Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS211415.roa
File:                     AS211415.roa (raw, json)
Hash identifier:          xKh2Da+/Y/j1AkV74y359T/9bMWYPHAWbn/jy6df8xw=
Subject key identifier:   D1:80:D6:0A:2A:AC:85:5E:E3:DE:3F:B1:F0:7F:13:E5:2D:57:1E:87
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       27B30F7A73DD0A6592FC22541F62678BBC75AA33
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS211415.roa
Signing time:             Wed 04 Feb 2026 13:15:43 +0000
ROA not before:           Wed 04 Feb 2026 13:10:43 +0000
ROA not after:            Wed 03 Feb 2027 13:15:43 +0000
asID:                     211415
IP address blocks:        141.11.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:b3:0f:7a:73:dd:0a:65:92:fc:22:54:1f:62:67:8b:bc:75:aa:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Feb  4 13:10:43 2026 GMT
            Not After : Feb  3 13:15:43 2027 GMT
        Subject: CN=D180D60A2AAC855EE3DE3FB1F07F13E52D571E87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:99:96:df:dd:2b:a3:ce:aa:f6:19:9a:92:fa:
                    c0:f8:1c:be:78:0f:cb:d2:f8:89:41:c5:6d:9f:98:
                    57:dc:93:d5:ac:4f:0d:c2:bd:bf:a7:fd:cb:27:ab:
                    80:47:29:36:01:85:fd:9b:6d:b5:b6:1e:30:fb:2f:
                    a5:a2:f1:54:7e:f9:81:74:43:16:61:60:c6:4c:cb:
                    e6:e7:5d:2f:09:f9:23:fd:c9:fd:aa:14:d3:a3:fb:
                    16:2b:9e:8c:73:08:80:59:ef:5a:d0:2a:cd:f2:7b:
                    4e:b0:fc:90:24:12:60:2e:61:09:ae:2e:48:a0:8b:
                    c6:88:a3:a1:40:a0:fc:1d:a9:f8:6d:98:71:c8:a8:
                    bc:ef:bd:a9:60:e9:5a:ee:07:13:e8:0f:5e:65:4a:
                    3e:b1:ab:ba:80:f4:e9:c7:39:23:e0:28:93:ac:03:
                    4c:97:90:24:a4:44:dc:40:1b:ff:de:5f:d2:ad:e8:
                    f2:83:2c:45:92:3e:99:b8:37:4a:87:6c:d3:dc:85:
                    c6:59:17:e6:aa:33:2e:4e:f4:a7:ca:4e:28:d5:ce:
                    20:f0:0e:b4:c5:ad:81:c9:ea:36:13:65:35:df:0b:
                    82:82:a5:16:42:a2:17:e2:bf:bd:f5:b4:9d:9d:fd:
                    0f:2d:e3:c6:a8:55:00:89:d9:2b:59:6c:66:ba:69:
                    3c:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:80:D6:0A:2A:AC:85:5E:E3:DE:3F:B1:F0:7F:13:E5:2D:57:1E:87
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS211415.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:47:b9:ce:4b:a6:c5:4d:34:0f:29:01:d9:44:31:a9:99:f2:
         98:3b:4e:cf:3e:62:81:2e:a2:74:9e:82:38:93:40:61:e0:e9:
         fa:d0:9e:6d:e0:1a:3f:9d:16:30:43:21:9b:18:81:d2:c3:c6:
         54:3b:02:58:a6:93:bd:a2:e5:52:e9:cd:91:ad:2e:ec:c3:6b:
         69:f6:5b:5d:d0:31:1b:01:5c:f2:78:10:d2:a5:ca:ce:0e:bd:
         9d:b8:0d:d2:db:ac:05:92:fe:a1:e0:28:24:89:d7:5f:45:17:
         00:a6:e9:81:de:03:81:45:bf:83:83:13:25:20:1c:75:10:03:
         35:39:dc:d2:a5:b4:f2:ad:24:7d:60:4f:17:3e:43:45:27:d1:
         f4:92:82:ca:e4:77:10:c3:55:a2:b6:a7:be:ca:42:80:00:08:
         13:32:e6:ad:3c:33:8f:26:ea:43:88:1b:26:fe:df:3c:9d:03:
         0c:89:89:46:b6:cb:63:93:67:52:b8:60:55:e5:61:73:da:77:
         73:6d:cc:e5:fe:6d:89:ab:4b:50:01:11:7e:2c:24:20:a7:ff:
         ca:5f:74:c9:8e:2d:f0:fc:52:ac:32:73:3b:82:e0:06:37:c1:
         d7:a9:fe:ca:95:19:a8:c2:f5:61:9e:27:aa:94:93:2f:3f:ea:
         75:87:5f:4a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUJ7MPenPdCmWS/CJUH2Jni7x1qjMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjAyMDQxMzEwNDNaFw0yNzAyMDMxMzE1NDNaMDMxMTAvBgNV
BAMTKEQxODBENjBBMkFBQzg1NUVFM0RFM0ZCMUYwN0YxM0U1MkQ1NzFFODcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmmZbf3Sujzqr2GZqS+sD4HL54
D8vS+IlBxW2fmFfck9WsTw3Cvb+n/csnq4BHKTYBhf2bbbW2HjD7L6Wi8VR++YF0
QxZhYMZMy+bnXS8J+SP9yf2qFNOj+xYrnoxzCIBZ71rQKs3ye06w/JAkEmAuYQmu
Lkigi8aIo6FAoPwdqfhtmHHIqLzvvalg6VruBxPoD15lSj6xq7qA9OnHOSPgKJOs
A0yXkCSkRNxAG//eX9Kt6PKDLEWSPpm4N0qHbNPchcZZF+aqMy5O9KfKTijVziDw
DrTFrYHJ6jYTZTXfC4KCpRZCohfiv731tJ2d/Q8t48aoVQCJ2StZbGa6aTwDAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU0YDWCiqshV7j3j+x8H8T5S1XHocwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjExNDE1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQt9
MA0GCSqGSIb3DQEBCwUAA4IBAQAFR7nOS6bFTTQPKQHZRDGpmfKYO07PPmKBLqJ0
noI4k0Bh4On60J5t4Bo/nRYwQyGbGIHSw8ZUOwJYppO9ouVS6c2RrS7sw2tp9ltd
0DEbAVzyeBDSpcrODr2duA3S26wFkv6h4CgkiddfRRcApumB3gOBRb+DgxMlIBx1
EAM1OdzSpbTyrSR9YE8XPkNFJ9H0koLK5HcQw1Witqe+ykKAAAgTMuatPDOPJupD
iBsm/t88nQMMiYlGtstjk2dSuGBV5WFz2ndzbczl/m2Jq0tQARF+LCQgp//KX3TJ
ji3w/FKsMnM7guAGN8HXqf7KlRmowvVhnieqlJMvP+p1h19K
-----END CERTIFICATE-----