Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS211407.roa
File:                     AS211407.roa (raw, json)
Hash identifier:          0ZimBGVp0EUVNk9fcr2St8MPtrYrBl94yPCqFWPmBJs=
Subject key identifier:   C5:73:41:FB:05:86:04:CC:CB:94:40:0E:60:74:94:02:75:63:9B:A1
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       50D2F4282A1D8DBD1F514C275251B6A9028989CA
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS211407.roa
Signing time:             Sat 04 Apr 2026 04:43:34 +0000
ROA not before:           Sat 04 Apr 2026 04:38:34 +0000
ROA not after:            Sat 03 Apr 2027 04:43:34 +0000
asID:                     211407
IP address blocks:        141.11.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:d2:f4:28:2a:1d:8d:bd:1f:51:4c:27:52:51:b6:a9:02:89:89:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Apr  4 04:38:34 2026 GMT
            Not After : Apr  3 04:43:34 2027 GMT
        Subject: CN=C57341FB058604CCCB94400E6074940275639BA1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:3a:a4:57:3e:fc:a7:40:cd:d3:1d:ef:34:ff:
                    2d:ac:46:55:81:63:1a:d4:eb:17:8c:20:8f:a5:88:
                    6c:02:d4:13:bc:93:f0:d2:30:30:e4:cb:69:56:6c:
                    a1:cf:48:e2:55:57:ee:46:2a:96:8f:56:b6:9b:19:
                    e7:81:93:89:1d:78:18:45:18:a0:7d:a9:63:d1:63:
                    23:f3:53:95:4a:7e:53:43:e5:c3:82:2f:2a:92:88:
                    b8:2e:53:44:d7:31:c8:bb:26:e5:6c:8a:28:fc:2c:
                    85:4a:1c:84:ff:d8:47:6a:f3:fc:66:cd:0f:d8:2e:
                    2b:dc:4d:1c:8c:7a:fb:96:e8:fc:4f:bc:42:49:3b:
                    5e:fe:a0:68:0b:51:46:31:c8:d1:5b:ea:66:11:94:
                    b1:b3:2d:7c:7a:af:c8:09:b4:8f:ca:ae:8d:d2:34:
                    74:ab:65:52:0b:d0:7f:66:38:af:d3:a0:cd:95:a7:
                    17:84:74:ed:eb:97:b0:e5:a3:97:c5:90:6a:8e:55:
                    ee:b4:8d:11:79:61:d7:25:93:06:b1:32:93:6c:a4:
                    c9:40:ae:6a:1f:97:f9:ca:8c:7d:97:ce:e5:9e:cc:
                    98:27:92:dc:72:5c:6d:81:f3:1f:31:48:6f:eb:61:
                    20:e1:fb:14:01:22:ee:df:60:7a:81:91:e6:ae:8d:
                    9a:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:73:41:FB:05:86:04:CC:CB:94:40:0E:60:74:94:02:75:63:9B:A1
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS211407.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:4a:25:3e:67:97:e2:52:c2:1f:a6:dc:01:86:11:1f:6a:0e:
         d9:f0:3e:28:06:fe:4c:c1:58:e8:34:d0:eb:ac:2a:61:80:e3:
         7f:8a:0a:62:76:4f:16:e9:22:33:53:ef:b3:29:9a:00:43:35:
         d5:06:d4:82:3f:d9:e2:a4:ba:5b:d4:19:bc:cb:5b:31:f3:1c:
         46:3b:75:58:df:0f:35:49:2d:ec:fa:5a:14:b3:8d:d4:e4:06:
         b1:0e:bf:53:ea:6e:fd:17:64:d8:b0:14:44:a5:ba:fc:29:dc:
         28:4a:de:9f:f8:ec:0a:2b:37:05:33:84:7b:d5:3f:fb:79:6a:
         1c:7a:b9:c3:d4:7a:43:e6:42:2b:54:1a:5d:9d:46:d9:2e:bb:
         5f:26:00:c8:56:eb:e3:c3:fd:7a:89:31:cb:af:1f:e4:bf:61:
         c1:02:87:76:ac:34:04:d6:5a:20:5d:4a:5d:cf:06:8b:04:fb:
         3b:5d:74:8f:de:5d:8a:a2:5c:72:a2:86:9a:6d:f7:48:ab:86:
         57:3a:27:9b:83:de:35:9d:42:13:5e:94:a4:3b:e6:6e:ba:52:
         ce:78:f1:cd:2a:16:d6:eb:c8:1c:b5:8e:42:a2:ee:e1:b9:98:
         6b:ca:fb:22:ca:6f:43:7b:ca:18:98:7a:4c:69:1c:e6:6b:51:
         8c:37:ac:62
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUUNL0KCodjb0fUUwnUlG2qQKJicowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA0MDQwNDM4MzRaFw0yNzA0MDMwNDQzMzRaMDMxMTAvBgNV
BAMTKEM1NzM0MUZCMDU4NjA0Q0NDQjk0NDAwRTYwNzQ5NDAyNzU2MzlCQTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyOqRXPvynQM3THe80/y2sRlWB
YxrU6xeMII+liGwC1BO8k/DSMDDky2lWbKHPSOJVV+5GKpaPVrabGeeBk4kdeBhF
GKB9qWPRYyPzU5VKflND5cOCLyqSiLguU0TXMci7JuVsiij8LIVKHIT/2Edq8/xm
zQ/YLivcTRyMevuW6PxPvEJJO17+oGgLUUYxyNFb6mYRlLGzLXx6r8gJtI/Kro3S
NHSrZVIL0H9mOK/ToM2VpxeEdO3rl7Dlo5fFkGqOVe60jRF5YdclkwaxMpNspMlA
rmofl/nKjH2XzuWezJgnktxyXG2B8x8xSG/rYSDh+xQBIu7fYHqBkeaujZrdAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUxXNB+wWGBMzLlEAOYHSUAnVjm6EwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjExNDA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQvx
MA0GCSqGSIb3DQEBCwUAA4IBAQAuSiU+Z5fiUsIfptwBhhEfag7Z8D4oBv5MwVjo
NNDrrCphgON/igpidk8W6SIzU++zKZoAQzXVBtSCP9nipLpb1Bm8y1sx8xxGO3VY
3w81SS3s+loUs43U5AaxDr9T6m79F2TYsBREpbr8KdwoSt6f+OwKKzcFM4R71T/7
eWocernD1HpD5kIrVBpdnUbZLrtfJgDIVuvjw/16iTHLrx/kv2HBAod2rDQE1log
XUpdzwaLBPs7XXSP3l2KolxyooaabfdIq4ZXOiebg941nUITXpSkO+ZuulLOePHN
KhbW68gctY5Cou7huZhryvsiym9De8oYmHpMaRzma1GMN6xi
-----END CERTIFICATE-----