Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS216145.roa
File:                     AS216145.roa (raw, json)
Hash identifier:          lv8S+Qt7YKSUvlxdsCYbqXzYu7A8JFCleKR12xAVGlA=
Subject key identifier:   7D:DF:11:60:B5:03:63:43:E1:2A:D8:8C:B3:86:71:68:16:01:A0:46
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       06E3B6CF54D8B781078BA23811132498DFB25831
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS216145.roa
Signing time:             Tue 07 Apr 2026 13:14:16 +0000
ROA not before:           Tue 07 Apr 2026 13:09:16 +0000
ROA not after:            Tue 06 Apr 2027 13:14:16 +0000
asID:                     216145
IP address blocks:        46.203.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:e3:b6:cf:54:d8:b7:81:07:8b:a2:38:11:13:24:98:df:b2:58:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Apr  7 13:09:16 2026 GMT
            Not After : Apr  6 13:14:16 2027 GMT
        Subject: CN=7DDF1160B5036343E12AD88CB38671681601A046
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:e1:49:fc:4d:24:00:03:a8:13:32:f6:9c:41:
                    00:87:ea:96:3d:53:af:b5:be:48:d8:2e:91:88:15:
                    6b:80:df:0a:70:58:d6:36:b2:de:81:03:36:1a:83:
                    3d:18:52:5d:b1:1e:31:14:2a:9c:9f:69:39:db:9e:
                    12:a6:95:a3:ad:62:b2:13:22:39:2b:f2:53:62:1f:
                    d6:64:22:bf:c2:fe:8e:1a:8b:1d:27:cf:c1:68:bd:
                    29:b5:92:f1:71:36:17:92:07:2e:a8:ce:cd:30:fd:
                    ae:a6:3c:2b:86:62:69:8a:c2:7f:6a:f4:d6:ea:63:
                    a9:e7:92:0e:1e:0d:a1:c1:3e:18:02:8f:6f:cb:20:
                    68:e2:2b:7a:d0:78:dc:f8:51:14:46:10:55:e5:ce:
                    eb:94:b4:93:fe:a1:1c:e7:ea:5f:99:1d:e1:5c:f9:
                    df:a1:af:fd:8e:4c:38:e8:88:75:c2:da:ea:6e:67:
                    13:c6:e8:f7:f0:e1:0e:62:79:e5:d0:a3:43:b4:84:
                    f3:09:9b:89:32:be:6d:82:df:14:e0:1f:2c:9c:ce:
                    9f:0e:bf:60:e8:83:32:ce:96:70:da:a7:c6:ae:9c:
                    36:c3:5f:ef:a3:58:a2:06:0e:bd:2f:37:3e:5b:0e:
                    74:ad:47:46:5f:78:ba:94:e1:95:06:a9:08:13:3a:
                    06:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:DF:11:60:B5:03:63:43:E1:2A:D8:8C:B3:86:71:68:16:01:A0:46
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS216145.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.203.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:a9:74:4e:7a:ef:b8:c8:78:7c:14:ba:03:a2:c4:52:db:05:
         de:97:cb:08:6d:0d:88:33:48:c9:75:57:ab:48:1a:8b:b6:36:
         3c:ba:85:b3:18:b7:1a:ca:8b:49:6e:01:91:94:20:a3:b3:fd:
         b9:1d:72:7c:fa:02:48:37:53:cf:33:38:08:36:6e:19:5c:5f:
         6e:f2:b3:1c:71:d8:fd:06:8c:57:00:0b:94:01:69:fa:ff:d8:
         b1:cb:3b:5f:a9:d0:55:3d:e3:5c:bf:d0:e1:01:b7:01:3f:d3:
         bf:3c:4d:73:97:6d:cf:53:80:f8:4b:22:f1:69:c9:0d:4e:0f:
         e3:8f:a9:78:39:3c:22:99:71:e8:c8:6e:de:bc:38:38:84:05:
         d2:f8:7e:5c:f6:2e:38:07:70:6b:52:cc:74:d2:ea:b5:0c:0f:
         a2:44:a9:40:15:d7:d4:d7:3c:1b:f5:7c:90:e3:1d:71:a2:b3:
         77:d8:03:34:3e:d6:55:03:40:27:60:f5:62:3a:99:57:f3:f3:
         ff:88:f9:dd:b9:66:7e:c5:a3:55:62:3a:fc:e7:9a:03:64:6b:
         23:0b:63:6b:8f:61:09:9f:09:11:74:6a:79:0a:59:1a:73:83:
         d4:6b:58:66:f1:5c:98:c0:5b:69:b8:a6:6b:fa:82:43:5e:a3:
         f3:6e:06:f6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUBuO2z1TYt4EHi6I4ERMkmN+yWDEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA0MDcxMzA5MTZaFw0yNzA0MDYxMzE0MTZaMDMxMTAvBgNV
BAMTKDdEREYxMTYwQjUwMzYzNDNFMTJBRDg4Q0IzODY3MTY4MTYwMUEwNDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCq4Un8TSQAA6gTMvacQQCH6pY9
U6+1vkjYLpGIFWuA3wpwWNY2st6BAzYagz0YUl2xHjEUKpyfaTnbnhKmlaOtYrIT
Ijkr8lNiH9ZkIr/C/o4aix0nz8FovSm1kvFxNheSBy6ozs0w/a6mPCuGYmmKwn9q
9NbqY6nnkg4eDaHBPhgCj2/LIGjiK3rQeNz4URRGEFXlzuuUtJP+oRzn6l+ZHeFc
+d+hr/2OTDjoiHXC2upuZxPG6Pfw4Q5ieeXQo0O0hPMJm4kyvm2C3xTgHyyczp8O
v2DogzLOlnDap8aunDbDX++jWKIGDr0vNz5bDnStR0ZfeLqU4ZUGqQgTOgbNAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUfd8RYLUDY0PhKtiMs4ZxaBYBoEYwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE2MTQ1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALstL
MA0GCSqGSIb3DQEBCwUAA4IBAQB6qXROeu+4yHh8FLoDosRS2wXel8sIbQ2IM0jJ
dVerSBqLtjY8uoWzGLcayotJbgGRlCCjs/25HXJ8+gJIN1PPMzgINm4ZXF9u8rMc
cdj9BoxXAAuUAWn6/9ixyztfqdBVPeNcv9DhAbcBP9O/PE1zl23PU4D4SyLxackN
Tg/jj6l4OTwimXHoyG7evDg4hAXS+H5c9i44B3BrUsx00uq1DA+iRKlAFdfU1zwb
9XyQ4x1xorN32AM0PtZVA0AnYPViOplX8/P/iPnduWZ+xaNVYjr855oDZGsjC2Nr
j2EJnwkRdGp5Clkac4PUa1hm8VyYwFtpuKZr+oJDXqPzbgb2
-----END CERTIFICATE-----