Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS212336.roa
File:                     AS212336.roa (raw, json)
Hash identifier:          GdviqIHuSypnmFCKGbQzOZ5+U6iOyEBO/ht3RHP7Pkg=
Subject key identifier:   7C:B9:07:2B:EE:94:1B:EE:0D:96:1A:BA:4C:29:38:5F:80:6A:59:0B
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       3C12A5BC6A60690771D3C65EA8F4620DABF65CB6
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS212336.roa
Signing time:             Wed 23 Jul 2025 03:10:25 +0000
ROA not before:           Wed 23 Jul 2025 03:05:25 +0000
ROA not after:            Wed 22 Jul 2026 03:10:25 +0000
asID:                     212336
IP address blocks:        147.79.20.0/24 maxlen: 24
                          155.117.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 08:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:12:a5:bc:6a:60:69:07:71:d3:c6:5e:a8:f4:62:0d:ab:f6:5c:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul 23 03:05:25 2025 GMT
            Not After : Jul 22 03:10:25 2026 GMT
        Subject: CN=7CB9072BEE941BEE0D961ABA4C29385F806A590B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:0d:0f:b8:93:8e:d8:77:77:3c:3e:3f:3f:78:
                    31:56:5e:80:9f:66:89:7d:fd:19:bf:12:5b:a6:4d:
                    05:49:8e:4a:58:78:af:ab:37:ab:d2:06:13:43:79:
                    aa:f5:8e:a7:de:f0:9d:b2:41:20:85:dd:3d:81:c4:
                    85:64:d3:b8:df:a4:5d:c9:7f:f0:06:3d:e9:35:d1:
                    82:37:6a:9c:9e:8e:bb:70:d3:8b:93:56:ff:d0:da:
                    ee:11:55:c5:09:fc:09:82:28:c0:82:c8:39:65:50:
                    d6:9c:be:79:1c:39:7a:14:4e:ee:f5:45:7d:fc:b9:
                    ba:ad:df:bb:a7:43:e8:af:1b:80:80:58:c5:45:b5:
                    18:77:73:31:37:d3:46:b4:26:5e:d4:b7:c5:e5:51:
                    e7:f4:5c:b4:7e:53:e9:2b:8a:1f:6e:3c:ca:ed:88:
                    76:8b:a2:4b:9d:a1:c0:0e:8c:dd:cf:f2:2c:63:e4:
                    70:61:88:3c:68:9f:20:db:0f:90:07:de:a7:b6:1e:
                    d5:02:d8:bd:c4:94:a7:1a:4e:3b:cf:9b:68:c8:6f:
                    55:2d:b6:5c:9e:94:28:81:65:e8:4b:42:da:76:a6:
                    80:09:76:5d:a2:d3:dc:68:e8:cf:77:25:80:81:27:
                    40:6d:f5:d2:dc:9e:1f:0b:ae:8d:d4:b8:6c:58:b8:
                    7d:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:B9:07:2B:EE:94:1B:EE:0D:96:1A:BA:4C:29:38:5F:80:6A:59:0B
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS212336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.79.20.0/24
                  155.117.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:bb:19:b1:7c:a1:47:cd:1d:86:2d:4f:4b:4c:46:fa:08:a3:
         23:9a:88:c4:fa:dc:ec:92:29:ba:cd:8d:88:99:d7:b4:54:fa:
         5e:1a:c4:a5:ee:63:f1:ad:52:2d:11:1b:3e:b3:93:f3:67:8f:
         ba:ad:5d:32:b0:cc:d7:a7:9e:34:2d:4e:d3:15:d8:83:48:96:
         3a:87:2e:98:f5:2d:ab:b3:12:11:15:9e:56:e9:bc:4c:d5:b0:
         fd:9f:9a:e6:9e:0d:9a:91:79:7f:d8:d1:24:c8:e9:73:6c:ef:
         fb:f5:84:e9:a5:61:17:2a:87:1f:24:3b:cd:db:ef:ca:6f:26:
         21:28:f8:9d:f9:9f:65:0f:c9:b0:7e:43:44:91:73:3e:2d:6d:
         3e:a8:ea:7c:78:1d:10:1c:7f:fe:3d:04:99:ce:f3:e7:3d:66:
         f8:3d:89:d1:b9:70:b3:0d:7a:c6:b2:c6:10:29:e8:5f:cb:85:
         11:ff:43:05:b4:cc:ac:5b:57:64:b9:d2:fa:c1:0e:49:9f:74:
         95:3c:11:b8:10:f9:42:b2:d4:08:b1:ae:5e:b2:db:f0:fb:26:
         2d:96:74:a9:c1:39:ac:e7:20:51:0e:64:09:86:b4:68:7e:5b:
         61:0f:71:8c:0f:fc:16:08:b7:93:73:39:b0:0d:26:32:6c:4b:
         4c:eb:b7:56
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUPBKlvGpgaQdx08ZeqPRiDav2XLYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA3MjMwMzA1MjVaFw0yNjA3MjIwMzEwMjVaMDMxMTAvBgNV
BAMTKDdDQjkwNzJCRUU5NDFCRUUwRDk2MUFCQTRDMjkzODVGODA2QTU5MEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDDQ+4k47Yd3c8Pj8/eDFWXoCf
Zol9/Rm/ElumTQVJjkpYeK+rN6vSBhNDear1jqfe8J2yQSCF3T2BxIVk07jfpF3J
f/AGPek10YI3apyejrtw04uTVv/Q2u4RVcUJ/AmCKMCCyDllUNacvnkcOXoUTu71
RX38ubqt37unQ+ivG4CAWMVFtRh3czE300a0Jl7Ut8XlUef0XLR+U+krih9uPMrt
iHaLokudocAOjN3P8ixj5HBhiDxonyDbD5AH3qe2HtUC2L3ElKcaTjvPm2jIb1Ut
tlyelCiBZehLQtp2poAJdl2i09xo6M93JYCBJ0Bt9dLcnh8Lro3UuGxYuH1vAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUfLkHK+6UG+4Nlhq6TCk4X4BqWQswHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjEyMzM2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAk08U
AwQAm3WbMA0GCSqGSIb3DQEBCwUAA4IBAQAhuxmxfKFHzR2GLU9LTEb6CKMjmojE
+tzskim6zY2Imde0VPpeGsSl7mPxrVItERs+s5PzZ4+6rV0ysMzXp540LU7TFdiD
SJY6hy6Y9S2rsxIRFZ5W6bxM1bD9n5rmng2akXl/2NEkyOlzbO/79YTppWEXKocf
JDvN2+/KbyYhKPid+Z9lD8mwfkNEkXM+LW0+qOp8eB0QHH/+PQSZzvPnPWb4PYnR
uXCzDXrGssYQKehfy4UR/0MFtMysW1dkudL6wQ5Jn3SVPBG4EPlCstQIsa5estvw
+yYtlnSpwTms5yBRDmQJhrRoflthD3GMD/wWCLeTczmwDSYybEtM67dW
-----END CERTIFICATE-----