Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS212890.roa
File:                     AS212890.roa (raw, json)
Hash identifier:          eBhFDGJEqfhxRCE8IJxZ5GDVsLEtpfrx1Rftj3WeCvg=
Subject key identifier:   C7:35:19:E5:1B:D7:92:ED:8F:9F:43:05:A2:D7:07:7B:75:9F:72:3F
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       5274AD0BC5AC3BB8A5448CFEEFF557CE06116E59
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS212890.roa
Signing time:             Sun 24 May 2026 09:07:38 +0000
ROA not before:           Sun 24 May 2026 09:02:38 +0000
ROA not after:            Sun 23 May 2027 09:07:38 +0000
asID:                     212890
IP address blocks:        95.135.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:74:ad:0b:c5:ac:3b:b8:a5:44:8c:fe:ef:f5:57:ce:06:11:6e:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: May 24 09:02:38 2026 GMT
            Not After : May 23 09:07:38 2027 GMT
        Subject: CN=C73519E51BD792ED8F9F4305A2D7077B759F723F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:2c:7a:99:bc:f0:1a:aa:9c:f6:31:1a:2c:12:
                    98:41:a5:7a:a2:8e:86:53:af:b7:ce:45:73:2e:19:
                    c9:5f:84:88:ff:e8:86:42:9f:48:a8:a0:34:f0:42:
                    f8:2d:42:14:2f:2b:66:b2:ee:74:b2:7d:bf:a5:d4:
                    2e:cd:0a:b8:58:1e:e1:e4:4f:73:0e:dd:85:a6:f4:
                    fe:4f:e6:66:6e:2f:6e:b4:db:db:01:3a:08:7a:db:
                    47:4c:41:94:fd:d8:1b:18:a9:8a:2a:93:e2:a0:7b:
                    06:63:a0:24:de:cc:8d:6e:d1:10:f1:96:59:b1:88:
                    02:53:c1:04:46:c8:ad:5d:37:b0:59:ab:e4:34:9f:
                    2b:b0:fa:63:41:cf:32:0c:d7:6b:99:56:f4:9b:19:
                    6f:e3:b2:7b:b2:65:0b:6a:1f:6f:d0:11:6a:c0:dc:
                    3f:b4:1d:84:2b:7c:f5:fd:e0:cb:f7:66:df:98:8b:
                    c7:66:df:40:61:19:35:6a:bc:c1:e1:99:b5:b4:50:
                    94:db:e6:51:c7:f3:64:39:7a:c9:5d:78:49:71:43:
                    8d:12:27:a3:aa:96:be:d0:a8:1b:9a:53:ae:43:38:
                    af:79:99:01:f1:ec:25:a1:00:b7:e2:0e:77:bd:cb:
                    bc:7b:59:43:a8:82:dd:e1:dc:b4:aa:d7:a7:93:1a:
                    0a:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:35:19:E5:1B:D7:92:ED:8F:9F:43:05:A2:D7:07:7B:75:9F:72:3F
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS212890.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.135.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:c4:12:69:4c:f8:e3:5a:2b:53:0e:da:04:16:55:3d:d9:a6:
         cb:18:33:7c:8d:62:bb:59:36:70:5b:64:b2:6c:71:67:89:24:
         b2:f9:11:c1:3b:c1:29:dd:be:9c:ad:73:91:20:32:fb:ca:b7:
         c4:55:07:d0:1a:0b:a6:20:24:c5:4d:5c:ce:97:80:cf:67:d7:
         28:2d:7e:3c:66:f3:1e:2e:cc:80:34:8e:68:21:11:4c:80:e9:
         39:c2:ad:b4:69:b1:34:a3:e1:93:46:15:17:2c:ca:8d:21:ef:
         f4:2d:77:b2:f7:d3:74:26:95:dc:dc:b9:9f:1e:34:7e:f9:6a:
         75:df:25:53:4e:94:f4:10:b7:99:ce:df:4c:e8:71:18:8e:97:
         d6:fb:e8:b7:a5:95:dc:ee:33:1b:95:03:a3:83:e9:51:5c:4e:
         24:e9:80:d5:66:c6:ee:13:4f:29:01:b1:ab:e0:6e:e5:b3:ed:
         57:25:42:74:87:13:ef:0d:08:a3:6a:c5:7d:08:f4:b5:0c:5e:
         5c:6e:51:e5:3c:12:d1:ea:41:b9:6e:e5:22:11:c8:1d:38:88:
         7f:20:b7:d5:bf:d1:8e:18:c9:d1:f8:69:ab:1a:02:ee:c0:7a:
         7d:77:43:6d:ad:ce:98:e6:53:3f:cc:04:4a:48:cf:bc:d9:9f:
         78:1b:a8:d2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUUnStC8WsO7ilRIz+7/VXzgYRblkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA1MjQwOTAyMzhaFw0yNzA1MjMwOTA3MzhaMDMxMTAvBgNV
BAMTKEM3MzUxOUU1MUJENzkyRUQ4RjlGNDMwNUEyRDcwNzdCNzU5RjcyM0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFLHqZvPAaqpz2MRosEphBpXqi
joZTr7fORXMuGclfhIj/6IZCn0iooDTwQvgtQhQvK2ay7nSyfb+l1C7NCrhYHuHk
T3MO3YWm9P5P5mZuL26029sBOgh620dMQZT92BsYqYoqk+KgewZjoCTezI1u0RDx
llmxiAJTwQRGyK1dN7BZq+Q0nyuw+mNBzzIM12uZVvSbGW/jsnuyZQtqH2/QEWrA
3D+0HYQrfPX94Mv3Zt+Yi8dm30BhGTVqvMHhmbW0UJTb5lHH82Q5esldeElxQ40S
J6Oqlr7QqBuaU65DOK95mQHx7CWhALfiDne9y7x7WUOogt3h3LSq16eTGgqBAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUxzUZ5RvXku2Pn0MFotcHe3Wfcj8wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjEyODkwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4fe
MA0GCSqGSIb3DQEBCwUAA4IBAQCmxBJpTPjjWitTDtoEFlU92abLGDN8jWK7WTZw
W2SybHFniSSy+RHBO8Ep3b6crXORIDL7yrfEVQfQGgumICTFTVzOl4DPZ9coLX48
ZvMeLsyANI5oIRFMgOk5wq20abE0o+GTRhUXLMqNIe/0LXey99N0JpXc3LmfHjR+
+Wp13yVTTpT0ELeZzt9M6HEYjpfW++i3pZXc7jMblQOjg+lRXE4k6YDVZsbuE08p
AbGr4G7ls+1XJUJ0hxPvDQijasV9CPS1DF5cblHlPBLR6kG5buUiEcgdOIh/ILfV
v9GOGMnR+GmrGgLuwHp9d0Ntrc6Y5lM/zARKSM+82Z94G6jS
-----END CERTIFICATE-----