Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS212238.roa
File:                     AS212238.roa (raw, json)
Hash identifier:          AGAjCs+wwzCc8ae2u8pX6fti15HT3wE4Bti0WSzJWp8=
Subject key identifier:   B0:F4:CD:7A:84:CE:7D:FF:E1:51:45:89:77:35:15:CE:B3:AA:48:61
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       7A26EC17F4E71805B59CA3116D13679F4C99E608
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS212238.roa
Signing time:             Wed 11 Jun 2025 11:43:58 +0000
ROA not before:           Wed 11 Jun 2025 11:38:58 +0000
ROA not after:            Wed 10 Jun 2026 11:43:58 +0000
asID:                     212238
IP address blocks:        141.11.164.0/24 maxlen: 24
                          141.11.181.0/24 maxlen: 24
                          194.60.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 04:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:26:ec:17:f4:e7:18:05:b5:9c:a3:11:6d:13:67:9f:4c:99:e6:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jun 11 11:38:58 2025 GMT
            Not After : Jun 10 11:43:58 2026 GMT
        Subject: CN=B0F4CD7A84CE7DFFE1514589773515CEB3AA4861
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:03:1a:e4:d6:3f:ce:0d:c5:48:8c:8c:79:93:
                    03:78:1b:c6:28:80:5c:37:f2:27:fb:09:89:37:96:
                    b3:8f:65:3d:2b:7c:ed:68:76:d1:60:83:2e:69:a4:
                    8d:6c:61:e3:73:d2:67:29:b1:76:d8:cd:a5:40:b2:
                    17:e9:29:4e:ee:d6:4a:28:de:e0:ab:30:3d:fd:5a:
                    f2:d5:15:b6:cb:a7:d8:22:bf:c6:d4:ce:76:9d:4a:
                    0e:74:aa:01:c9:98:45:70:87:98:e7:af:c8:40:1a:
                    80:ac:fe:e2:89:c4:3a:ed:c3:f9:13:62:4c:f3:fa:
                    f6:f5:9c:cd:17:c2:f8:00:1f:89:39:fc:b6:19:8a:
                    6c:73:6e:5f:c7:75:8d:d0:dd:ec:a0:7b:e7:1f:1e:
                    b7:ad:22:01:11:ee:c8:f1:52:e5:47:a2:be:24:bc:
                    4c:d0:91:9e:40:77:66:7c:2e:06:67:48:d9:97:75:
                    f9:e6:a3:9a:6b:ee:ad:5f:61:0f:16:85:4b:14:65:
                    12:94:86:58:c8:cb:cf:61:cf:ed:f7:ae:df:82:22:
                    b0:56:1d:60:d1:eb:0b:4a:0f:03:67:b6:55:c1:b2:
                    ec:41:10:fa:b4:9b:8e:fd:4c:ec:81:23:23:66:f5:
                    07:7b:a0:09:05:a0:d6:37:4f:83:78:2c:ee:9b:62:
                    b5:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:F4:CD:7A:84:CE:7D:FF:E1:51:45:89:77:35:15:CE:B3:AA:48:61
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS212238.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.164.0/24
                  141.11.181.0/24
                  194.60.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:dd:ca:cc:f9:de:da:3c:f2:3d:94:99:45:b2:d1:7a:e6:d9:
         7e:c1:c7:7e:af:9f:0b:96:94:0e:96:79:8a:73:2b:3c:9a:b2:
         22:de:bf:fd:96:fe:be:6b:74:f6:2b:89:c8:8e:46:16:78:f0:
         9c:b6:1c:4d:4a:de:8a:0b:34:14:16:77:80:50:c6:ba:32:ea:
         a0:23:64:cc:44:69:b3:30:ab:5e:a3:28:e9:c9:b0:13:d2:9d:
         b7:1a:fd:56:13:35:b1:38:a0:79:54:b4:2e:47:f1:c3:cf:08:
         23:ba:d7:a9:5d:60:a8:5b:82:90:98:71:33:f0:54:60:b2:d1:
         51:56:b6:dc:0f:dc:66:7e:66:b4:d7:16:6f:c9:4c:4a:60:4f:
         64:04:16:bd:55:ee:59:20:e6:63:4e:79:db:c7:41:ab:be:ae:
         6b:cb:80:27:b5:6f:8c:07:43:88:bf:6e:42:56:43:53:7a:9f:
         c4:e7:b1:ee:31:c2:2d:1f:c8:25:75:aa:86:2a:88:59:8f:88:
         dc:13:26:77:87:60:c6:77:eb:e0:8c:5c:31:72:d1:60:5e:09:
         71:aa:88:97:62:f9:02:8a:e8:89:7d:5e:da:7a:a9:6a:2d:20:
         1d:b7:76:3b:0d:3e:87:1f:98:89:22:a9:d4:cc:ba:a5:8a:c9:
         e2:50:c3:e0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUeibsF/TnGAW1nKMRbRNnn0yZ5ggwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA2MTExMTM4NThaFw0yNjA2MTAxMTQzNThaMDMxMTAvBgNV
BAMTKEIwRjRDRDdBODRDRTdERkZFMTUxNDU4OTc3MzUxNUNFQjNBQTQ4NjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbAxrk1j/ODcVIjIx5kwN4G8Yo
gFw38if7CYk3lrOPZT0rfO1odtFggy5ppI1sYeNz0mcpsXbYzaVAshfpKU7u1koo
3uCrMD39WvLVFbbLp9giv8bUznadSg50qgHJmEVwh5jnr8hAGoCs/uKJxDrtw/kT
Ykzz+vb1nM0XwvgAH4k5/LYZimxzbl/HdY3Q3eyge+cfHretIgER7sjxUuVHor4k
vEzQkZ5Ad2Z8LgZnSNmXdfnmo5pr7q1fYQ8WhUsUZRKUhljIy89hz+33rt+CIrBW
HWDR6wtKDwNntlXBsuxBEPq0m479TOyBIyNm9Qd7oAkFoNY3T4N4LO6bYrX9AgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUsPTNeoTOff/hUUWJdzUVzrOqSGEwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjEyMjM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjQuk
AwQAjQu1AwQAwjxdMA0GCSqGSIb3DQEBCwUAA4IBAQAo3crM+d7aPPI9lJlFstF6
5tl+wcd+r58LlpQOlnmKcys8mrIi3r/9lv6+a3T2K4nIjkYWePCcthxNSt6KCzQU
FneAUMa6MuqgI2TMRGmzMKteoyjpybAT0p23Gv1WEzWxOKB5VLQuR/HDzwgjutep
XWCoW4KQmHEz8FRgstFRVrbcD9xmfma01xZvyUxKYE9kBBa9Ve5ZIOZjTnnbx0Gr
vq5ry4AntW+MB0OIv25CVkNTep/E57HuMcItH8gldaqGKohZj4jcEyZ3h2DGd+vg
jFwxctFgXglxqoiXYvkCiuiJfV7aeqlqLSAdt3Y7DT6HH5iJIqnUzLqlisniUMPg
-----END CERTIFICATE-----