Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS216338.roa
File:                     AS216338.roa (raw, json)
Hash identifier:          Wc4PCw/xIo/TSEhOO75CO9BeDVPcS51HxnM7FJh4hh4=
Subject key identifier:   CB:5B:61:06:CA:C0:6D:B0:B3:14:4D:7A:01:5C:BA:09:B1:9C:97:C6
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4E40BA3CF3C44B3747B4AD8AA903450F144F0C6E
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS216338.roa
Signing time:             Sun 28 Jun 2026 17:48:45 +0000
ROA not before:           Sun 28 Jun 2026 17:43:45 +0000
ROA not after:            Sun 27 Jun 2027 17:48:45 +0000
asID:                     216338
IP address blocks:        191.101.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Jul 2026 07:32:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:40:ba:3c:f3:c4:4b:37:47:b4:ad:8a:a9:03:45:0f:14:4f:0c:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 28 17:43:45 2026 GMT
            Not After : Jun 27 17:48:45 2027 GMT
        Subject: CN=CB5B6106CAC06DB0B3144D7A015CBA09B19C97C6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:46:a7:6a:cd:46:65:34:ac:65:2d:0d:81:de:
                    cc:2d:01:90:8c:58:ba:ba:b5:f8:12:63:7d:9b:d6:
                    de:c9:66:f5:41:7a:69:72:85:d5:8d:cb:a3:24:65:
                    6d:10:0e:6e:f5:de:8a:2f:fa:88:f5:2e:d0:c6:07:
                    71:d4:3b:1f:d0:46:8c:fa:15:bd:14:b4:92:36:d3:
                    46:c6:d6:e7:3f:ee:a4:6c:d5:dc:a6:63:55:44:62:
                    a9:87:94:3a:66:9b:0b:c0:b6:ea:83:ee:3e:7b:02:
                    36:0d:02:0c:1c:dd:61:1f:9b:37:17:5b:0d:65:de:
                    e9:30:eb:26:f6:ad:bc:dc:68:8a:55:12:db:47:db:
                    98:23:af:3b:d1:d0:6c:7e:91:c2:00:16:28:e1:96:
                    e1:01:c5:04:70:4b:0c:55:f4:f6:d8:7a:9f:dd:2f:
                    df:51:c0:65:6c:0a:7a:c6:18:40:6d:86:65:b1:05:
                    01:31:2e:cb:80:cf:d2:81:86:bf:43:45:31:a8:9a:
                    90:c5:34:2f:78:dd:ac:c3:74:3b:cb:05:13:5b:5f:
                    e2:0c:a2:b6:7f:78:64:ce:11:48:da:f0:a7:60:f7:
                    ae:fd:5a:ee:18:40:b1:24:94:02:31:6c:3a:3c:5b:
                    53:e5:c7:d3:aa:0e:d9:16:13:80:c2:fb:2f:90:77:
                    89:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:5B:61:06:CA:C0:6D:B0:B3:14:4D:7A:01:5C:BA:09:B1:9C:97:C6
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS216338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:d1:cc:13:a1:03:3c:07:f1:cd:51:d1:22:59:1a:38:3b:9c:
         74:a5:c3:9d:3a:1f:86:45:a0:2e:48:e4:5b:c8:04:a6:f0:13:
         7b:9a:5e:69:5d:91:19:5d:39:1f:43:e1:ec:36:84:72:1a:69:
         e2:35:f0:5f:6a:5c:54:5e:a4:fa:07:f4:f8:23:f1:ab:e9:8b:
         ed:35:ff:1d:7c:cc:87:93:2e:49:7f:4d:2d:3f:7a:fd:62:7d:
         59:31:ba:1f:38:03:b8:e0:6a:ff:97:18:db:35:7d:ab:d3:68:
         18:3e:8c:73:99:7d:09:1b:fa:ee:38:9f:e0:8c:56:aa:d6:bc:
         f7:28:c8:12:cf:72:56:58:40:04:34:c3:55:f5:83:d4:50:29:
         f0:48:21:4f:5c:0e:24:d8:b5:76:b0:6d:9d:dc:73:dd:20:87:
         85:8d:58:21:13:42:61:93:1d:7b:d0:3d:00:0d:14:a5:ec:9d:
         c5:91:67:ee:6d:0c:9a:80:d3:a8:9e:4e:ed:75:ff:7b:0a:3b:
         6d:a8:1b:33:64:0b:83:80:19:85:be:be:b0:4d:ba:fa:f0:d7:
         3c:16:e6:70:50:ed:d8:90:80:84:a3:79:e1:e8:83:ea:33:ab:
         e8:85:c1:7a:e8:57:74:58:e0:b0:d3:39:a9:ab:54:51:4d:f0:
         ee:73:f4:58
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUTkC6PPPESzdHtK2KqQNFDxRPDG4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA2MjgxNzQzNDVaFw0yNzA2MjcxNzQ4NDVaMDMxMTAvBgNV
BAMTKENCNUI2MTA2Q0FDMDZEQjBCMzE0NEQ3QTAxNUNCQTA5QjE5Qzk3QzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNRqdqzUZlNKxlLQ2B3swtAZCM
WLq6tfgSY32b1t7JZvVBemlyhdWNy6MkZW0QDm713oov+oj1LtDGB3HUOx/QRoz6
Fb0UtJI200bG1uc/7qRs1dymY1VEYqmHlDpmmwvAtuqD7j57AjYNAgwc3WEfmzcX
Ww1l3ukw6yb2rbzcaIpVEttH25gjrzvR0Gx+kcIAFijhluEBxQRwSwxV9PbYep/d
L99RwGVsCnrGGEBthmWxBQExLsuAz9KBhr9DRTGompDFNC943azDdDvLBRNbX+IM
orZ/eGTOEUja8Kdg9679Wu4YQLEklAIxbDo8W1Plx9OqDtkWE4DC+y+Qd4kLAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUy1thBsrAbbCzFE16AVy6CbGcl8YwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE2MzM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2Vl
MA0GCSqGSIb3DQEBCwUAA4IBAQCU0cwToQM8B/HNUdEiWRo4O5x0pcOdOh+GRaAu
SORbyASm8BN7ml5pXZEZXTkfQ+HsNoRyGmniNfBfalxUXqT6B/T4I/Gr6YvtNf8d
fMyHky5Jf00tP3r9Yn1ZMbofOAO44Gr/lxjbNX2r02gYPoxzmX0JG/ruOJ/gjFaq
1rz3KMgSz3JWWEAENMNV9YPUUCnwSCFPXA4k2LV2sG2d3HPdIIeFjVghE0Jhkx17
0D0ADRSl7J3FkWfubQyagNOonk7tdf97CjttqBszZAuDgBmFvr6wTbr68Nc8FuZw
UO3YkICEo3nh6IPqM6vohcF66Fd0WOCw0zmpq1RRTfDuc/RY
-----END CERTIFICATE-----
Generated at Sun Jul 19 16:40:13 2026 by rpki-client