Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS216321.roa
File:                     AS216321.roa (raw, json)
Hash identifier:          OqKc018C6xOk5mmBFK4y1I/KsjJv9BWmCBD8ftNC2w0=
Subject key identifier:   78:84:C9:18:31:60:46:B4:C0:15:95:DE:B2:C3:B3:0E:C2:01:70:EE
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       0686DA4DD674CDE1238D9108BD504C9B735B7E0B
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS216321.roa
Signing time:             Wed 29 Apr 2026 03:58:22 +0000
ROA not before:           Wed 29 Apr 2026 03:53:22 +0000
ROA not after:            Wed 28 Apr 2027 03:58:22 +0000
asID:                     216321
IP address blocks:        140.233.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 May 2026 16:02:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:86:da:4d:d6:74:cd:e1:23:8d:91:08:bd:50:4c:9b:73:5b:7e:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 29 03:53:22 2026 GMT
            Not After : Apr 28 03:58:22 2027 GMT
        Subject: CN=7884C918316046B4C01595DEB2C3B30EC20170EE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:7c:b1:cb:f0:c2:b0:71:e7:17:23:c8:5c:12:
                    17:ac:61:74:71:38:85:cf:dd:32:ac:0b:0d:ca:a4:
                    6d:04:b3:c8:32:16:f5:c6:6c:12:51:f7:e2:59:9f:
                    19:f8:06:0b:5f:8f:e7:e4:7f:13:ec:b5:97:ca:a8:
                    88:fa:04:29:bb:18:4a:9c:eb:d6:6d:30:b3:17:ca:
                    ca:bc:66:d1:9f:ab:54:02:0b:a3:b8:49:ef:7d:7f:
                    47:7f:98:a3:ef:0a:f0:1a:6f:4e:fe:82:59:09:b5:
                    6e:4f:ff:6a:28:9f:ea:df:17:19:a3:1d:52:b9:fa:
                    fa:c9:09:1a:78:8d:a6:0e:33:52:6e:29:24:33:6e:
                    fb:d2:b3:e6:a4:0a:3e:4e:95:ee:e9:72:07:64:53:
                    ed:13:89:cd:f8:f8:48:c0:ce:56:b2:75:a8:14:6d:
                    3e:e7:8d:9b:18:f1:3e:cc:bd:ab:d5:fd:27:c3:93:
                    81:ed:8b:55:bb:f0:07:ca:9b:36:a3:dc:1f:6e:d7:
                    e3:d5:05:4f:6b:06:21:c4:86:c6:eb:63:c5:63:cc:
                    c9:9d:a4:bb:82:b8:39:65:ad:fd:9b:a0:69:df:76:
                    83:77:f2:0e:96:56:62:77:a8:47:f3:49:95:af:74:
                    35:b5:4f:00:23:86:03:e0:a4:62:ad:eb:db:32:b2:
                    c5:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:84:C9:18:31:60:46:B4:C0:15:95:DE:B2:C3:B3:0E:C2:01:70:EE
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS216321.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.233.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:30:fe:27:95:ce:57:20:89:12:59:86:e7:ac:b0:22:36:1c:
         b3:91:a2:27:ae:9c:09:d5:f6:42:fd:67:47:4c:eb:f1:ea:cb:
         c6:a6:28:4d:2b:99:a5:36:62:6e:fd:c6:49:1e:1f:0c:28:5f:
         2b:a0:82:56:bd:f6:a4:7c:3c:2a:a1:86:62:0b:c9:9b:b9:97:
         22:9a:64:85:5a:28:ed:9a:70:8e:29:20:76:a5:ed:0f:a2:bd:
         3e:21:01:6f:ab:6c:1d:a0:da:50:1d:80:d4:22:0a:e4:77:54:
         5b:39:72:50:f6:86:d5:9c:dd:8d:c7:b8:41:9f:e1:c2:ef:3a:
         62:63:1c:06:c2:0c:27:d9:23:81:14:74:c2:08:f3:63:23:11:
         cb:e1:8e:64:1c:49:6a:71:78:05:11:d0:e7:cc:4f:72:8e:6b:
         3a:c8:cd:bc:47:3b:21:85:bf:f1:a7:11:2b:73:06:f3:83:6e:
         91:1b:25:f5:db:49:37:75:7c:7a:7f:d5:09:00:51:c8:01:08:
         fd:66:47:7d:39:4d:63:d6:13:32:50:5b:60:fa:35:57:f9:45:
         f6:ec:de:98:69:13:88:5c:ca:f6:1a:2e:8a:ca:8a:5a:ca:57:
         4e:3f:f7:f1:6d:ec:03:6b:76:3d:de:34:8e:a1:bd:6d:84:78:
         75:1d:8e:8f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUBobaTdZ0zeEjjZEIvVBMm3NbfgswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA0MjkwMzUzMjJaFw0yNzA0MjgwMzU4MjJaMDMxMTAvBgNV
BAMTKDc4ODRDOTE4MzE2MDQ2QjRDMDE1OTVERUIyQzNCMzBFQzIwMTcwRUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCEfLHL8MKwcecXI8hcEhesYXRx
OIXP3TKsCw3KpG0Es8gyFvXGbBJR9+JZnxn4Bgtfj+fkfxPstZfKqIj6BCm7GEqc
69ZtMLMXysq8ZtGfq1QCC6O4Se99f0d/mKPvCvAab07+glkJtW5P/2oon+rfFxmj
HVK5+vrJCRp4jaYOM1JuKSQzbvvSs+akCj5Ole7pcgdkU+0Tic34+EjAzlaydagU
bT7njZsY8T7MvavV/SfDk4Hti1W78AfKmzaj3B9u1+PVBU9rBiHEhsbrY8VjzMmd
pLuCuDllrf2boGnfdoN38g6WVmJ3qEfzSZWvdDW1TwAjhgPgpGKt69syssWBAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUeITJGDFgRrTAFZXessOzDsIBcO4wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE2MzIxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjOm0
MA0GCSqGSIb3DQEBCwUAA4IBAQCSMP4nlc5XIIkSWYbnrLAiNhyzkaInrpwJ1fZC
/WdHTOvx6svGpihNK5mlNmJu/cZJHh8MKF8roIJWvfakfDwqoYZiC8mbuZcimmSF
WijtmnCOKSB2pe0Por0+IQFvq2wdoNpQHYDUIgrkd1RbOXJQ9obVnN2Nx7hBn+HC
7zpiYxwGwgwn2SOBFHTCCPNjIxHL4Y5kHElqcXgFEdDnzE9yjms6yM28Rzshhb/x
pxErcwbzg26RGyX120k3dXx6f9UJAFHIAQj9Zkd9OU1j1hMyUFtg+jVX+UX27N6Y
aROIXMr2Gi6KyopayldOP/fxbewDa3Y93jSOob1thHh1HY6P
-----END CERTIFICATE-----