Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS212238.roa
File:                     AS212238.roa (raw, json)
Hash identifier:          m6GL1x+EBQUn55DA1nBWK4+shIQaDXNgWWP0SmNZWfw=
Subject key identifier:   BD:17:6E:EC:9D:F1:24:31:08:AD:23:70:BD:EE:C8:3B:F2:A1:FD:DE
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       2145611C38B79585E27499151EE173D9D4C230EB
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS212238.roa
Signing time:             Mon 28 Jul 2025 07:38:50 +0000
ROA not before:           Mon 28 Jul 2025 07:33:50 +0000
ROA not after:            Mon 27 Jul 2026 07:38:50 +0000
asID:                     212238
IP address blocks:        141.11.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 01:12:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:45:61:1c:38:b7:95:85:e2:74:99:15:1e:e1:73:d9:d4:c2:30:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jul 28 07:33:50 2025 GMT
            Not After : Jul 27 07:38:50 2026 GMT
        Subject: CN=BD176EEC9DF1243108AD2370BDEEC83BF2A1FDDE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:c3:01:f5:f0:16:da:39:da:9a:26:3e:f3:3e:
                    a8:cc:a4:d9:12:43:d8:e3:87:c8:b2:66:e8:a6:bd:
                    90:5c:c1:6e:39:15:bd:18:05:e6:53:6e:da:33:ad:
                    ba:12:9e:f7:5b:af:a7:48:fe:df:12:04:d7:d5:81:
                    0c:ef:c6:5c:e8:60:31:eb:9b:dc:49:0e:d9:0d:c5:
                    9a:ab:4c:d9:8f:54:72:69:cf:f8:fc:30:b2:6d:69:
                    87:c4:ad:73:1a:1a:af:f1:41:1c:61:4e:d5:5b:c8:
                    37:ce:92:d3:73:5c:d4:c4:17:f7:80:48:17:a2:3e:
                    44:f0:4b:42:59:cb:af:15:ca:dd:36:29:41:2a:12:
                    1f:e0:cf:c2:d1:a7:71:08:d3:6a:b4:f4:b1:30:88:
                    34:23:bf:e7:50:8d:e4:df:eb:27:87:85:bb:b3:eb:
                    74:3f:51:fc:f3:45:2a:99:f4:0a:e3:09:c7:5d:d4:
                    bd:64:31:a1:99:eb:42:8f:b9:e8:c9:a9:00:f0:4a:
                    ab:e6:0f:e4:eb:94:74:32:07:ff:6f:0c:cd:3a:db:
                    b6:23:9c:d8:cb:ca:d1:cd:e7:a8:a5:e2:b0:01:eb:
                    0e:33:30:26:96:bb:be:d7:00:2b:11:5d:33:e6:dd:
                    d0:9d:6a:cf:b5:66:19:59:82:01:44:2e:4a:61:c3:
                    81:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:17:6E:EC:9D:F1:24:31:08:AD:23:70:BD:EE:C8:3B:F2:A1:FD:DE
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS212238.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:29:ae:f0:bc:24:66:35:a8:13:e6:59:59:9e:4d:c0:85:25:
         68:ee:13:5d:69:00:64:81:b8:02:c0:f0:48:08:d4:16:95:7c:
         bd:d4:86:6e:28:7a:0c:ea:cd:c3:4f:b3:09:af:b7:0d:0f:ff:
         dc:2b:48:fc:38:36:ed:8b:36:1d:ba:73:f8:1e:b9:40:d2:30:
         71:f5:6d:87:f2:5a:d5:07:34:72:80:2e:ca:fb:76:20:4d:7f:
         89:b3:e6:34:91:b0:f3:87:29:c3:83:45:f7:2b:91:32:81:94:
         a4:60:f6:47:38:4e:b3:3f:c7:c5:35:a6:a3:75:a1:b0:49:61:
         13:4a:3b:05:82:eb:22:8e:2a:a3:0e:89:b6:6c:fc:10:1f:db:
         49:dc:e5:6c:0e:27:35:61:2c:a6:b7:c1:f3:f2:70:0d:4c:46:
         49:98:37:de:19:d8:ce:56:45:69:bb:65:dd:7f:a9:cc:ff:3f:
         ca:44:c2:c4:0c:5f:86:de:64:6c:25:49:19:71:67:1d:d0:06:
         d1:bf:62:4a:8c:97:75:ed:7b:c7:79:f9:8e:26:3e:f9:cc:17:
         72:49:a9:bd:3a:5f:36:66:73:94:57:30:91:5e:07:f3:88:0f:
         f8:fe:08:21:65:5e:94:ce:eb:d1:d4:70:08:33:4f:db:fb:58:
         f6:a2:0f:2a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUIUVhHDi3lYXidJkVHuFz2dTCMOswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA3MjgwNzMzNTBaFw0yNjA3MjcwNzM4NTBaMDMxMTAvBgNV
BAMTKEJEMTc2RUVDOURGMTI0MzEwOEFEMjM3MEJERUVDODNCRjJBMUZEREUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4wwH18BbaOdqaJj7zPqjMpNkS
Q9jjh8iyZuimvZBcwW45Fb0YBeZTbtozrboSnvdbr6dI/t8SBNfVgQzvxlzoYDHr
m9xJDtkNxZqrTNmPVHJpz/j8MLJtaYfErXMaGq/xQRxhTtVbyDfOktNzXNTEF/eA
SBeiPkTwS0JZy68Vyt02KUEqEh/gz8LRp3EI02q09LEwiDQjv+dQjeTf6yeHhbuz
63Q/UfzzRSqZ9ArjCcdd1L1kMaGZ60KPuejJqQDwSqvmD+TrlHQyB/9vDM0627Yj
nNjLytHN56il4rAB6w4zMCaWu77XACsRXTPm3dCdas+1ZhlZggFELkphw4GNAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUvRdu7J3xJDEIrSNwve7IO/Kh/d4wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjEyMjM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQuk
MA0GCSqGSIb3DQEBCwUAA4IBAQBCKa7wvCRmNagT5llZnk3AhSVo7hNdaQBkgbgC
wPBICNQWlXy91IZuKHoM6s3DT7MJr7cND//cK0j8ODbtizYdunP4HrlA0jBx9W2H
8lrVBzRygC7K+3YgTX+Js+Y0kbDzhynDg0X3K5EygZSkYPZHOE6zP8fFNaajdaGw
SWETSjsFgusijiqjDom2bPwQH9tJ3OVsDic1YSymt8Hz8nANTEZJmDfeGdjOVkVp
u2Xdf6nM/z/KRMLEDF+G3mRsJUkZcWcd0AbRv2JKjJd17XvHefmOJj75zBdySam9
Ol82ZnOUVzCRXgfziA/4/gghZV6UzuvR1HAIM0/b+1j2og8q
-----END CERTIFICATE-----