Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS212980.roa
File:                     AS212980.roa (raw, json)
Hash identifier:          Zoz/8g4QJTKbhJZrHf9/7XdXmBbc4ng74YzPeFjoYNk=
Subject key identifier:   93:44:64:E3:C3:FD:7D:28:40:6B:6C:F9:5A:A6:B9:A6:1A:D8:F1:2D
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       641DD42C2C81DC9C0688CF39F887865B97FD3BA5
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS212980.roa
Signing time:             Wed 04 Mar 2026 13:54:17 +0000
ROA not before:           Wed 04 Mar 2026 13:49:17 +0000
ROA not after:            Wed 03 Mar 2027 13:54:17 +0000
asID:                     212980
IP address blocks:        46.236.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Mar 2026 23:40:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:1d:d4:2c:2c:81:dc:9c:06:88:cf:39:f8:87:86:5b:97:fd:3b:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Mar  4 13:49:17 2026 GMT
            Not After : Mar  3 13:54:17 2027 GMT
        Subject: CN=934464E3C3FD7D28406B6CF95AA6B9A61AD8F12D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:81:8b:c7:53:90:5c:38:f2:b7:01:df:f9:88:
                    fd:e0:20:66:e9:b5:2a:cb:22:eb:c3:24:7d:70:44:
                    60:76:26:27:74:95:12:e2:d5:f7:0a:bf:58:42:1c:
                    7c:17:39:73:2f:e5:26:6c:97:5e:7a:14:85:39:d6:
                    42:04:a9:c7:fe:f5:03:30:1e:a8:83:4c:33:98:7a:
                    08:d4:3f:1b:51:10:f4:32:a5:1f:be:22:86:48:31:
                    1d:c8:79:9c:18:6f:96:66:b4:48:9e:bd:d9:de:7c:
                    50:1a:5e:a9:ec:13:96:66:6f:55:c9:99:e5:7f:a2:
                    e7:c3:1b:5a:34:70:f6:9a:45:63:2d:d3:94:c4:18:
                    b5:23:ef:a2:ba:03:75:29:33:8b:6c:f3:e9:28:4c:
                    06:a6:49:ec:d5:e8:7b:1f:60:99:d1:fa:8b:f1:47:
                    80:9c:fb:a6:12:f4:38:df:96:30:fa:50:3c:71:a6:
                    c6:17:6e:e2:4c:02:24:9c:45:4b:6b:9c:4f:44:e3:
                    f8:57:5a:85:0c:e1:ce:0c:4d:32:00:91:e5:92:31:
                    22:ac:3c:1e:01:8c:ee:27:82:27:10:a1:2f:26:80:
                    0b:54:53:30:c3:b6:0d:01:33:27:8f:d7:7d:df:cf:
                    ac:d3:f7:81:4a:1c:64:c2:14:15:3c:13:a2:cf:eb:
                    e0:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:44:64:E3:C3:FD:7D:28:40:6B:6C:F9:5A:A6:B9:A6:1A:D8:F1:2D
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS212980.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:5e:b2:24:3d:fa:bf:bc:5f:ef:e8:f6:58:af:2c:ca:8c:a1:
         a5:ce:c4:75:10:e9:e6:0a:58:18:6d:82:ec:42:6d:c4:0c:0f:
         2a:c7:ef:f8:b8:16:6b:ca:36:40:4e:a4:8e:69:d7:8f:8c:bc:
         40:e2:9d:5d:64:8f:2a:16:c1:34:76:27:46:b2:73:39:71:08:
         46:62:9c:4e:bc:e5:3d:94:ef:8a:b9:bc:20:02:fc:a0:3f:c2:
         17:55:a9:1b:e4:2d:0c:77:0e:47:a4:9e:43:e0:df:18:33:58:
         cc:a5:8f:2e:dc:f8:16:14:ca:01:31:04:60:05:68:2a:e9:35:
         d6:24:fa:81:46:b6:8e:ce:94:3b:f7:a5:c9:c4:9b:ec:76:d1:
         ae:d8:53:8a:8f:6e:17:1a:35:52:7d:69:d6:90:82:5d:21:18:
         cf:65:74:10:b8:d2:2a:ec:4b:16:ef:92:e9:6d:87:cc:a4:37:
         95:46:57:24:87:3a:dd:53:f1:e9:51:dc:01:3b:57:3e:f7:7a:
         0c:f3:3a:83:7a:63:c9:45:1f:7c:98:40:55:72:dd:f5:56:fe:
         bb:45:0a:12:53:98:b1:b9:a8:c7:9a:d6:00:fa:32:fb:38:33:
         1e:d6:fa:6f:ba:c7:c4:37:31:03:d4:21:4b:7f:f5:c1:8e:92:
         66:46:b5:a8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUZB3ULCyB3JwGiM85+IeGW5f9O6UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNjAzMDQxMzQ5MTdaFw0yNzAzMDMxMzU0MTdaMDMxMTAvBgNV
BAMTKDkzNDQ2NEUzQzNGRDdEMjg0MDZCNkNGOTVBQTZCOUE2MUFEOEYxMkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYgYvHU5BcOPK3Ad/5iP3gIGbp
tSrLIuvDJH1wRGB2Jid0lRLi1fcKv1hCHHwXOXMv5SZsl156FIU51kIEqcf+9QMw
HqiDTDOYegjUPxtREPQypR++IoZIMR3IeZwYb5ZmtEievdnefFAaXqnsE5Zmb1XJ
meV/oufDG1o0cPaaRWMt05TEGLUj76K6A3UpM4ts8+koTAamSezV6HsfYJnR+ovx
R4Cc+6YS9DjfljD6UDxxpsYXbuJMAiScRUtrnE9E4/hXWoUM4c4MTTIAkeWSMSKs
PB4BjO4ngicQoS8mgAtUUzDDtg0BMyeP133fz6zT94FKHGTCFBU8E6LP6+CJAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUk0Rk48P9fShAa2z5Wqa5phrY8S0wHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMjEyOTgwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALuzY
MA0GCSqGSIb3DQEBCwUAA4IBAQBgXrIkPfq/vF/v6PZYryzKjKGlzsR1EOnmClgY
bYLsQm3EDA8qx+/4uBZryjZATqSOadePjLxA4p1dZI8qFsE0didGsnM5cQhGYpxO
vOU9lO+KubwgAvygP8IXVakb5C0Mdw5HpJ5D4N8YM1jMpY8u3PgWFMoBMQRgBWgq
6TXWJPqBRraOzpQ796XJxJvsdtGu2FOKj24XGjVSfWnWkIJdIRjPZXQQuNIq7EsW
75LpbYfMpDeVRlckhzrdU/HpUdwBO1c+93oM8zqDemPJRR98mEBVct31Vv67RQoS
U5ixuajHmtYA+jL7ODMe1vpvusfENzED1CFLf/XBjpJmRrWo
-----END CERTIFICATE-----