Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211415.roa
File:                     AS211415.roa (raw, json)
Hash identifier:          NSNjDdIAY9utRCvz07N6+d084AOshUqWB7MABXvJjJM=
Subject key identifier:   B4:C7:53:DB:5D:86:A6:63:D4:25:C3:54:75:47:37:C1:03:96:E5:C3
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4BA5CB35DA09FCDB15E4F19776FA07D06FFB0FE1
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211415.roa
Signing time:             Fri 10 Jul 2026 01:49:08 +0000
ROA not before:           Fri 10 Jul 2026 01:44:08 +0000
ROA not after:            Fri 09 Jul 2027 01:49:08 +0000
asID:                     211415
IP address blocks:        45.133.177.0/24 maxlen: 24
                          181.215.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Jul 2026 07:32:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:a5:cb:35:da:09:fc:db:15:e4:f1:97:76:fa:07:d0:6f:fb:0f:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul 10 01:44:08 2026 GMT
            Not After : Jul  9 01:49:08 2027 GMT
        Subject: CN=B4C753DB5D86A663D425C354754737C10396E5C3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:23:0b:da:02:0d:6c:1c:24:8e:f6:25:b7:38:
                    43:4a:34:25:49:69:71:42:7b:9c:88:dc:c1:7d:95:
                    5a:a7:2f:07:22:7a:eb:72:fb:d7:c4:eb:64:35:1d:
                    a4:97:a7:93:d8:54:82:5f:91:e9:d5:fb:8c:83:cb:
                    52:69:99:f3:e8:20:98:66:8c:8b:b9:c0:00:37:6a:
                    37:3a:23:3f:1c:44:6c:7d:35:f7:28:5e:5b:ac:cb:
                    54:69:64:ff:05:c8:42:7e:a0:64:84:b3:53:cf:d8:
                    29:9d:06:96:a3:6d:13:72:f5:79:17:ff:4c:bf:27:
                    50:b9:2f:1e:dd:51:c1:7a:6d:52:15:9d:d2:07:42:
                    71:de:1b:9e:2e:71:dd:2a:cb:6a:05:3a:6b:91:f9:
                    b5:4e:9d:1b:31:77:9b:ab:1e:b7:cf:2f:f1:f9:04:
                    1d:c2:70:9b:69:06:e7:a7:9a:93:bf:a7:85:09:98:
                    a3:76:69:76:67:2f:8b:93:68:e7:2c:61:0b:5d:a1:
                    99:fb:8c:64:16:02:cf:c5:0c:47:b9:e3:44:ba:c2:
                    3c:d5:2c:f9:3e:11:10:13:c8:e2:32:6b:60:dc:27:
                    a7:a0:e6:2d:3e:c0:67:50:f8:5e:7a:00:dc:b4:04:
                    82:13:bd:f2:58:1b:3b:18:4e:6a:af:0c:bb:92:d7:
                    5e:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:C7:53:DB:5D:86:A6:63:D4:25:C3:54:75:47:37:C1:03:96:E5:C3
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211415.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.177.0/24
                  181.215.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:f5:e5:5f:9f:1f:e5:72:44:9a:4c:92:e1:c5:12:1d:76:df:
         9b:fa:db:bb:09:af:d8:b1:91:b0:11:c1:93:8e:11:b5:7a:41:
         bd:43:95:4e:b6:d3:f7:81:1f:8c:a2:0b:11:b2:40:4b:5a:3f:
         21:58:28:70:1b:7e:e0:c1:60:a3:81:74:55:29:3d:2d:b7:ac:
         4f:91:dc:cc:ef:b2:db:c5:52:89:70:26:05:4c:ba:fb:bf:12:
         34:22:8b:e8:ea:bd:c9:b0:96:0c:72:af:a9:15:cc:09:fd:e2:
         cf:c3:90:5a:b1:74:77:75:3f:af:e9:c0:8d:60:72:78:00:d2:
         29:16:94:bf:d3:49:f0:0c:91:75:42:81:df:09:92:63:67:88:
         08:5c:d6:f5:ad:46:58:7a:d3:f5:92:b0:12:bc:21:da:9f:9a:
         7b:67:b3:a0:75:b1:6c:e7:81:50:a5:85:1e:f2:cd:ff:09:26:
         59:11:ac:96:b4:c6:b8:7e:b7:b0:c4:e7:e9:a6:62:42:3f:6d:
         b8:5c:db:25:c3:25:07:fa:f6:23:50:26:6e:0b:ed:d8:5c:8e:
         4e:44:9a:b0:d0:4a:77:f1:71:3a:c2:62:c5:b0:35:a6:18:fe:
         1c:74:37:35:47:5c:21:a7:56:3d:ac:a1:ac:5d:6a:e5:cc:24:
         c1:a7:63:9b
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUS6XLNdoJ/NsV5PGXdvoH0G/7D+EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA3MTAwMTQ0MDhaFw0yNzA3MDkwMTQ5MDhaMDMxMTAvBgNV
BAMTKEI0Qzc1M0RCNUQ4NkE2NjNENDI1QzM1NDc1NDczN0MxMDM5NkU1QzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSIwvaAg1sHCSO9iW3OENKNCVJ
aXFCe5yI3MF9lVqnLwcieuty+9fE62Q1HaSXp5PYVIJfkenV+4yDy1JpmfPoIJhm
jIu5wAA3ajc6Iz8cRGx9NfcoXlusy1RpZP8FyEJ+oGSEs1PP2CmdBpajbRNy9XkX
/0y/J1C5Lx7dUcF6bVIVndIHQnHeG54ucd0qy2oFOmuR+bVOnRsxd5urHrfPL/H5
BB3CcJtpBuenmpO/p4UJmKN2aXZnL4uTaOcsYQtdoZn7jGQWAs/FDEe540S6wjzV
LPk+ERATyOIya2DcJ6eg5i0+wGdQ+F56ANy0BIITvfJYGzsYTmqvDLuS114zAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUtMdT212GpmPUJcNUdUc3wQOW5cMwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjExNDE1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYWx
AwQAtdffMA0GCSqGSIb3DQEBCwUAA4IBAQAF9eVfnx/lckSaTJLhxRIddt+b+tu7
Ca/YsZGwEcGTjhG1ekG9Q5VOttP3gR+MogsRskBLWj8hWChwG37gwWCjgXRVKT0t
t6xPkdzM77LbxVKJcCYFTLr7vxI0Iovo6r3JsJYMcq+pFcwJ/eLPw5BasXR3dT+v
6cCNYHJ4ANIpFpS/00nwDJF1QoHfCZJjZ4gIXNb1rUZYetP1krASvCHan5p7Z7Og
dbFs54FQpYUe8s3/CSZZEayWtMa4frewxOfppmJCP224XNslwyUH+vYjUCZuC+3Y
XI5ORJqw0Ep38XE6wmLFsDWmGP4cdDc1R1whp1Y9rKGsXWrlzCTBp2Ob
-----END CERTIFICATE-----
Generated at Sun Jul 19 16:39:25 2026 by rpki-client