Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS212539.roa
File:                     AS212539.roa (raw, json)
Hash identifier:          Q4QRM59dozmSpb/g/UDUBoYFDqJIyZYPhdGq+kurs6A=
Subject key identifier:   64:EF:C2:8B:5E:7F:5A:28:0B:89:17:14:52:11:99:BE:20:69:8D:2F
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       307D9E52A49B3ABAA97C20700953FF0C0BDBF359
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS212539.roa
Signing time:             Mon 16 Feb 2026 12:34:01 +0000
ROA not before:           Mon 16 Feb 2026 12:29:01 +0000
ROA not after:            Mon 15 Feb 2027 12:34:01 +0000
asID:                     212539
IP address blocks:        2a14:7584:6000::/36 maxlen: 36
                          2a14:7584:6000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:7d:9e:52:a4:9b:3a:ba:a9:7c:20:70:09:53:ff:0c:0b:db:f3:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Feb 16 12:29:01 2026 GMT
            Not After : Feb 15 12:34:01 2027 GMT
        Subject: CN=64EFC28B5E7F5A280B891714521199BE20698D2F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:fb:28:e0:81:fd:b0:a3:57:58:86:2a:e0:c4:
                    74:0b:4b:0a:e5:e4:7f:61:6a:2e:bf:76:28:5b:9c:
                    64:3f:99:ce:53:19:93:04:46:65:cb:80:ee:ba:03:
                    25:26:a1:40:2d:c6:39:02:8a:e3:00:12:97:e5:8b:
                    92:b7:12:9e:7d:9d:3e:5b:b3:0c:1c:37:f1:1a:1e:
                    a3:44:6f:52:90:d5:f3:d9:4b:52:22:09:dc:96:7c:
                    88:63:74:b0:3a:54:05:75:71:b3:f9:8d:2d:23:a0:
                    ca:67:ed:c0:79:91:d9:a4:01:02:4f:ec:34:c1:f9:
                    f9:32:ee:3c:2c:bc:a0:31:22:59:ba:db:4f:54:ba:
                    ec:52:ce:4c:5d:71:c8:dc:bd:5c:80:78:03:44:5f:
                    8a:7a:9b:f8:ef:f2:4e:e1:a2:4a:ce:eb:b1:e9:ba:
                    18:a9:88:d2:50:c2:c3:f9:e8:ed:db:6e:62:bc:67:
                    12:14:a7:65:a3:33:eb:48:52:19:33:b0:56:14:6a:
                    59:88:e0:96:0b:0b:99:dc:57:07:88:33:02:6d:84:
                    ce:55:59:b1:36:aa:db:c9:3f:09:06:c3:f0:4a:3f:
                    9e:58:45:0e:c6:78:76:d2:c9:52:30:25:db:b3:c3:
                    08:3b:37:05:45:ad:9f:65:65:6a:5f:bb:9f:55:cc:
                    ce:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:EF:C2:8B:5E:7F:5A:28:0B:89:17:14:52:11:99:BE:20:69:8D:2F
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS212539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7584:6000::/36

    Signature Algorithm: sha256WithRSAEncryption
         53:3e:24:f8:09:4b:46:b9:72:56:b4:a7:cd:41:2a:4e:3b:8a:
         9f:7d:d9:10:0d:fe:3b:03:f5:a7:5a:d0:6b:ea:27:8c:cf:0f:
         2c:d6:56:41:da:f7:a5:8f:30:66:d1:29:26:51:bb:e3:1e:63:
         48:e5:3e:42:0f:0b:04:66:ce:94:0a:76:63:7c:d5:6a:6f:61:
         33:d7:44:f5:0a:75:4e:0e:94:fd:1f:9d:3d:66:a0:62:74:6a:
         5d:be:82:ab:40:88:60:7c:2e:95:62:c1:ea:46:9d:34:9a:2d:
         5b:80:46:f0:d7:5b:db:62:21:b7:6e:dc:f1:91:9d:48:6d:77:
         55:23:b0:e3:a9:5d:54:6a:b4:3c:42:e4:d3:92:dd:12:5d:bc:
         84:74:50:cd:81:b6:44:96:46:47:4c:72:12:86:8a:77:2d:37:
         34:12:dd:53:57:41:0e:16:0c:90:0b:4e:6f:61:2a:c3:d0:d1:
         83:09:9c:99:93:83:d7:ce:04:2d:cb:13:7c:6d:b3:e4:89:29:
         88:0f:5e:8b:a9:58:e0:ad:03:a4:af:77:02:4e:e9:e4:ba:7c:
         9d:bd:87:12:30:36:e3:7a:ba:a6:5e:cd:b3:f3:99:d2:62:b5:
         d5:db:71:5d:d2:f4:bb:df:57:29:82:d1:06:e9:32:8a:c1:5a:
         47:3e:70:4d
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUMH2eUqSbOrqpfCBwCVP/DAvb81kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjAyMTYxMjI5MDFaFw0yNzAyMTUxMjM0MDFaMDMxMTAvBgNV
BAMTKDY0RUZDMjhCNUU3RjVBMjgwQjg5MTcxNDUyMTE5OUJFMjA2OThEMkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy+yjggf2wo1dYhirgxHQLSwrl
5H9hai6/dihbnGQ/mc5TGZMERmXLgO66AyUmoUAtxjkCiuMAEpfli5K3Ep59nT5b
swwcN/EaHqNEb1KQ1fPZS1IiCdyWfIhjdLA6VAV1cbP5jS0joMpn7cB5kdmkAQJP
7DTB+fky7jwsvKAxIlm6209UuuxSzkxdccjcvVyAeANEX4p6m/jv8k7hokrO67Hp
uhipiNJQwsP56O3bbmK8ZxIUp2WjM+tIUhkzsFYUalmI4JYLC5ncVweIMwJthM5V
WbE2qtvJPwkGw/BKP55YRQ7GeHbSyVIwJduzwwg7NwVFrZ9lZWpfu59VzM4lAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUZO/Ci15/WigLiRcUUhGZviBpjS8wHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjEyNTM5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhR1
hGAwDQYJKoZIhvcNAQELBQADggEBAFM+JPgJS0a5cla0p81BKk47ip992RAN/jsD
9ada0GvqJ4zPDyzWVkHa96WPMGbRKSZRu+MeY0jlPkIPCwRmzpQKdmN81WpvYTPX
RPUKdU4OlP0fnT1moGJ0al2+gqtAiGB8LpViwepGnTSaLVuARvDXW9tiIbdu3PGR
nUhtd1UjsOOpXVRqtDxC5NOS3RJdvIR0UM2BtkSWRkdMchKGinctNzQS3VNXQQ4W
DJALTm9hKsPQ0YMJnJmTg9fOBC3LE3xts+SJKYgPXoupWOCtA6SvdwJO6eS6fJ29
hxIwNuN6uqZezbPzmdJitdXbcV3S9LvfVymC0QbpMorBWkc+cE0=
-----END CERTIFICATE-----