Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS212238.roa
File:                     AS212238.roa (raw, json)
Hash identifier:          Ry8Ym2pXx2AzbNNB4WduzD7ryvVSdwtpygmiFXg8vfM=
Subject key identifier:   E8:57:F9:93:AC:75:7F:84:05:F3:F7:ED:B9:D3:28:65:BA:4F:DD:3F
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       77D47EFFD7740AE85682226FAA89F3B27B477737
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS212238.roa
Signing time:             Fri 13 Feb 2026 09:37:18 +0000
ROA not before:           Fri 13 Feb 2026 09:32:18 +0000
ROA not after:            Fri 12 Feb 2027 09:37:18 +0000
asID:                     212238
IP address blocks:        141.11.141.0/24 maxlen: 24
                          141.11.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 04:42:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:d4:7e:ff:d7:74:0a:e8:56:82:22:6f:aa:89:f3:b2:7b:47:77:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Feb 13 09:32:18 2026 GMT
            Not After : Feb 12 09:37:18 2027 GMT
        Subject: CN=E857F993AC757F8405F3F7EDB9D32865BA4FDD3F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:db:87:ef:2b:cf:40:fe:1b:7e:07:c5:47:59:
                    af:bb:36:8e:3c:4c:a2:19:b4:a1:94:03:46:33:ea:
                    99:48:80:6c:2d:e3:fa:35:01:84:4f:82:dc:84:44:
                    3c:87:bc:7b:a4:ac:9b:e5:19:8d:a4:98:1d:07:1d:
                    c7:c4:44:b0:a1:c6:d1:df:a4:18:8f:8e:dd:7b:6b:
                    53:01:74:c1:bb:bf:5a:87:e1:a4:a7:da:8f:23:bf:
                    65:d8:09:f2:aa:cf:42:4b:37:db:fd:bc:cf:58:cd:
                    4a:09:2b:8a:d7:6c:af:84:d8:7e:c7:36:07:68:2a:
                    28:66:44:2b:cc:7e:c6:f2:60:40:81:33:2e:5b:8f:
                    07:bc:51:04:06:3c:c7:cc:d8:f0:42:9f:51:fd:c8:
                    1f:6e:ca:ac:51:53:f0:3f:be:6c:7f:94:4c:26:ae:
                    50:21:a1:fb:35:0e:9d:e1:29:40:6c:ca:9c:47:fe:
                    ba:bf:04:d4:0a:d8:14:64:c4:5c:5a:d5:8a:c3:0a:
                    c0:ed:9f:08:83:46:cd:a6:84:cb:d9:b4:e9:6f:82:
                    6f:0f:94:66:4e:a2:8d:cf:63:d5:21:5a:42:05:51:
                    ec:e8:0c:ca:ee:b2:33:95:e3:3a:5d:12:91:f6:03:
                    af:db:3c:be:f4:b0:ce:a2:44:47:26:d5:a9:b6:60:
                    6e:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:57:F9:93:AC:75:7F:84:05:F3:F7:ED:B9:D3:28:65:BA:4F:DD:3F
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS212238.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.141.0/24
                  141.11.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ca:c9:6d:5d:26:d8:75:f0:96:c3:9b:e3:f8:9e:93:00:e3:c5:
         4b:94:7f:12:71:f4:cd:6a:a9:e4:0a:e8:9e:db:8f:0c:07:d4:
         42:b8:39:95:b9:71:9b:d7:27:88:ab:dc:89:04:bf:61:01:98:
         8a:56:ee:ec:cc:00:d5:ce:4f:2f:e1:25:ad:66:42:c8:89:65:
         dc:27:73:1e:e1:54:a2:30:cb:ac:b0:c7:aa:54:27:af:dd:a7:
         3c:e3:01:74:70:de:f2:44:5f:9b:30:4e:ac:d6:aa:e7:95:56:
         70:bf:5c:57:ae:52:ea:ec:2d:d4:42:7e:3f:a1:93:4d:75:61:
         52:db:66:8d:83:f1:6e:f0:78:41:01:be:a3:45:9b:6f:5f:69:
         3d:4f:84:a5:5e:3e:48:02:10:97:2f:01:06:56:5f:a7:e2:f1:
         f3:f9:ef:84:75:61:74:72:95:75:97:30:16:60:b9:01:72:c6:
         9a:f9:e1:1d:54:48:9a:c1:a7:94:d6:e5:6f:c8:87:7d:05:88:
         9c:8f:d2:9e:ea:fb:ab:35:dd:ca:78:53:9b:37:26:78:e5:c2:
         32:c5:5c:92:a2:f6:b3:83:24:9e:89:9a:b7:52:c6:4d:55:8d:
         cd:ab:1f:62:bc:b8:01:96:d4:63:78:76:b0:86:77:0f:ba:d4:
         af:40:c0:1d
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUd9R+/9d0CuhWgiJvqonzsntHdzcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjAyMTMwOTMyMThaFw0yNzAyMTIwOTM3MThaMDMxMTAvBgNV
BAMTKEU4NTdGOTkzQUM3NTdGODQwNUYzRjdFREI5RDMyODY1QkE0RkREM0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD24fvK89A/ht+B8VHWa+7No48
TKIZtKGUA0Yz6plIgGwt4/o1AYRPgtyERDyHvHukrJvlGY2kmB0HHcfERLChxtHf
pBiPjt17a1MBdMG7v1qH4aSn2o8jv2XYCfKqz0JLN9v9vM9YzUoJK4rXbK+E2H7H
NgdoKihmRCvMfsbyYECBMy5bjwe8UQQGPMfM2PBCn1H9yB9uyqxRU/A/vmx/lEwm
rlAhofs1Dp3hKUBsypxH/rq/BNQK2BRkxFxa1YrDCsDtnwiDRs2mhMvZtOlvgm8P
lGZOoo3PY9UhWkIFUezoDMrusjOV4zpdEpH2A6/bPL70sM6iREcm1am2YG6NAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU6Ff5k6x1f4QF8/ftudMoZbpP3T8wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjEyMjM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjQuN
AwQAjQukMA0GCSqGSIb3DQEBCwUAA4IBAQDKyW1dJth18JbDm+P4npMA48VLlH8S
cfTNaqnkCuie248MB9RCuDmVuXGb1yeIq9yJBL9hAZiKVu7szADVzk8v4SWtZkLI
iWXcJ3Me4VSiMMussMeqVCev3ac84wF0cN7yRF+bME6s1qrnlVZwv1xXrlLq7C3U
Qn4/oZNNdWFS22aNg/Fu8HhBAb6jRZtvX2k9T4SlXj5IAhCXLwEGVl+n4vHz+e+E
dWF0cpV1lzAWYLkBcsaa+eEdVEiawaeU1uVvyId9BYicj9Ke6vurNd3KeFObNyZ4
5cIyxVySovazgySeiZq3UsZNVY3Nqx9ivLgBltRjeHawhncPutSvQMAd
-----END CERTIFICATE-----