Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS216022.roa
File:                     AS216022.roa (raw, json)
Hash identifier:          pN9YVoofJ92+lr1WMhifSNG1SLxegT1RhsvVKYNT+pM=
Subject key identifier:   B7:2E:3F:6B:82:2E:F8:63:CD:FE:D3:0F:11:4C:F6:EA:9F:47:B5:D0
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       5482F46E622F7121941473E81F66D4CB714D2718
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS216022.roa
Signing time:             Tue 10 Mar 2026 08:25:40 +0000
ROA not before:           Tue 10 Mar 2026 08:20:40 +0000
ROA not after:            Tue 09 Mar 2027 08:25:40 +0000
asID:                     216022
IP address blocks:        146.103.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Mar 2026 15:50:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:82:f4:6e:62:2f:71:21:94:14:73:e8:1f:66:d4:cb:71:4d:27:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar 10 08:20:40 2026 GMT
            Not After : Mar  9 08:25:40 2027 GMT
        Subject: CN=B72E3F6B822EF863CDFED30F114CF6EA9F47B5D0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:21:af:c2:3d:9a:59:2a:bf:a5:65:84:ed:93:
                    cc:e9:00:bd:1c:05:d1:79:72:6e:4d:3d:39:8e:89:
                    a8:0b:47:08:c6:f5:ce:96:0c:d6:eb:31:c6:c6:4d:
                    6e:cf:40:77:62:4d:12:d8:2a:9f:6b:57:fc:e8:2c:
                    63:64:f8:1a:11:70:39:25:6a:d9:35:5b:a7:da:24:
                    4f:24:9b:b5:6f:4c:b8:a1:c0:26:2a:91:ba:86:c1:
                    de:e0:21:67:c7:96:ae:d7:de:c6:0a:34:3b:c0:bb:
                    56:56:8f:5e:53:2e:0f:75:38:7e:1d:ee:73:ed:87:
                    00:bc:be:ca:f7:7e:ab:2d:a9:1d:cd:87:47:31:c3:
                    a4:43:77:f6:98:70:d1:e8:6e:0c:2c:71:84:02:0a:
                    7c:49:26:d9:99:2e:dd:ed:e5:8a:76:df:fb:ea:0b:
                    3b:99:82:4d:2a:bb:ad:09:ef:49:53:be:91:61:20:
                    72:4d:57:ff:62:de:33:10:f3:21:ca:d5:a8:f2:be:
                    f1:b1:ed:7c:6a:0f:cd:ef:bb:8b:a1:d2:42:46:ba:
                    fe:0f:2f:b2:8e:58:e4:3b:d8:cf:d1:94:63:a3:4c:
                    d3:da:8e:8f:6c:98:7f:e3:80:ad:d9:98:9d:87:26:
                    b6:50:a2:4f:39:42:54:fb:22:e3:3d:6b:07:a5:0a:
                    fb:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:2E:3F:6B:82:2E:F8:63:CD:FE:D3:0F:11:4C:F6:EA:9F:47:B5:D0
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS216022.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:61:80:39:71:82:76:8e:b1:e7:22:6b:8e:a9:45:16:92:57:
         be:ca:f0:8f:de:f4:7d:59:81:0f:41:86:35:d7:9f:cb:8b:1a:
         96:9e:9d:ec:6f:5c:cc:5d:fc:41:f4:4d:e2:79:9b:2b:3c:8d:
         3e:cd:2a:31:bc:af:a9:1e:a5:75:d5:30:e8:84:06:4c:92:c6:
         6d:d0:7f:9a:20:c0:0f:33:a4:e5:7e:57:07:fa:3a:f9:11:80:
         40:15:20:1f:7a:74:6e:ac:55:e3:d2:ce:c8:6d:e3:56:17:1b:
         15:5c:1a:f7:38:c6:7c:fe:17:89:bb:d2:83:48:e5:2d:24:a1:
         1c:fc:6a:ec:8b:b6:42:92:d8:77:1b:91:d1:69:b4:10:57:cd:
         42:9e:0b:d9:2e:c1:6e:9c:72:a5:29:92:97:74:20:3d:9f:ce:
         55:07:09:dd:74:b0:ba:cb:39:aa:4b:cf:8b:ec:20:75:e7:1c:
         72:40:48:fa:8d:79:9d:7e:8a:e7:05:4b:81:03:20:ab:51:24:
         1f:a2:88:26:67:85:85:f2:ef:b4:66:99:3e:c3:bb:cc:91:3a:
         e7:5f:1d:46:ed:6e:c9:fd:57:ef:04:19:42:79:85:6d:79:91:
         d2:78:ba:c1:39:de:5b:a2:59:30:9d:b7:a5:c6:0a:21:ef:de:
         94:87:ea:18
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUVIL0bmIvcSGUFHPoH2bUy3FNJxgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMTAwODIwNDBaFw0yNzAzMDkwODI1NDBaMDMxMTAvBgNV
BAMTKEI3MkUzRjZCODIyRUY4NjNDREZFRDMwRjExNENGNkVBOUY0N0I1RDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChIa/CPZpZKr+lZYTtk8zpAL0c
BdF5cm5NPTmOiagLRwjG9c6WDNbrMcbGTW7PQHdiTRLYKp9rV/zoLGNk+BoRcDkl
atk1W6faJE8km7VvTLihwCYqkbqGwd7gIWfHlq7X3sYKNDvAu1ZWj15TLg91OH4d
7nPthwC8vsr3fqstqR3Nh0cxw6RDd/aYcNHobgwscYQCCnxJJtmZLt3t5Yp23/vq
CzuZgk0qu60J70lTvpFhIHJNV/9i3jMQ8yHK1ajyvvGx7XxqD83vu4uh0kJGuv4P
L7KOWOQ72M/RlGOjTNPajo9smH/jgK3ZmJ2HJrZQok85QlT7IuM9awelCvuxAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUty4/a4Iu+GPN/tMPEUz26p9HtdAwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE2MDIyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkmc2
MA0GCSqGSIb3DQEBCwUAA4IBAQArYYA5cYJ2jrHnImuOqUUWkle+yvCP3vR9WYEP
QYY115/LixqWnp3sb1zMXfxB9E3ieZsrPI0+zSoxvK+pHqV11TDohAZMksZt0H+a
IMAPM6TlflcH+jr5EYBAFSAfenRurFXj0s7IbeNWFxsVXBr3OMZ8/heJu9KDSOUt
JKEc/Grsi7ZCkth3G5HRabQQV81CngvZLsFunHKlKZKXdCA9n85VBwnddLC6yzmq
S8+L7CB15xxyQEj6jXmdfornBUuBAyCrUSQfoogmZ4WF8u+0Zpk+w7vMkTrnXx1G
7W7J/VfvBBlCeYVteZHSeLrBOd5bolkwnbelxgoh796Uh+oY
-----END CERTIFICATE-----