Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS216326.roa
File:                     AS216326.roa (raw, json)
Hash identifier:          A74mz1leS9hpMIo3EoAwIvStulEuJBzyPsq1bg5/CqM=
Subject key identifier:   E9:7E:C2:58:31:06:80:9A:3C:C3:B2:D4:32:AD:31:BE:55:AA:B4:D4
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       017D5765B5712B49FAD1C2DA75C0A74D7C3020DB
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS216326.roa
Signing time:             Thu 07 Aug 2025 00:16:38 +0000
ROA not before:           Thu 07 Aug 2025 00:11:38 +0000
ROA not after:            Thu 06 Aug 2026 00:16:38 +0000
asID:                     216326
IP address blocks:        2a0f:85c1:c11::/48 maxlen: 48
                          2a0f:85c1:cc0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 08:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:7d:57:65:b5:71:2b:49:fa:d1:c2:da:75:c0:a7:4d:7c:30:20:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug  7 00:11:38 2025 GMT
            Not After : Aug  6 00:16:38 2026 GMT
        Subject: CN=E97EC2583106809A3CC3B2D432AD31BE55AAB4D4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:55:e0:c8:82:25:d5:e2:4b:5e:43:1f:d9:a0:
                    1a:83:91:93:8a:b0:fe:26:3f:9d:1f:ed:0d:21:c1:
                    d2:c0:fd:e7:e1:4e:e9:d3:51:9d:60:18:69:7a:3d:
                    66:b9:9a:ed:20:05:43:ee:53:69:81:38:5d:b5:22:
                    a2:f1:94:b9:2c:81:fb:e7:84:1e:64:e0:7f:f5:ac:
                    6e:04:71:13:76:e5:97:10:e0:e2:9a:ee:27:df:ba:
                    eb:20:f8:28:6b:d4:20:26:cb:c4:94:7b:28:c6:c1:
                    7a:c3:3e:49:6d:28:65:d1:4d:a1:92:10:a5:69:80:
                    10:0f:30:c8:7d:44:73:b6:d9:3b:24:57:63:a4:a2:
                    85:5d:2b:f2:56:8a:0f:93:65:fd:26:7d:7c:68:ac:
                    c5:14:b3:3f:67:8b:b4:f8:eb:7a:a6:e1:19:cd:36:
                    9f:de:f6:89:24:e9:f7:f7:06:d4:81:ca:4e:59:52:
                    a2:bd:45:66:dd:1a:b7:27:4c:ec:99:a0:78:fd:f4:
                    63:57:b9:a3:ca:3f:74:93:3c:e3:9a:57:fc:de:48:
                    ba:67:a6:a7:9d:a1:3c:c7:50:0c:43:2e:40:da:29:
                    29:f0:a0:e1:5e:03:8a:14:b4:73:9e:ce:d0:30:c8:
                    81:84:ce:78:65:3b:fe:5f:11:f9:9f:93:e0:9e:58:
                    5a:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:7E:C2:58:31:06:80:9A:3C:C3:B2:D4:32:AD:31:BE:55:AA:B4:D4
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS216326.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:c11::/48
                  2a0f:85c1:cc0::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:c2:0a:bd:5a:75:9e:91:7f:93:bf:18:e5:b3:12:af:76:10:
         6e:2f:ec:a9:01:88:a8:ee:95:2a:22:b8:e8:41:cc:97:7a:82:
         f3:1b:44:74:a5:d8:ee:e7:16:14:6b:3e:c3:16:14:66:d2:23:
         1b:35:40:14:e7:18:0f:4c:ed:93:66:b3:c0:a0:b8:08:dc:31:
         63:ef:6a:14:fb:54:85:36:d4:bb:9d:21:c4:ea:6a:d1:fc:47:
         e4:63:ea:56:5d:44:25:28:c0:8f:10:9c:73:5d:de:9a:69:56:
         da:35:cf:f9:01:b6:57:f6:cb:c8:93:fa:21:85:cf:db:c9:0c:
         43:e2:16:be:e9:19:f5:4a:fd:a4:c4:ba:24:34:1f:f2:e9:a1:
         6a:23:19:09:b1:67:de:b7:0f:bb:1e:bc:ce:f8:e5:60:c8:ee:
         dc:c1:03:27:3a:1e:5f:df:b2:5c:6c:7b:51:9c:0c:04:d6:a1:
         95:e9:1c:ac:ef:5f:3d:5e:d7:30:e8:e9:f5:69:f0:c1:65:40:
         8a:97:0a:fd:a8:95:aa:8a:d7:41:57:7a:00:91:10:3e:25:81:
         fd:92:cb:67:33:04:f2:ca:f0:5f:f3:e3:82:99:34:64:b7:ab:
         3e:77:19:40:59:45:03:da:9c:36:4e:c9:09:fb:ac:0e:be:54:
         28:fd:2f:00
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUAX1XZbVxK0n60cLadcCnTXwwINswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA4MDcwMDExMzhaFw0yNjA4MDYwMDE2MzhaMDMxMTAvBgNV
BAMTKEU5N0VDMjU4MzEwNjgwOUEzQ0MzQjJENDMyQUQzMUJFNTVBQUI0RDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdVeDIgiXV4kteQx/ZoBqDkZOK
sP4mP50f7Q0hwdLA/efhTunTUZ1gGGl6PWa5mu0gBUPuU2mBOF21IqLxlLksgfvn
hB5k4H/1rG4EcRN25ZcQ4OKa7iffuusg+Chr1CAmy8SUeyjGwXrDPkltKGXRTaGS
EKVpgBAPMMh9RHO22TskV2OkooVdK/JWig+TZf0mfXxorMUUsz9ni7T463qm4RnN
Np/e9okk6ff3BtSByk5ZUqK9RWbdGrcnTOyZoHj99GNXuaPKP3STPOOaV/zeSLpn
pqedoTzHUAxDLkDaKSnwoOFeA4oUtHOeztAwyIGEznhlO/5fEfmfk+CeWFphAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQU6X7CWDEGgJo8w7LUMq0xvlWqtNQwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE2MzI2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg+F
wQwRAwcAKg+FwQzAMA0GCSqGSIb3DQEBCwUAA4IBAQBRwgq9WnWekX+TvxjlsxKv
dhBuL+ypAYio7pUqIrjoQcyXeoLzG0R0pdju5xYUaz7DFhRm0iMbNUAU5xgPTO2T
ZrPAoLgI3DFj72oU+1SFNtS7nSHE6mrR/EfkY+pWXUQlKMCPEJxzXd6aaVbaNc/5
AbZX9svIk/ohhc/byQxD4ha+6Rn1Sv2kxLokNB/y6aFqIxkJsWfetw+7HrzO+OVg
yO7cwQMnOh5f37JcbHtRnAwE1qGV6Rys7189Xtcw6On1afDBZUCKlwr9qJWqitdB
V3oAkRA+JYH9kstnMwTyyvBf8+OCmTRkt6s+dxlAWUUD2pw2TskJ+6wOvlQo/S8A
-----END CERTIFICATE-----