Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS212238.roa
File:                     AS212238.roa (raw, json)
Hash identifier:          wkuGXeZfP0yH2I4+YA4tSWJoZr6fvsCbmyjpy6URwP8=
Subject key identifier:   D9:75:56:8A:C7:AF:9F:4D:12:59:FB:3E:44:A3:B7:44:95:8B:10:2C
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       473F197D876C40445BEE3F84805AD59B6D241BA9
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS212238.roa
Signing time:             Tue 09 Jun 2026 15:03:36 +0000
ROA not before:           Tue 09 Jun 2026 14:58:36 +0000
ROA not after:            Tue 08 Jun 2027 15:03:36 +0000
asID:                     212238
IP address blocks:        143.20.160.0/24 maxlen: 24
                          143.20.165.0/24 maxlen: 24
                          143.20.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 00:39:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:3f:19:7d:87:6c:40:44:5b:ee:3f:84:80:5a:d5:9b:6d:24:1b:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  9 14:58:36 2026 GMT
            Not After : Jun  8 15:03:36 2027 GMT
        Subject: CN=D975568AC7AF9F4D1259FB3E44A3B744958B102C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:34:6e:01:59:d8:ff:ad:e9:0c:77:b0:b5:35:
                    ce:8d:d0:3d:06:f2:30:05:11:12:bf:d3:32:03:32:
                    ed:bd:80:17:d1:9f:74:2d:75:4e:e6:11:8c:e5:01:
                    1d:28:9e:ff:fb:36:5f:1e:1c:90:b2:49:e2:5f:e2:
                    69:eb:25:5d:45:fc:a7:1e:a3:06:b8:2d:26:39:eb:
                    4b:08:b8:0b:aa:dc:48:40:6d:cf:32:67:a9:39:74:
                    7a:c6:c4:83:06:a1:75:27:10:99:75:6e:83:8f:8d:
                    5b:8a:37:08:67:f3:fb:dc:bd:5d:57:25:2a:79:0b:
                    7b:2f:90:91:06:a3:34:cf:77:26:db:fd:69:78:44:
                    27:8a:c7:65:91:cd:a1:c7:42:61:91:3a:da:8a:7f:
                    28:08:b7:0a:39:81:96:3b:69:a0:87:15:63:92:fa:
                    4d:63:cb:ae:7a:34:20:d7:86:01:61:1b:32:48:b6:
                    12:be:32:7a:1d:01:2e:3b:73:78:77:83:c5:88:49:
                    ca:9b:b5:d3:68:64:5a:93:9b:9c:5a:91:c1:13:b3:
                    f1:31:87:9a:0b:e0:88:f8:ba:b7:c6:14:a7:3e:87:
                    0b:65:59:08:f9:c5:65:e3:1b:17:71:2f:73:c5:27:
                    ed:4c:71:72:44:b8:4d:ab:d1:b9:ad:f3:4d:2e:36:
                    ff:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:75:56:8A:C7:AF:9F:4D:12:59:FB:3E:44:A3:B7:44:95:8B:10:2C
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS212238.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.160.0/24
                  143.20.165.0/24
                  143.20.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:e6:9b:66:95:5c:ab:e5:b4:c9:fb:cb:ae:0f:fe:f5:ad:7a:
         d6:06:88:f3:ed:e6:22:f7:43:95:cf:83:bc:e7:eb:4e:91:49:
         40:03:eb:7f:07:5d:3c:b0:8f:c1:25:19:2a:e1:a1:0d:3c:84:
         97:13:84:e5:66:32:e8:2b:9a:81:fd:38:72:64:21:bb:04:ba:
         cc:47:f4:5d:48:d6:a4:a9:fe:3d:57:b8:7e:44:af:e0:96:54:
         b0:ff:61:dd:5c:80:2b:59:ee:8f:05:d2:c0:be:21:05:7a:0d:
         c0:f9:d3:e0:6c:0e:26:30:cd:c7:bd:7b:15:a9:69:69:ce:88:
         47:69:2c:98:f8:b0:9f:47:8f:06:7c:d2:b7:46:52:75:02:07:
         e7:ad:a0:1d:bc:ca:7d:f2:07:9c:49:1a:57:88:79:98:38:67:
         dd:d8:37:28:75:fd:b9:ad:d4:04:25:66:d9:53:80:ab:9e:6b:
         36:9c:7f:4b:9e:aa:76:06:3d:af:81:8c:10:7f:18:77:7c:b9:
         18:7b:49:44:07:be:bb:e8:14:21:3e:0b:8f:f0:71:18:54:74:
         0d:3f:cd:35:3a:68:10:d7:5c:cf:ef:63:8e:e2:1d:8e:83:6f:
         fa:e2:f2:06:54:24:c0:46:7c:1b:b8:47:ee:f7:ad:a4:9b:5d:
         84:e2:2d:6d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIURz8ZfYdsQERb7j+EgFrVm20kG6kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjA2MDkxNDU4MzZaFw0yNzA2MDgxNTAzMzZaMDMxMTAvBgNV
BAMTKEQ5NzU1NjhBQzdBRjlGNEQxMjU5RkIzRTQ0QTNCNzQ0OTU4QjEwMkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeNG4BWdj/rekMd7C1Nc6N0D0G
8jAFERK/0zIDMu29gBfRn3QtdU7mEYzlAR0onv/7Nl8eHJCySeJf4mnrJV1F/Kce
owa4LSY560sIuAuq3EhAbc8yZ6k5dHrGxIMGoXUnEJl1boOPjVuKNwhn8/vcvV1X
JSp5C3svkJEGozTPdybb/Wl4RCeKx2WRzaHHQmGROtqKfygItwo5gZY7aaCHFWOS
+k1jy656NCDXhgFhGzJIthK+MnodAS47c3h3g8WIScqbtdNoZFqTm5xakcETs/Ex
h5oL4Ij4urfGFKc+hwtlWQj5xWXjGxdxL3PFJ+1McXJEuE2r0bmt800uNv/5AgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQU2XVWisevn00SWfs+RKO3RJWLECwwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjEyMjM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjxSg
AwQAjxSlAwQAjxT1MA0GCSqGSIb3DQEBCwUAA4IBAQBZ5ptmlVyr5bTJ+8uuD/71
rXrWBojz7eYi90OVz4O85+tOkUlAA+t/B108sI/BJRkq4aENPISXE4TlZjLoK5qB
/ThyZCG7BLrMR/RdSNakqf49V7h+RK/gllSw/2HdXIArWe6PBdLAviEFeg3A+dPg
bA4mMM3HvXsVqWlpzohHaSyY+LCfR48GfNK3RlJ1AgfnraAdvMp98gecSRpXiHmY
OGfd2Dcodf25rdQEJWbZU4Crnms2nH9Lnqp2Bj2vgYwQfxh3fLkYe0lEB7676BQh
PguP8HEYVHQNP801OmgQ11zP72OO4h2Og2/64vIGVCTARnwbuEfu962km12E4i1t
-----END CERTIFICATE-----