Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS212609.roa
File:                     AS212609.roa (raw, json)
Hash identifier:          I1r1+jd1tIrDq0oxM4Fe+c+s/zaa86Ja6tT1Xzyen20=
Subject key identifier:   C8:CE:5A:19:F7:96:39:2F:CE:66:6C:12:9B:63:9E:4C:99:45:25:27
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       13EE8EEEC3B04508BF220AE54FF3396B9523DC86
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS212609.roa
Signing time:             Thu 14 May 2026 13:47:13 +0000
ROA not before:           Thu 14 May 2026 13:42:13 +0000
ROA not after:            Thu 13 May 2027 13:47:13 +0000
asID:                     212609
IP address blocks:        181.215.200.0/24 maxlen: 24
                          191.96.250.0/24 maxlen: 24
                          191.101.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 14:59:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:ee:8e:ee:c3:b0:45:08:bf:22:0a:e5:4f:f3:39:6b:95:23:dc:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 14 13:42:13 2026 GMT
            Not After : May 13 13:47:13 2027 GMT
        Subject: CN=C8CE5A19F796392FCE666C129B639E4C99452527
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:74:43:fc:4f:6c:d6:c7:4c:8e:9c:5b:48:79:
                    e2:61:64:24:da:96:b1:ad:6b:10:aa:bd:14:5e:9a:
                    d1:64:d6:87:4a:01:4f:85:93:99:c7:88:ca:79:76:
                    7d:75:5d:7f:42:8a:b3:8b:09:9f:79:f2:73:b1:eb:
                    2d:db:ea:ce:46:b1:1f:7c:05:31:67:02:7a:0a:3e:
                    06:85:23:83:6e:1a:30:a5:78:70:d3:d4:57:a6:46:
                    75:6c:ad:a0:6f:89:0f:cc:32:b5:d6:99:a7:eb:16:
                    5b:a7:30:58:28:33:5f:d0:6d:29:ab:75:74:3b:9d:
                    be:9a:67:a9:b5:61:e2:1b:88:10:46:69:21:a2:b0:
                    a9:c2:4e:13:fd:a5:de:a9:9a:f3:70:26:35:ba:91:
                    e9:96:be:46:52:8e:57:af:a9:98:d7:bd:41:35:79:
                    45:37:50:d6:15:17:c2:82:45:51:7d:e1:b6:f7:b5:
                    b2:60:9a:30:21:d8:b9:55:84:24:47:87:51:fc:1e:
                    2b:0e:49:31:c9:0d:b5:6f:0d:ff:ac:a3:23:7c:42:
                    f2:0f:d8:82:2d:03:b3:c6:ee:c4:17:ed:bb:fe:b9:
                    ef:f7:b8:c4:40:d4:6c:34:fd:a1:2a:4c:f3:18:51:
                    2d:63:52:12:d7:43:7b:77:c6:08:bb:29:48:20:a4:
                    a0:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:CE:5A:19:F7:96:39:2F:CE:66:6C:12:9B:63:9E:4C:99:45:25:27
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS212609.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.200.0/24
                  191.96.250.0/24
                  191.101.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:80:37:50:d1:f1:8d:af:15:b0:9e:b4:5b:26:f3:a8:9e:bc:
         f4:72:30:f0:c1:0b:7e:61:a5:5a:f0:47:e2:17:80:0f:52:71:
         60:37:d0:a7:f8:0b:4e:75:f9:bc:d5:5e:0f:8b:23:c3:69:55:
         82:79:b1:47:25:3c:0b:57:08:64:76:b0:17:e4:fe:54:55:23:
         98:70:53:c7:4b:a7:16:ab:ae:d9:16:b2:8e:3c:7d:05:6f:eb:
         66:61:a9:db:bd:bf:4d:00:83:1a:a4:6a:40:88:7e:5f:50:2d:
         10:93:f1:80:4f:f3:29:0b:11:fd:f3:d3:0c:78:d3:4a:e0:66:
         03:d5:88:9a:93:a2:9e:64:d1:cc:b6:d9:db:d8:bb:b2:f5:f3:
         d1:41:83:74:d7:48:0c:f6:48:8a:99:d0:ff:dc:92:de:b5:e8:
         12:c9:41:2c:7f:4a:e8:3e:12:9b:c4:81:92:4c:1e:68:b6:9d:
         72:53:74:4b:11:5e:71:d7:42:72:c8:73:d5:bf:bf:2d:c0:35:
         9f:75:b6:9b:7f:01:60:fe:cd:5f:59:96:43:55:65:88:c4:2f:
         cb:17:3a:41:06:70:11:20:8e:63:43:3e:63:4e:20:3f:5a:37:
         f2:c8:08:27:29:b7:ca:a9:25:3c:2c:b5:30:15:61:99:22:2b:
         05:45:2c:d2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUE+6O7sOwRQi/IgrlT/M5a5Uj3IYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA1MTQxMzQyMTNaFw0yNzA1MTMxMzQ3MTNaMDMxMTAvBgNV
BAMTKEM4Q0U1QTE5Rjc5NjM5MkZDRTY2NkMxMjlCNjM5RTRDOTk0NTI1MjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCdEP8T2zWx0yOnFtIeeJhZCTa
lrGtaxCqvRRemtFk1odKAU+Fk5nHiMp5dn11XX9CirOLCZ958nOx6y3b6s5GsR98
BTFnAnoKPgaFI4NuGjCleHDT1FemRnVsraBviQ/MMrXWmafrFlunMFgoM1/QbSmr
dXQ7nb6aZ6m1YeIbiBBGaSGisKnCThP9pd6pmvNwJjW6kemWvkZSjlevqZjXvUE1
eUU3UNYVF8KCRVF94bb3tbJgmjAh2LlVhCRHh1H8HisOSTHJDbVvDf+soyN8QvIP
2IItA7PG7sQX7bv+ue/3uMRA1Gw0/aEqTPMYUS1jUhLXQ3t3xgi7KUggpKB3AgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUyM5aGfeWOS/OZmwSm2OeTJlFJScwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjEyNjA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAtdfI
AwQAv2D6AwQAv2X4MA0GCSqGSIb3DQEBCwUAA4IBAQCtgDdQ0fGNrxWwnrRbJvOo
nrz0cjDwwQt+YaVa8EfiF4APUnFgN9Cn+AtOdfm81V4PiyPDaVWCebFHJTwLVwhk
drAX5P5UVSOYcFPHS6cWq67ZFrKOPH0Fb+tmYanbvb9NAIMapGpAiH5fUC0Qk/GA
T/MpCxH989MMeNNK4GYD1Yiak6KeZNHMttnb2Luy9fPRQYN010gM9kiKmdD/3JLe
tegSyUEsf0roPhKbxIGSTB5otp1yU3RLEV5x10JyyHPVv78twDWfdbabfwFg/s1f
WZZDVWWIxC/LFzpBBnARII5jQz5jTiA/WjfyyAgnKbfKqSU8LLUwFWGZIisFRSzS
-----END CERTIFICATE-----