a:db:a5:fd:6a:da:c9:51:37:8d:d7:e0:ce:94:8d:09:24:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Feb 20 06:03:26 2026 GMT
            Not After : Feb 19 06:08:26 2027 GMT
        Subject: CN=779A0813BDC79624E791DF316D93EB4422B62360
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:14:6e:a5:15:81:b1:7c:90:f4:d7:82:09:95:
                    12:52:68:2a:f2:0c:f3:db:24:62:8f:de:be:35:85:
                    a9:32:5d:55:ab:d9:30:ca:0c:0f:bf:c7:eb:ac:a6:
                    84:6f:22:28:50:1a:29:9c:a2:31:a5:f0:61:7e:db:
                    b7:dd:f4:c9:83:99:d6:a5:08:91:95:69:02:09:51:
                    62:5c:88:ad:7d:2c:b8:0a:f2:5f:fc:8c:dd:e7:ea:
                    3d:50:dd:3e:50:09:61:b7:3c:0d:f4:05:bf:84:47:
                    a0:53:92:ec:71:e2:4f:db:68:a3:e8:7e:d9:ae:e5:
                    3e:24:4e:98:7a:90:3f:85:67:9b:79:dd:75:23:e6:
                    89:cb:d8:fd:0c:a5:a7:a0:7e:3e:03:cf:c8:b3:10:
                    74:9f:a9:69:96:85:db:89:fa:3c:a8:c1:83:d6:4b:
                    1f:95:98:b0:db:b0:ec:89:8a:f3:c5:ce:9f:87:f5:
                    ad:bc:76:99:d6:e4:73:fb:37:30:87:d3:b6:45:88:
                    17:b6:8b:05:e9:f0:ac:e4:98:e9:3d:a6:68:cd:8b:
                    66:2a:ce:fd:9f:a5:d4:23:7c:fa:20:e3:aa:0d:7b:
                    61:6f:93:0c:8a:bd:ca:df:b9:a4:23:59:87:91:95:
                    f6:36:37:ed:02:9d:3b:dc:1a:a6:7e:ee:4e:b6:e6:
                    69:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:9A:08:13:BD:C7:96:24:E7:91:DF:31:6D:93:EB:44:22:B6:23:60
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS216294.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:bbe::/48

    Signature Algorithm: sha256WithRSAEncryption
         ac:ac:ef:78:d1:c1:90:d3:13:08:ae:39:7c:e7:6c:ab:fd:0b:
         09:7f:7d:46:89:31:3d:01:bb:b8:8d:2c:28:52:ba:3e:d2:0a:
         ac:a9:d1:d8:8e:5b:11:6a:8f:04:98:b1:55:40:02:0e:3d:e3:
         b9:19:fa:82:83:1b:0b:2a:0b:3d:b3:79:78:db:5d:1d:43:ce:
         1b:92:54:64:dc:bf:bd:9b:43:7a:5d:4b:c0:3d:dd:e3:7b:88:
         aa:38:ae:01:a1:4a:d5:13:4e:97:48:ad:85:37:a6:cd:c3:be:
         58:f2:4a:6b:38:93:08:e9:a8:ac:57:17:31:10:cf:e9:14:80:
         81:63:b9:b3:d5:34:5b:68:23:a5:c2:35:5f:32:28:8c:3f:67:
         8b:c8:20:e0:0e:2b:49:0e:a1:96:9f:88:b8:00:5e:14:76:45:
         f2:a3:c9:c7:07:b2:63:5a:a7:4f:63:c1:81:35:73:80:fe:6c:
         37:f1:c3:5a:8d:cd:4d:0f:e8:c1:8f:f5:86:69:f5:78:4b:a1:
         d9:36:b5:a2:23:c9:c5:c7:08:46:0b:ac:89:06:60:b8:fb:4b:
         8d:dd:e5:30:36:95:0d:71:55:95:1f:11:fe:b7:2f:a2:a8:da:
         25:41:c0:f0:aa:f6:05:48:52:f9:1e:17:91:a4:58:be:ff:01:
         4d:69:81:fc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUdHKa26X9atrJUTeN1+DOlI0JJN0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjAyMjAwNjAzMjZaFw0yNzAyMTkwNjA4MjZaMDMxMTAvBgNV
BAMTKDc3OUEwODEzQkRDNzk2MjRFNzkxREYzMTZEOTNFQjQ0MjJCNjIzNjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+FG6lFYGxfJD014IJlRJSaCry
DPPbJGKP3r41hakyXVWr2TDKDA+/x+uspoRvIihQGimcojGl8GF+27fd9MmDmdal
CJGVaQIJUWJciK19LLgK8l/8jN3n6j1Q3T5QCWG3PA30Bb+ER6BTkuxx4k/baKPo
ftmu5T4kTph6kD+FZ5t53XUj5onL2P0Mpaegfj4Dz8izEHSfqWmWhduJ+jyowYPW
Sx+VmLDbsOyJivPFzp+H9a28dpnW5HP7NzCH07ZFiBe2iwXp8KzkmOk9pmjNi2Yq
zv2fpdQjfPog46oNe2FvkwyKvcrfuaQjWYeRlfY2N+0CnTvcGqZ+7k625mlrAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUd5oIE73HliTnkd8xbZPrRCK2I2AwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE2Mjk0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQu+MA0GCSqGSIb3DQEBCwUAA4IBAQCsrO940cGQ0xMIrjl852yr/QsJf31GiTE9
Abu4jSwoUro+0gqsqdHYjlsRao8EmLFVQAIOPeO5GfqCgxsLKgs9s3l4210dQ84b
klRk3L+9m0N6XUvAPd3je4iqOK4BoUrVE06XSK2FN6bNw75Y8kprOJMI6aisVxcx
EM/pFICBY7mz1TRbaCOlwjVfMiiMP2eLyCDgDitJDqGWn4i4AF4UdkXyo8nHB7Jj
WqdPY8GBNXOA/mw38cNajc1ND+jBj/WGafV4S6HZNrWiI8nFxwhGC6yJBmC4+0uN
3eUwNpUNcVWVHxH+ty+iqNolQcDwqvYFSFL5HheRpFi+/wFNaYH8
-----END CERTIFICATE-----