Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS210356.roa
File:                     AS210356.roa (raw, json)
Hash identifier:          HOfSRdl2kGAnuIH5I/rFK4IUtp8xtDGBOZjlkzE3Z6k=
Subject key identifier:   02:87:2B:56:0B:3A:D0:99:DC:9A:D6:4A:61:84:CA:91:D2:D7:8C:A8
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       63726955AC3B4A2D02AE66730A799529346BA529
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS210356.roa
Signing time:             Thu 11 Jun 2026 14:54:57 +0000
ROA not before:           Thu 11 Jun 2026 14:49:57 +0000
ROA not after:            Thu 10 Jun 2027 14:54:57 +0000
asID:                     210356
IP address blocks:        188.220.168.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:72:69:55:ac:3b:4a:2d:02:ae:66:73:0a:79:95:29:34:6b:a5:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Jun 11 14:49:57 2026 GMT
            Not After : Jun 10 14:54:57 2027 GMT
        Subject: CN=02872B560B3AD099DC9AD64A6184CA91D2D78CA8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:38:8d:8f:6f:d8:59:d0:94:1f:33:06:51:01:
                    bb:b1:e9:97:14:f0:d1:49:bb:0c:21:32:59:c6:ad:
                    4e:8c:05:b1:29:12:51:7c:f0:9c:0f:28:75:2a:e2:
                    5f:4a:38:0a:3d:27:d6:40:e0:e0:03:df:f8:3f:0f:
                    32:a1:04:57:0c:29:48:a3:3d:8a:5c:a0:13:2b:4f:
                    e5:85:08:78:d8:f3:25:c4:5b:16:5c:12:df:72:dc:
                    de:93:0b:c9:b4:52:0d:28:67:73:9e:df:3b:05:57:
                    14:f2:f9:28:e4:91:a5:a5:4c:d8:42:14:a2:8a:0b:
                    fc:94:1c:5a:2b:ec:df:44:c2:3d:4f:27:98:06:7f:
                    fc:a7:3c:89:b1:c5:b8:06:3f:ac:af:61:5f:1c:62:
                    73:63:c0:29:8d:b2:50:b1:41:5b:95:38:67:ff:68:
                    16:bc:b9:a8:7f:1d:8b:54:8e:13:e4:4c:70:64:f3:
                    d8:61:ef:c5:70:ed:23:cc:44:f8:66:b1:f2:e7:af:
                    6d:1b:86:b3:60:c8:bf:21:eb:ba:93:98:24:af:32:
                    4f:79:84:79:9e:39:0c:83:72:4b:77:d3:21:04:01:
                    c1:d6:e4:e0:90:8e:81:b8:c1:77:97:4c:ff:61:86:
                    a8:6f:06:95:59:cc:99:84:32:40:78:e6:42:40:b1:
                    9c:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:87:2B:56:0B:3A:D0:99:DC:9A:D6:4A:61:84:CA:91:D2:D7:8C:A8
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS210356.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.220.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         70:c0:0e:37:b2:55:43:54:34:92:29:49:6b:af:96:b4:c4:0d:
         37:47:7c:e7:3b:d3:90:90:02:47:6f:5f:fc:77:3c:46:dd:7d:
         1c:e7:a8:a8:2e:36:57:74:89:f0:88:06:20:71:50:11:2b:eb:
         63:fe:d2:ac:00:cd:a9:25:ff:55:11:de:96:7f:8d:2d:0b:bb:
         99:c7:57:75:0c:9c:df:3e:b9:10:78:a5:c2:7c:6c:48:22:01:
         b3:37:7b:91:9f:d1:b8:cd:3d:6f:b0:04:94:15:13:06:cc:75:
         57:6a:28:dd:9c:e0:e2:c2:cd:9d:87:91:0b:d2:ea:92:99:93:
         b7:13:3d:83:d1:dc:cf:6b:6b:60:12:d1:3b:20:5e:75:ff:b8:
         fc:e3:0b:0f:02:ef:92:e2:e4:75:ce:fc:d4:6a:ad:74:6d:25:
         d7:c9:8b:42:30:99:ad:32:77:d2:71:73:2a:81:0d:4b:8e:27:
         80:40:b1:7a:cc:6f:95:38:d9:d9:63:da:53:69:e7:59:19:ce:
         b3:3a:de:2f:f7:10:1c:0d:75:52:cc:03:39:51:6c:f6:14:ed:
         2e:86:3b:50:86:68:b5:34:36:55:ef:35:7d:20:96:8e:5a:b0:
         fe:97:a9:c3:a8:c7:50:f7:08:a9:50:56:a9:1f:cd:68:02:c9:
         c0:92:51:47
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUY3JpVaw7Si0CrmZzCnmVKTRrpSkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA2MTExNDQ5NTdaFw0yNzA2MTAxNDU0NTdaMDMxMTAvBgNV
BAMTKDAyODcyQjU2MEIzQUQwOTlEQzlBRDY0QTYxODRDQTkxRDJENzhDQTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkOI2Pb9hZ0JQfMwZRAbux6ZcU
8NFJuwwhMlnGrU6MBbEpElF88JwPKHUq4l9KOAo9J9ZA4OAD3/g/DzKhBFcMKUij
PYpcoBMrT+WFCHjY8yXEWxZcEt9y3N6TC8m0Ug0oZ3Oe3zsFVxTy+SjkkaWlTNhC
FKKKC/yUHFor7N9Ewj1PJ5gGf/ynPImxxbgGP6yvYV8cYnNjwCmNslCxQVuVOGf/
aBa8uah/HYtUjhPkTHBk89hh78Vw7SPMRPhmsfLnr20bhrNgyL8h67qTmCSvMk95
hHmeOQyDckt30yEEAcHW5OCQjoG4wXeXTP9hhqhvBpVZzJmEMkB45kJAsZz/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUAocrVgs60JncmtZKYYTKkdLXjKgwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMjEwMzU2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDvNyo
MA0GCSqGSIb3DQEBCwUAA4IBAQBwwA43slVDVDSSKUlrr5a0xA03R3znO9OQkAJH
b1/8dzxG3X0c56ioLjZXdInwiAYgcVARK+tj/tKsAM2pJf9VEd6Wf40tC7uZx1d1
DJzfPrkQeKXCfGxIIgGzN3uRn9G4zT1vsASUFRMGzHVXaijdnODiws2dh5EL0uqS
mZO3Ez2D0dzPa2tgEtE7IF51/7j84wsPAu+S4uR1zvzUaq10bSXXyYtCMJmtMnfS
cXMqgQ1LjieAQLF6zG+VONnZY9pTaedZGc6zOt4v9xAcDXVSzAM5UWz2FO0uhjtQ
hmi1NDZV7zV9IJaOWrD+l6nDqMdQ9wipUFapH81oAsnAklFH
-----END CERTIFICATE-----