Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS216336.roa
File:                     AS216336.roa (raw, json)
Hash identifier:          40R6F5TqXr3qzHl4BOsBMaQI7NBb3kS26wm/4f7XPxU=
Subject key identifier:   61:34:8F:45:1B:77:4F:48:F9:0A:F8:4B:C2:E4:8C:BA:BF:86:EA:27
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       0FCD120755760D614D382586BBAF6DB3CD366003
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS216336.roa
Signing time:             Fri 25 Jul 2025 08:07:43 +0000
ROA not before:           Fri 25 Jul 2025 08:02:43 +0000
ROA not after:            Fri 24 Jul 2026 08:07:43 +0000
asID:                     216336
IP address blocks:        2a0f:85c1:400::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 23:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:cd:12:07:55:76:0d:61:4d:38:25:86:bb:af:6d:b3:cd:36:60:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:43 2025 GMT
            Not After : Jul 24 08:07:43 2026 GMT
        Subject: CN=61348F451B774F48F90AF84BC2E48CBABF86EA27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:70:41:cb:3e:d2:fb:c3:76:05:d7:86:7f:63:
                    1e:4d:fb:5a:d2:c4:b5:a8:6a:8a:bb:ea:4a:f5:93:
                    fd:60:56:92:51:38:52:98:d4:4f:6f:05:58:10:90:
                    ac:27:3b:4a:69:2c:2b:83:6a:db:58:05:68:29:b3:
                    69:1d:24:d9:32:51:54:9f:26:9e:18:c7:8b:7a:8e:
                    5e:82:5c:d9:0a:5d:cc:45:1a:28:c6:1a:fc:59:b9:
                    5e:ed:54:c0:6d:02:23:f6:ad:56:3c:cd:2a:d8:aa:
                    b5:54:33:e1:96:b4:c6:6b:3c:64:60:4b:7a:1b:a2:
                    0b:dd:c9:ea:f9:05:d6:ba:47:b4:c7:36:ee:a5:ce:
                    fc:d3:1a:06:25:e1:22:32:ca:41:dc:58:95:65:ae:
                    96:3f:50:60:d6:f6:37:b3:e6:ba:f5:26:5e:35:e7:
                    0a:d1:b6:0a:a9:18:f2:0a:5e:61:fc:22:f3:7d:5f:
                    04:e6:af:55:5d:44:4b:60:32:9d:7b:f3:b4:83:99:
                    33:43:36:aa:2a:24:5c:c5:c5:b1:f4:ce:a6:91:b3:
                    2a:3d:0b:9a:fe:36:30:2b:17:f3:93:62:82:dd:6f:
                    9d:ca:df:46:8c:9a:9c:59:d3:db:21:fd:bf:79:57:
                    ef:bb:9f:38:05:e7:3f:d8:c8:bc:43:1c:ff:7f:7e:
                    ed:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:34:8F:45:1B:77:4F:48:F9:0A:F8:4B:C2:E4:8C:BA:BF:86:EA:27
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS216336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:400::/40

    Signature Algorithm: sha256WithRSAEncryption
         88:ee:fb:9f:e4:41:e0:8f:d3:ca:ec:48:ce:88:f3:c6:a4:93:
         46:62:f5:4f:9c:c1:1d:30:65:76:3d:d3:dc:af:79:c3:95:f8:
         c5:d7:30:da:76:a2:9f:04:27:1b:6e:7a:96:78:a0:94:02:9d:
         a7:36:0c:8f:72:90:20:fb:48:54:0b:02:66:e8:7e:f1:e9:51:
         dd:1a:1d:a9:ba:c4:09:aa:82:d5:6a:1f:93:87:09:71:fc:00:
         e2:52:18:04:d9:2b:5d:f8:c4:7b:8a:08:bc:af:13:82:bc:52:
         7e:5b:2d:18:e5:4a:84:a2:d4:c0:4e:cb:98:6b:52:0c:aa:37:
         45:3f:43:d3:27:14:6b:60:11:47:a3:ac:62:63:3e:58:94:31:
         b0:2e:05:fb:77:9a:d8:14:8a:25:5c:63:99:56:77:25:cd:7b:
         4c:ae:fe:a3:61:22:69:91:6e:98:d7:73:a9:6c:5f:68:ed:f8:
         d5:c6:77:45:6a:c5:b5:f4:15:5f:8d:d2:b8:17:67:fd:b8:f3:
         bc:cb:73:6b:95:7e:86:e2:6c:2a:66:69:71:48:bb:82:5c:ef:
         3c:6e:55:d4:3b:63:f4:8d:5e:8b:29:10:6d:11:0f:7f:5b:6e:
         99:f8:5a:ee:03:e2:71:5b:90:56:be:99:bd:14:ab:fc:f9:1c:
         16:a0:36:18
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUD80SB1V2DWFNOCWGu69ts802YAMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyNDNaFw0yNjA3MjQwODA3NDNaMDMxMTAvBgNV
BAMTKDYxMzQ4RjQ1MUI3NzRGNDhGOTBBRjg0QkMyRTQ4Q0JBQkY4NkVBMjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJcEHLPtL7w3YF14Z/Yx5N+1rS
xLWoaoq76kr1k/1gVpJROFKY1E9vBVgQkKwnO0ppLCuDattYBWgps2kdJNkyUVSf
Jp4Yx4t6jl6CXNkKXcxFGijGGvxZuV7tVMBtAiP2rVY8zSrYqrVUM+GWtMZrPGRg
S3obogvdyer5Bda6R7THNu6lzvzTGgYl4SIyykHcWJVlrpY/UGDW9jez5rr1Jl41
5wrRtgqpGPIKXmH8IvN9XwTmr1VdREtgMp1787SDmTNDNqoqJFzFxbH0zqaRsyo9
C5r+NjArF/OTYoLdb53K30aMmpxZ09sh/b95V++7nzgF5z/YyLxDHP9/fu3RAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUYTSPRRt3T0j5CvhLwuSMur+G6icwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE2MzM2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg+F
wQQwDQYJKoZIhvcNAQELBQADggEBAIju+5/kQeCP08rsSM6I88akk0Zi9U+cwR0w
ZXY909yvecOV+MXXMNp2op8EJxtuepZ4oJQCnac2DI9ykCD7SFQLAmbofvHpUd0a
Ham6xAmqgtVqH5OHCXH8AOJSGATZK134xHuKCLyvE4K8Un5bLRjlSoSi1MBOy5hr
UgyqN0U/Q9MnFGtgEUejrGJjPliUMbAuBft3mtgUiiVcY5lWdyXNe0yu/qNhImmR
bpjXc6lsX2jt+NXGd0VqxbX0FV+N0rgXZ/2487zLc2uVfobibCpmaXFIu4Jc7zxu
VdQ7Y/SNXospEG0RD39bbpn4Wu4D4nFbkFa+mb0Uq/z5HBagNhg=
-----END CERTIFICATE-----