Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS216183.roa
File:                     AS216183.roa (raw, json)
Hash identifier:          cCeG1kAQ7bJTmC7OQi18gbp20DRyjwmWxeDecS4KWiU=
Subject key identifier:   2B:6A:B2:3F:6E:7A:B5:A8:9A:8F:3E:CF:77:D4:05:B4:CD:3B:3A:6A
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       38FB92A21E3D0A89B120C4B2FDB46FD65E989FFF
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS216183.roa
Signing time:             Mon 16 Feb 2026 14:55:38 +0000
ROA not before:           Mon 16 Feb 2026 14:50:38 +0000
ROA not after:            Mon 15 Feb 2027 14:55:38 +0000
asID:                     216183
IP address blocks:        141.11.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:fb:92:a2:1e:3d:0a:89:b1:20:c4:b2:fd:b4:6f:d6:5e:98:9f:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Feb 16 14:50:38 2026 GMT
            Not After : Feb 15 14:55:38 2027 GMT
        Subject: CN=2B6AB23F6E7AB5A89A8F3ECF77D405B4CD3B3A6A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:8b:13:96:ff:b8:28:19:f4:e4:bb:34:6c:b7:
                    10:d8:41:83:d1:ed:68:88:73:29:c6:6b:16:32:df:
                    f2:45:5d:49:14:49:08:39:e8:c5:36:a4:00:e1:f3:
                    6c:73:1d:1f:8e:80:0d:7e:7d:84:2a:a0:82:88:9c:
                    78:13:6c:67:1e:2b:b4:71:2a:7e:7c:33:e8:f0:79:
                    af:f8:2e:fa:0f:b6:c0:00:a7:b2:41:b7:b6:21:bf:
                    bf:60:10:10:db:bb:e0:27:8a:bb:10:ea:95:54:e3:
                    d4:d2:aa:0c:a0:46:f2:df:52:d1:8b:24:86:52:9a:
                    25:c9:41:6d:d0:c8:47:3b:79:27:90:c0:d7:c8:a8:
                    c7:57:0b:2e:73:19:85:c1:4d:37:76:a6:6a:1e:c2:
                    0d:0d:63:c3:95:b0:99:c5:59:69:4a:4c:69:5b:b4:
                    42:99:9a:d0:5c:9a:16:6e:78:cf:de:d8:29:13:6a:
                    4d:1e:ff:19:35:0c:10:61:00:76:cb:dc:62:a8:d3:
                    de:99:3b:93:f3:00:50:6c:7a:b5:b3:1b:69:e5:b2:
                    5a:af:5e:88:26:37:52:4b:13:af:45:e8:19:cf:3a:
                    c8:f9:59:12:32:20:26:5a:a0:56:60:d5:fe:d8:b9:
                    99:8c:75:a0:9c:bc:2d:3b:7a:d8:e2:10:cf:04:47:
                    52:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:6A:B2:3F:6E:7A:B5:A8:9A:8F:3E:CF:77:D4:05:B4:CD:3B:3A:6A
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS216183.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:59:97:b5:aa:79:16:2f:9c:b6:25:57:2f:fe:4b:3d:34:60:
         90:b3:dc:0c:b7:7d:d4:2e:39:d8:92:14:9a:0a:a2:24:9f:07:
         ef:34:54:fe:b2:cf:30:9c:0c:3f:0f:d6:2e:13:86:07:b7:70:
         ca:c5:ec:f4:61:b1:92:1c:c7:66:d2:63:c0:8d:e7:89:70:84:
         1b:0a:75:95:18:40:c9:9c:af:aa:c8:f5:39:81:31:71:95:2f:
         24:17:42:fb:ea:30:d0:8b:2d:bb:0c:ae:08:2a:f3:76:ac:a6:
         5c:2d:b1:87:28:7a:c5:0a:0f:b1:31:99:29:0e:42:3e:f1:83:
         79:ca:6c:67:21:20:c4:0c:6d:e9:4f:77:6a:db:95:e4:5a:e0:
         c3:10:42:d8:dc:f2:3e:28:47:62:7a:e1:db:f5:7f:1a:06:50:
         d1:5f:90:9f:97:7b:21:9f:88:83:33:c0:8c:8a:77:75:d7:67:
         c8:b8:31:dd:03:06:9a:94:ab:24:f2:79:e9:6a:0d:a7:dd:6f:
         d8:5c:dd:af:d7:1e:60:3a:22:96:c6:9f:4c:01:6f:ed:c7:85:
         b6:0d:cc:cf:5f:8f:da:aa:80:70:91:b2:c0:cb:73:36:34:e7:
         2f:65:5a:62:d6:10:78:c2:82:98:ab:b2:95:28:db:3e:98:23:
         f2:43:8c:a7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUOPuSoh49ComxIMSy/bRv1l6Yn/8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjAyMTYxNDUwMzhaFw0yNzAyMTUxNDU1MzhaMDMxMTAvBgNV
BAMTKDJCNkFCMjNGNkU3QUI1QTg5QThGM0VDRjc3RDQwNUI0Q0QzQjNBNkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGixOW/7goGfTkuzRstxDYQYPR
7WiIcynGaxYy3/JFXUkUSQg56MU2pADh82xzHR+OgA1+fYQqoIKInHgTbGceK7Rx
Kn58M+jwea/4LvoPtsAAp7JBt7Yhv79gEBDbu+AnirsQ6pVU49TSqgygRvLfUtGL
JIZSmiXJQW3QyEc7eSeQwNfIqMdXCy5zGYXBTTd2pmoewg0NY8OVsJnFWWlKTGlb
tEKZmtBcmhZueM/e2CkTak0e/xk1DBBhAHbL3GKo096ZO5PzAFBserWzG2nlslqv
XogmN1JLE69F6BnPOsj5WRIyICZaoFZg1f7YuZmMdaCcvC07etjiEM8ER1KDAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUK2qyP256taiajz7Pd9QFtM07OmowHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE2MTgzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQt/
MA0GCSqGSIb3DQEBCwUAA4IBAQBsWZe1qnkWL5y2JVcv/ks9NGCQs9wMt33ULjnY
khSaCqIknwfvNFT+ss8wnAw/D9YuE4YHt3DKxez0YbGSHMdm0mPAjeeJcIQbCnWV
GEDJnK+qyPU5gTFxlS8kF0L76jDQiy27DK4IKvN2rKZcLbGHKHrFCg+xMZkpDkI+
8YN5ymxnISDEDG3pT3dq25XkWuDDEELY3PI+KEdieuHb9X8aBlDRX5Cfl3shn4iD
M8CMind112fIuDHdAwaalKsk8nnpag2n3W/YXN2v1x5gOiKWxp9MAW/tx4W2DczP
X4/aqoBwkbLAy3M2NOcvZVpi1hB4woKYq7KVKNs+mCPyQ4yn
-----END CERTIFICATE-----