Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS211484.roa
File:                     AS211484.roa (raw, json)
Hash identifier:          3Q/Q4peEfS5L/xNk2N0n2YtMO/PLlnFRNoZd8OF9rho=
Subject key identifier:   01:55:82:4E:8D:1E:4D:4C:E3:25:95:70:2B:2E:AD:C8:95:36:A6:58
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       0455F7361639D129DC23D9F8595866771212D714
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS211484.roa
Signing time:             Tue 19 May 2026 07:02:48 +0000
ROA not before:           Tue 19 May 2026 06:57:48 +0000
ROA not after:            Tue 18 May 2027 07:02:48 +0000
asID:                     211484
IP address blocks:        155.117.252.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 01:42:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:55:f7:36:16:39:d1:29:dc:23:d9:f8:59:58:66:77:12:12:d7:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 19 06:57:48 2026 GMT
            Not After : May 18 07:02:48 2027 GMT
        Subject: CN=0155824E8D1E4D4CE32595702B2EADC89536A658
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:b2:28:4c:5d:31:7e:2b:e1:d1:6f:12:91:4e:
                    52:ee:3e:6b:28:c7:50:98:6b:e3:56:98:47:e8:73:
                    98:e4:c0:79:ea:f6:cf:e0:88:22:e1:56:57:ce:51:
                    5d:ee:34:5e:87:59:d8:d6:c5:59:81:ec:c1:f5:e4:
                    bf:32:06:2b:2c:8d:7b:3d:32:79:54:5b:c3:4e:11:
                    49:f1:26:7d:f3:33:d7:34:5f:a2:90:ec:80:93:a2:
                    a3:57:7d:48:47:6f:3b:e7:5b:a9:68:43:9c:8a:73:
                    9e:99:f0:53:27:99:0f:b5:7c:ff:24:dd:a0:1a:ab:
                    7d:d7:d7:e0:ad:fb:cf:df:b6:7a:3f:68:8a:fa:eb:
                    7d:fa:d3:6f:58:1d:ff:6a:f6:da:c5:bc:4a:be:f1:
                    c8:82:00:32:f2:14:61:0f:71:bf:82:06:69:9b:35:
                    20:35:be:66:74:fe:ff:eb:29:27:7f:9f:d8:7d:d8:
                    67:1e:2b:d4:1d:80:d9:43:a1:3c:66:2c:c4:20:79:
                    06:94:5a:38:c7:e2:64:d4:fd:41:5d:8f:7c:10:95:
                    09:ff:c4:59:9f:b8:d6:63:ff:20:6d:5f:5d:3e:a7:
                    ef:41:b4:3c:00:8b:51:5b:9a:94:a4:f1:c0:1d:8d:
                    44:39:75:be:22:66:9f:9b:0e:9f:b6:27:97:67:fb:
                    fb:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:55:82:4E:8D:1E:4D:4C:E3:25:95:70:2B:2E:AD:C8:95:36:A6:58
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS211484.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b8:09:37:c4:81:04:d6:c5:b9:b9:22:5b:98:db:fe:22:99:a3:
         24:87:1d:a8:26:19:92:12:74:66:80:ea:66:02:70:a5:5f:85:
         58:bd:37:06:d2:1f:b2:c4:09:a4:2e:37:63:0d:d3:54:f6:e3:
         96:4f:18:7d:86:d4:93:84:46:00:f6:10:c8:76:40:79:99:3f:
         86:a0:c2:31:40:44:e7:f3:18:6b:55:4c:16:60:db:60:d8:b3:
         0d:f5:47:f7:e3:48:46:c3:e2:f5:5a:3b:a8:0f:01:b5:82:9c:
         18:d2:33:95:a6:e7:2d:d9:73:6d:b4:8e:13:20:d7:d5:9d:49:
         3d:92:f3:17:93:1b:af:c7:f7:7c:03:b4:93:76:96:b2:a2:2f:
         4c:5b:da:1e:c3:e3:95:42:18:56:7c:84:8e:6b:31:83:92:39:
         bd:e2:bb:42:e3:d0:59:7c:e6:11:4a:46:dc:d8:1f:44:9a:34:
         ad:ef:6b:79:16:f7:b2:e5:31:f8:b1:99:c3:53:2c:81:ee:1d:
         02:a2:34:62:e0:51:87:02:43:df:ae:df:bc:a8:cd:f5:0d:26:
         d1:fe:0d:a1:68:40:5e:9a:8e:59:4f:69:79:b2:e3:e7:c2:e9:
         d2:a5:bf:c5:0f:15:65:c5:73:79:c0:7b:d5:a1:26:ec:c6:77:
         7e:b3:54:50
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUBFX3NhY50SncI9n4WVhmdxIS1xQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MTkwNjU3NDhaFw0yNzA1MTgwNzAyNDhaMDMxMTAvBgNV
BAMTKDAxNTU4MjRFOEQxRTRENENFMzI1OTU3MDJCMkVBREM4OTUzNkE2NTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKsihMXTF+K+HRbxKRTlLuPmso
x1CYa+NWmEfoc5jkwHnq9s/giCLhVlfOUV3uNF6HWdjWxVmB7MH15L8yBissjXs9
MnlUW8NOEUnxJn3zM9c0X6KQ7ICToqNXfUhHbzvnW6loQ5yKc56Z8FMnmQ+1fP8k
3aAaq33X1+Ct+8/ftno/aIr66336029YHf9q9trFvEq+8ciCADLyFGEPcb+CBmmb
NSA1vmZ0/v/rKSd/n9h92GceK9QdgNlDoTxmLMQgeQaUWjjH4mTU/UFdj3wQlQn/
xFmfuNZj/yBtX10+p+9BtDwAi1FbmpSk8cAdjUQ5db4iZp+bDp+2J5dn+/tZAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUAVWCTo0eTUzjJZVwKy6tyJU2plgwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjExNDg0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBm3X8
MA0GCSqGSIb3DQEBCwUAA4IBAQC4CTfEgQTWxbm5IluY2/4imaMkhx2oJhmSEnRm
gOpmAnClX4VYvTcG0h+yxAmkLjdjDdNU9uOWTxh9htSThEYA9hDIdkB5mT+GoMIx
QETn8xhrVUwWYNtg2LMN9Uf340hGw+L1WjuoDwG1gpwY0jOVpuct2XNttI4TINfV
nUk9kvMXkxuvx/d8A7STdpayoi9MW9oew+OVQhhWfISOazGDkjm94rtC49BZfOYR
Skbc2B9EmjSt72t5Fvey5TH4sZnDUyyB7h0CojRi4FGHAkPfrt+8qM31DSbR/g2h
aEBemo5ZT2l5suPnwunSpb/FDxVlxXN5wHvVoSbsxnd+s1RQ
-----END CERTIFICATE-----