Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS216072.roa
File:                     AS216072.roa (raw, json)
Hash identifier:          OCr2iBhwI5BVsWGXb+U4Ne1NML8O6H6OdBcH8Gy7xJM=
Subject key identifier:   83:CF:54:F1:03:A5:A3:B0:A8:9C:CD:AB:14:22:B1:63:AC:7D:C4:BE
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       1BA4FA556B67B5CB8E8A9C5FD1066B47A430C564
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS216072.roa
Signing time:             Sat 28 Mar 2026 03:15:38 +0000
ROA not before:           Sat 28 Mar 2026 03:10:38 +0000
ROA not after:            Sat 27 Mar 2027 03:15:38 +0000
asID:                     216072
IP address blocks:        2a14:7580:fd00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 18:07:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:a4:fa:55:6b:67:b5:cb:8e:8a:9c:5f:d1:06:6b:47:a4:30:c5:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Mar 28 03:10:38 2026 GMT
            Not After : Mar 27 03:15:38 2027 GMT
        Subject: CN=83CF54F103A5A3B0A89CCDAB1422B163AC7DC4BE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:26:6f:43:56:8f:71:dd:a7:f5:e0:df:f0:bc:
                    7d:11:a1:84:59:06:74:fd:e8:b1:44:66:11:f0:1f:
                    b3:36:80:c2:09:c5:01:c7:f5:f3:93:13:4c:86:ab:
                    e0:92:fe:01:e5:ee:8d:6b:2f:20:19:72:45:7a:4f:
                    5a:73:12:2c:c3:4b:80:5d:7f:36:d4:bc:86:a5:1c:
                    49:b1:1e:93:c0:ad:94:bf:50:fa:21:82:0e:3c:98:
                    fd:3b:92:73:43:6c:4e:32:b4:c3:99:4b:48:f5:5c:
                    14:9a:4d:5e:20:92:f3:a1:22:67:03:e4:9f:5d:5e:
                    2c:1f:29:ef:f3:0a:57:f3:ff:35:0a:53:c5:5d:da:
                    9d:cc:14:09:4c:c2:10:f0:7d:15:2d:49:46:4a:ac:
                    db:d8:98:c3:94:76:64:a1:43:9e:3f:f5:77:2d:e3:
                    af:51:8b:0b:0e:df:54:9e:0a:cf:4a:82:ca:b8:e6:
                    e2:2b:58:4a:82:1d:cd:05:a5:e7:87:73:58:68:33:
                    ab:ef:66:16:21:50:4e:1b:fa:d1:f1:4a:7d:d6:22:
                    93:63:d9:c2:ed:d0:f4:b1:9e:9e:ee:b4:5b:d5:59:
                    cf:41:58:47:62:8e:0d:0e:c7:c7:7b:9f:1a:db:f7:
                    2b:f2:b6:8b:b3:27:2f:03:5f:b5:28:6a:e8:4b:0f:
                    e9:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:CF:54:F1:03:A5:A3:B0:A8:9C:CD:AB:14:22:B1:63:AC:7D:C4:BE
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS216072.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:fd00::/40

    Signature Algorithm: sha256WithRSAEncryption
         02:36:85:4f:c5:f9:12:27:ac:bb:df:d0:c4:3b:db:d9:f0:18:
         c3:98:7e:05:a1:d0:f5:c2:6e:73:b1:dd:ed:e0:a5:87:82:6d:
         11:98:f2:37:e7:91:69:20:01:62:0e:70:b8:aa:cd:6e:cc:bb:
         fb:09:2e:0b:78:27:a7:23:13:d9:73:47:c3:f8:b2:a8:52:75:
         31:bf:4c:65:72:42:60:b1:ea:1b:cf:73:b1:d9:f5:ff:fe:8f:
         de:d5:2e:68:35:a5:3f:6e:83:d5:ed:82:70:3e:6d:ae:9c:6d:
         35:a5:f0:2a:a8:fa:13:77:21:91:0b:ca:8a:e0:64:75:9b:12:
         07:78:fe:92:0e:96:d3:46:12:70:42:57:ac:9a:a3:5b:7d:e0:
         95:14:85:78:57:22:f9:91:8c:1a:b4:9e:9e:46:80:55:f0:7d:
         18:82:21:2f:ab:f2:cc:66:62:7b:d2:1e:c3:d1:9d:0d:30:fe:
         00:18:30:bc:12:ad:5c:9e:68:6a:46:2c:e6:a7:21:73:f6:4d:
         a0:fc:ce:07:67:3d:64:01:04:9c:05:1b:d8:a6:3b:4b:eb:37:
         8f:0b:d7:87:2c:be:6b:9a:f1:ed:aa:ad:e0:e1:18:04:c3:df:
         9b:4b:9f:23:24:fa:0e:24:3f:cf:4b:c0:95:d7:50:1f:5f:e2:
         ec:e9:6c:ac
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUG6T6VWtntcuOipxf0QZrR6QwxWQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjAzMjgwMzEwMzhaFw0yNzAzMjcwMzE1MzhaMDMxMTAvBgNV
BAMTKDgzQ0Y1NEYxMDNBNUEzQjBBODlDQ0RBQjE0MjJCMTYzQUM3REM0QkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcJm9DVo9x3af14N/wvH0RoYRZ
BnT96LFEZhHwH7M2gMIJxQHH9fOTE0yGq+CS/gHl7o1rLyAZckV6T1pzEizDS4Bd
fzbUvIalHEmxHpPArZS/UPohgg48mP07knNDbE4ytMOZS0j1XBSaTV4gkvOhImcD
5J9dXiwfKe/zClfz/zUKU8Vd2p3MFAlMwhDwfRUtSUZKrNvYmMOUdmShQ54/9Xct
469RiwsO31SeCs9Kgsq45uIrWEqCHc0FpeeHc1hoM6vvZhYhUE4b+tHxSn3WIpNj
2cLt0PSxnp7utFvVWc9BWEdijg0Ox8d7nxrb9yvytouzJy8DX7UoauhLD+kJAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUg89U8QOlo7ConM2rFCKxY6x9xL4wHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjE2MDcyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhR1
gP0wDQYJKoZIhvcNAQELBQADggEBAAI2hU/F+RInrLvf0MQ729nwGMOYfgWh0PXC
bnOx3e3gpYeCbRGY8jfnkWkgAWIOcLiqzW7Mu/sJLgt4J6cjE9lzR8P4sqhSdTG/
TGVyQmCx6hvPc7HZ9f/+j97VLmg1pT9ug9XtgnA+ba6cbTWl8Cqo+hN3IZELyorg
ZHWbEgd4/pIOltNGEnBCV6yao1t94JUUhXhXIvmRjBq0np5GgFXwfRiCIS+r8sxm
YnvSHsPRnQ0w/gAYMLwSrVyeaGpGLOanIXP2TaD8zgdnPWQBBJwFG9imO0vrN48L
14csvmua8e2qreDhGATD35tLnyMk+g4kP89LwJXXUB9f4uzpbKw=
-----END CERTIFICATE-----