Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS211407.roa
File:                     AS211407.roa (raw, json)
Hash identifier:          Lfi6mtrKEbD3TBZWvrlMEOl7C8I+ApBvOMcg84mB1Ac=
Subject key identifier:   B1:B6:CE:C0:95:0C:BC:BC:B1:65:E2:9E:50:ED:BA:A1:3F:65:02:68
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       10CE0ECE535CC90E882599EFFEFC04A5D5131434
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS211407.roa
Signing time:             Thu 28 May 2026 04:18:15 +0000
ROA not before:           Thu 28 May 2026 04:13:15 +0000
ROA not after:            Thu 27 May 2027 04:18:15 +0000
asID:                     211407
IP address blocks:        143.14.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:08:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:ce:0e:ce:53:5c:c9:0e:88:25:99:ef:fe:fc:04:a5:d5:13:14:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 28 04:13:15 2026 GMT
            Not After : May 27 04:18:15 2027 GMT
        Subject: CN=B1B6CEC0950CBCBCB165E29E50EDBAA13F650268
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:e8:bb:6e:e9:1b:dd:56:23:1d:d3:c1:c7:e6:
                    46:73:0a:ab:33:7f:8f:50:33:f2:26:e6:48:8a:99:
                    2a:2b:a0:10:25:eb:11:5e:ad:3f:c7:b9:97:62:00:
                    4c:d1:db:bc:7b:bf:f2:e2:84:7e:5b:06:ab:e1:6e:
                    5c:0a:8f:c0:1c:c1:c9:af:7a:7a:80:5a:58:41:87:
                    b5:0c:01:5c:54:e8:b3:56:e3:70:14:81:eb:a6:5f:
                    be:aa:7f:5b:76:1a:53:07:e1:bf:88:9f:e4:9e:5d:
                    bd:15:cb:88:f4:64:7e:24:17:f7:80:62:77:67:d6:
                    63:6d:71:37:dd:07:81:5a:74:b2:e8:37:85:ba:2a:
                    ba:ee:04:ab:80:34:c3:f8:bc:24:32:0f:c0:d3:68:
                    1b:67:b0:67:6a:cf:cb:e2:82:dd:a2:b0:46:f6:bd:
                    2f:8d:08:f7:ed:d4:01:c9:02:8e:94:32:2e:80:fc:
                    d7:98:6a:f6:f6:b9:6b:51:5d:36:35:3a:82:de:1a:
                    0a:ef:fb:93:24:8d:db:78:ed:fc:72:18:ef:97:ef:
                    ac:dc:e4:20:51:61:fe:63:eb:d0:e3:2b:56:ef:a5:
                    3a:a4:fe:c2:66:c1:cb:dc:3c:0c:f8:8c:f1:8f:f9:
                    b2:4a:4a:fa:0e:27:3b:bd:32:53:21:74:ea:b3:4c:
                    aa:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:B6:CE:C0:95:0C:BC:BC:B1:65:E2:9E:50:ED:BA:A1:3F:65:02:68
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS211407.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:ef:45:4a:4a:88:d2:67:c9:89:03:4b:77:51:d1:28:d1:75:
         06:43:62:0b:26:97:34:bf:5c:d7:26:f1:32:3a:e4:cf:cb:87:
         78:9e:00:69:78:8e:99:d6:b3:37:2d:ae:92:b1:16:fb:0d:4c:
         4d:2a:0a:1d:03:8d:86:cd:89:0f:93:02:2e:25:7d:d7:5e:12:
         35:23:af:2d:46:da:7f:fa:c7:33:9f:c5:b0:1b:0b:f4:e5:b0:
         68:2b:27:12:6f:8a:ea:76:d4:b9:16:ff:21:9a:c3:2f:64:1c:
         ed:fa:c5:e7:a7:60:2d:c9:e5:af:b4:86:f3:7a:5e:f8:57:73:
         39:bc:f0:c5:0e:06:9a:02:dd:d2:44:3c:aa:64:79:c9:d7:a2:
         35:a5:ec:fd:2f:dd:33:fd:16:7f:ea:ae:bc:f3:4b:86:db:25:
         e4:b1:e4:dd:ce:43:24:9c:46:71:ce:b0:e6:7b:26:c8:77:cc:
         1f:00:f2:18:63:42:61:b9:aa:f5:97:bd:e6:d2:a4:e3:40:f4:
         a3:d1:83:92:f3:bc:88:7d:4a:88:ff:b6:90:76:c4:1b:11:b2:
         c0:3f:f3:ca:36:6d:f8:8f:d1:00:99:2d:80:29:4a:28:92:7f:
         af:af:63:a8:1d:eb:71:5a:a2:34:8f:35:de:4a:7a:94:56:9d:
         28:18:94:12
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUEM4OzlNcyQ6IJZnv/vwEpdUTFDQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MjgwNDEzMTVaFw0yNzA1MjcwNDE4MTVaMDMxMTAvBgNV
BAMTKEIxQjZDRUMwOTUwQ0JDQkNCMTY1RTI5RTUwRURCQUExM0Y2NTAyNjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCn6Ltu6RvdViMd08HH5kZzCqsz
f49QM/Im5kiKmSoroBAl6xFerT/HuZdiAEzR27x7v/LihH5bBqvhblwKj8Acwcmv
enqAWlhBh7UMAVxU6LNW43AUgeumX76qf1t2GlMH4b+In+SeXb0Vy4j0ZH4kF/eA
Yndn1mNtcTfdB4FadLLoN4W6KrruBKuANMP4vCQyD8DTaBtnsGdqz8vigt2isEb2
vS+NCPft1AHJAo6UMi6A/NeYavb2uWtRXTY1OoLeGgrv+5Mkjdt47fxyGO+X76zc
5CBRYf5j69DjK1bvpTqk/sJmwcvcPAz4jPGP+bJKSvoOJzu9MlMhdOqzTKp7AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUsbbOwJUMvLyxZeKeUO26oT9lAmgwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjExNDA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjw5v
MA0GCSqGSIb3DQEBCwUAA4IBAQA070VKSojSZ8mJA0t3UdEo0XUGQ2ILJpc0v1zX
JvEyOuTPy4d4ngBpeI6Z1rM3La6SsRb7DUxNKgodA42GzYkPkwIuJX3XXhI1I68t
Rtp/+sczn8WwGwv05bBoKycSb4rqdtS5Fv8hmsMvZBzt+sXnp2AtyeWvtIbzel74
V3M5vPDFDgaaAt3SRDyqZHnJ16I1pez9L90z/RZ/6q6880uG2yXkseTdzkMknEZx
zrDmeybId8wfAPIYY0Jhuar1l73m0qTjQPSj0YOS87yIfUqI/7aQdsQbEbLAP/PK
Nm34j9EAmS2AKUookn+vr2OoHetxWqI0jzXeSnqUVp0oGJQS
-----END CERTIFICATE-----