Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS211440.roa
File:                     AS211440.roa (raw, json)
Hash identifier:          CT0iVC4F7V9kQ0UBDGFvid9CyDx/W/e1uTDMBPmrO7w=
Subject key identifier:   86:4D:6E:41:3A:59:72:E9:FB:E9:16:24:F3:9D:78:80:27:11:A6:B9
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       2AA1087A77DAF049E67F85A901B4E5C4638E330C
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS211440.roa
Signing time:             Thu 26 Feb 2026 14:46:29 +0000
ROA not before:           Thu 26 Feb 2026 14:41:29 +0000
ROA not after:            Thu 25 Feb 2027 14:46:29 +0000
asID:                     211440
IP address blocks:        95.135.171.0/24 maxlen: 24
                          95.135.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 08:09:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:a1:08:7a:77:da:f0:49:e6:7f:85:a9:01:b4:e5:c4:63:8e:33:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Feb 26 14:41:29 2026 GMT
            Not After : Feb 25 14:46:29 2027 GMT
        Subject: CN=864D6E413A5972E9FBE91624F39D78802711A6B9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:b8:3c:c3:33:ab:cc:df:4e:87:fc:cd:81:eb:
                    e1:39:84:cf:af:15:91:a1:d4:39:fa:4e:c6:15:9c:
                    53:75:20:28:f0:59:d1:44:f2:4d:c0:82:10:bb:4b:
                    02:58:b7:88:79:da:c7:5f:a5:b2:3f:ff:2c:a4:b8:
                    63:fe:59:66:a4:57:5e:06:2f:95:64:b7:96:ab:52:
                    2f:82:53:fd:1b:2f:c6:eb:79:d0:1e:86:a9:38:c6:
                    31:5c:1f:ff:ed:99:4d:1c:97:56:e1:d5:9a:da:dc:
                    ad:38:2a:19:63:12:7c:cf:ca:43:81:ae:70:59:53:
                    cc:8b:31:55:f6:eb:4d:a4:0a:06:8a:8f:74:25:32:
                    88:23:51:74:f3:7f:76:e1:f2:ab:60:46:32:20:10:
                    95:fc:91:e1:0c:94:ba:37:db:95:99:ae:f2:44:4a:
                    85:10:39:f9:38:90:fc:0d:5f:03:12:dd:9d:02:84:
                    48:ed:e0:45:f1:9c:87:85:83:bc:8d:21:9a:4f:eb:
                    cf:5c:bd:6e:d4:02:86:fd:ad:1e:38:27:6f:41:10:
                    87:57:04:f1:8d:5d:b5:d9:5a:6a:5b:f2:67:0b:f0:
                    b4:93:37:bf:66:30:9b:2d:c2:4b:e9:45:1e:f9:3f:
                    13:ef:a3:d0:e8:87:fe:7e:90:5f:50:fe:17:c7:96:
                    e4:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:4D:6E:41:3A:59:72:E9:FB:E9:16:24:F3:9D:78:80:27:11:A6:B9
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS211440.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.135.171.0/24
                  95.135.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:7f:70:2b:40:7c:4e:b5:aa:c5:5e:50:9b:07:26:73:de:5b:
         89:eb:82:b9:76:c3:8f:51:f5:08:f7:ed:15:6e:c8:97:5f:be:
         af:40:25:da:fa:5e:1c:b3:cf:c1:02:d8:d9:9f:99:b9:f2:d1:
         41:47:2b:3a:91:73:05:56:64:82:b1:51:9c:c9:dc:f8:b7:41:
         aa:d2:bf:e8:16:bd:71:aa:46:b6:71:30:07:5f:dd:f2:bc:60:
         6d:60:46:d2:69:85:0a:94:ab:60:5b:f2:ba:ba:08:2a:be:0a:
         31:32:13:ab:d4:44:d1:4f:57:72:50:4e:f1:f8:65:a3:9b:49:
         ed:71:03:a6:df:93:b6:ab:f9:fa:a8:88:5e:9b:fd:75:e9:23:
         2d:cb:fb:b8:8e:ea:94:67:57:6d:e1:85:d6:f2:b1:c9:45:d1:
         36:af:46:b4:e2:af:59:e5:05:7a:2e:2c:61:e8:42:96:1e:80:
         a4:40:53:b2:39:19:69:c6:8b:a8:99:1d:a0:cd:71:90:2d:86:
         95:93:f6:a1:12:ae:d0:c7:67:74:12:5d:aa:b1:54:40:39:bc:
         3e:ae:ed:21:1e:6c:35:f4:8c:93:62:c6:d1:fb:5d:8c:78:bb:
         75:0f:31:32:04:bc:84:99:a1:5b:63:8c:59:56:f8:b7:e4:e1:
         b8:9e:7d:6f
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUKqEIenfa8Enmf4WpAbTlxGOOMwwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjAyMjYxNDQxMjlaFw0yNzAyMjUxNDQ2MjlaMDMxMTAvBgNV
BAMTKDg2NEQ2RTQxM0E1OTcyRTlGQkU5MTYyNEYzOUQ3ODgwMjcxMUE2QjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBuDzDM6vM306H/M2B6+E5hM+v
FZGh1Dn6TsYVnFN1ICjwWdFE8k3AghC7SwJYt4h52sdfpbI//yykuGP+WWakV14G
L5Vkt5arUi+CU/0bL8bredAehqk4xjFcH//tmU0cl1bh1Zra3K04KhljEnzPykOB
rnBZU8yLMVX2602kCgaKj3QlMogjUXTzf3bh8qtgRjIgEJX8keEMlLo325WZrvJE
SoUQOfk4kPwNXwMS3Z0ChEjt4EXxnIeFg7yNIZpP689cvW7UAob9rR44J29BEIdX
BPGNXbXZWmpb8mcL8LSTN79mMJstwkvpRR75PxPvo9Doh/5+kF9Q/hfHluRLAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUhk1uQTpZcun76RYk8514gCcRprkwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjExNDQwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAX4er
AwQAX4e+MA0GCSqGSIb3DQEBCwUAA4IBAQAif3ArQHxOtarFXlCbByZz3luJ64K5
dsOPUfUI9+0VbsiXX76vQCXa+l4cs8/BAtjZn5m58tFBRys6kXMFVmSCsVGcydz4
t0Gq0r/oFr1xqka2cTAHX93yvGBtYEbSaYUKlKtgW/K6uggqvgoxMhOr1ETRT1dy
UE7x+GWjm0ntcQOm35O2q/n6qIhem/116SMty/u4juqUZ1dt4YXW8rHJRdE2r0a0
4q9Z5QV6Lixh6EKWHoCkQFOyORlpxouomR2gzXGQLYaVk/ahEq7Qx2d0El2qsVRA
Obw+ru0hHmw19IyTYsbR+12MeLt1DzEyBLyEmaFbY4xZVvi35OG4nn1v
-----END CERTIFICATE-----