Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS212337.roa
File:                     AS212337.roa (raw, json)
Hash identifier:          sdEn9O1LtE1FqTbzoh//MMg84GAMlI15hwIEw5E+yts=
Subject key identifier:   F3:46:C6:8C:13:54:A8:6F:5F:F6:8D:36:06:A8:F7:87:18:11:72:0B
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       7C0989F3719EE4CAAE65B839EAEBA24E128D124A
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS212337.roa
Signing time:             Wed 09 Jul 2025 12:05:13 +0000
ROA not before:           Wed 09 Jul 2025 12:00:13 +0000
ROA not after:            Wed 08 Jul 2026 12:05:13 +0000
asID:                     212337
IP address blocks:        155.117.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 13:47:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:09:89:f3:71:9e:e4:ca:ae:65:b8:39:ea:eb:a2:4e:12:8d:12:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul  9 12:00:13 2025 GMT
            Not After : Jul  8 12:05:13 2026 GMT
        Subject: CN=F346C68C1354A86F5FF68D3606A8F7871811720B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:1e:0b:70:cc:82:50:a7:30:20:9d:ee:21:0c:
                    67:3a:41:d8:3e:66:9e:e1:26:b8:c2:02:41:35:3a:
                    77:5d:47:ac:04:82:06:23:2c:38:c0:67:63:9a:63:
                    6c:a7:9c:45:0f:c7:9f:91:67:49:76:10:06:1f:e2:
                    48:96:5a:06:68:a0:f2:fa:d5:3c:59:c3:8a:d0:3e:
                    f7:8c:e1:f2:a1:96:2a:6b:66:b8:68:35:9e:0b:48:
                    95:e4:5c:74:22:fa:94:b7:1a:89:e9:78:6c:47:99:
                    5f:da:61:f6:26:b7:b7:63:18:8d:9b:6f:46:23:a4:
                    72:1f:14:0c:ea:8a:56:a4:56:34:07:af:cf:0a:65:
                    63:2f:d1:f9:a1:a8:42:a9:4c:e9:f1:a5:f4:fc:4b:
                    3e:f9:55:b6:e8:90:ea:73:0c:ed:b3:a7:6b:b8:79:
                    cb:ec:91:10:50:e1:38:71:97:cc:c1:7e:17:7a:51:
                    bb:d4:6f:3d:3b:d4:7c:0e:d9:af:52:b6:b9:45:93:
                    57:3a:55:50:42:8b:2b:c9:0c:d9:0e:86:7f:18:5f:
                    a4:46:88:8f:42:05:11:1c:ee:b3:5a:87:60:54:71:
                    20:b0:4b:5f:0c:e8:ed:7b:87:8c:ff:f2:65:da:7f:
                    8e:21:77:96:03:f6:36:e5:8d:7a:c6:e6:22:34:b3:
                    f0:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:46:C6:8C:13:54:A8:6F:5F:F6:8D:36:06:A8:F7:87:18:11:72:0B
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS212337.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:11:95:32:a4:ae:ed:b0:e2:38:b4:5c:67:2d:07:84:9f:ca:
         12:c4:3e:8c:88:69:c4:9e:00:b4:60:1d:b1:a3:e8:b7:ec:02:
         d8:d9:4d:8e:95:5f:b9:79:d9:9f:bb:03:2c:c8:f7:93:3d:40:
         82:a7:43:a0:66:04:b2:66:ea:d1:32:40:f5:c1:b2:2e:17:e6:
         fc:ee:1e:95:c6:ad:0d:70:83:03:93:3a:07:00:64:f7:f9:ac:
         44:a1:eb:f5:f9:99:25:87:fc:47:d6:25:03:08:52:5c:bf:86:
         2c:64:00:06:04:07:b6:bd:cf:82:f8:b4:61:2c:0c:0c:2a:4c:
         60:8e:2f:08:8b:f7:fa:5e:dc:73:31:21:58:c4:42:e6:7a:26:
         a6:68:07:49:87:c2:e7:ea:1c:63:83:6a:c8:3d:5b:fe:2d:2b:
         4e:27:97:17:c2:6b:d9:9e:5f:5b:d7:aa:ed:39:e0:05:fe:49:
         46:4d:e2:70:df:c9:c3:2c:ee:bb:22:2d:57:d0:e8:cb:a8:29:
         29:dc:3f:13:c0:76:95:41:b8:67:ad:2d:85:dd:0e:a8:47:07:
         92:f2:8b:68:de:f4:00:66:b9:8b:dd:2b:7c:31:4f:c7:12:8f:
         b7:b3:48:17:3e:9d:a3:48:ed:9d:c1:e4:67:ce:1b:a9:8b:c4:
         9f:23:21:99
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUfAmJ83Ge5MquZbg56uuiThKNEkowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA3MDkxMjAwMTNaFw0yNjA3MDgxMjA1MTNaMDMxMTAvBgNV
BAMTKEYzNDZDNjhDMTM1NEE4NkY1RkY2OEQzNjA2QThGNzg3MTgxMTcyMEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBHgtwzIJQpzAgne4hDGc6Qdg+
Zp7hJrjCAkE1OnddR6wEggYjLDjAZ2OaY2ynnEUPx5+RZ0l2EAYf4kiWWgZooPL6
1TxZw4rQPveM4fKhliprZrhoNZ4LSJXkXHQi+pS3GonpeGxHmV/aYfYmt7djGI2b
b0YjpHIfFAzqilakVjQHr88KZWMv0fmhqEKpTOnxpfT8Sz75VbbokOpzDO2zp2u4
ecvskRBQ4Thxl8zBfhd6UbvUbz071HwO2a9StrlFk1c6VVBCiyvJDNkOhn8YX6RG
iI9CBREc7rNah2BUcSCwS18M6O17h4z/8mXaf44hd5YD9jbljXrG5iI0s/CNAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU80bGjBNUqG9f9o02Bqj3hxgRcgswHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjEyMzM3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAm3Uk
MA0GCSqGSIb3DQEBCwUAA4IBAQATEZUypK7tsOI4tFxnLQeEn8oSxD6MiGnEngC0
YB2xo+i37ALY2U2OlV+5edmfuwMsyPeTPUCCp0OgZgSyZurRMkD1wbIuF+b87h6V
xq0NcIMDkzoHAGT3+axEoev1+Zklh/xH1iUDCFJcv4YsZAAGBAe2vc+C+LRhLAwM
Kkxgji8Ii/f6XtxzMSFYxELmeiamaAdJh8Ln6hxjg2rIPVv+LStOJ5cXwmvZnl9b
16rtOeAF/klGTeJw38nDLO67Ii1X0OjLqCkp3D8TwHaVQbhnrS2F3Q6oRweS8oto
3vQAZrmL3St8MU/HEo+3s0gXPp2jSO2dweRnzhupi8SfIyGZ
-----END CERTIFICATE-----