Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS212477.roa
File:                     AS212477.roa (raw, json)
Hash identifier:          uypxsN123js5XOZfsvPdVTDkSYI/DT/pTSY5PrevY50=
Subject key identifier:   00:7E:43:E5:3F:35:AB:34:96:50:1C:A8:92:62:7B:3E:B7:2C:8C:7B
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       2A22ED89AB34FE65025A33284E960CBAC8B4D4F2
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS212477.roa
Signing time:             Wed 03 Jun 2026 15:53:43 +0000
ROA not before:           Wed 03 Jun 2026 15:48:43 +0000
ROA not after:            Wed 02 Jun 2027 15:53:43 +0000
asID:                     212477
IP address blocks:        178.83.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:22:ed:89:ab:34:fe:65:02:5a:33:28:4e:96:0c:ba:c8:b4:d4:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  3 15:48:43 2026 GMT
            Not After : Jun  2 15:53:43 2027 GMT
        Subject: CN=007E43E53F35AB3496501CA892627B3EB72C8C7B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:00:3e:84:e7:4b:0b:e8:50:69:f0:0f:c5:1b:
                    fe:24:83:1b:55:92:9a:89:e9:a5:9a:9b:15:b8:05:
                    42:52:ee:0d:0d:35:22:09:50:f7:0d:26:bd:fa:fd:
                    f3:85:83:d8:ef:3f:4d:a4:21:ca:94:dc:dc:bd:09:
                    39:db:12:d2:3c:8b:8e:de:38:6c:55:eb:17:9c:1e:
                    a2:22:50:a1:7c:57:01:c2:5c:5b:3b:8f:ed:ce:f9:
                    1c:21:ed:db:b5:6e:f3:2a:af:a5:80:1b:11:f6:f0:
                    e9:44:1d:02:49:c2:b9:95:29:76:3d:b4:3c:52:70:
                    d3:b7:59:2c:0d:a3:c7:ea:77:17:af:11:98:51:b9:
                    68:75:86:a9:1c:e5:a1:eb:f1:f5:f0:d2:dc:15:f4:
                    1e:6e:22:6b:9d:ff:c6:b3:bd:36:29:a2:9c:3f:e9:
                    e4:d9:bc:2e:d6:0b:b3:c7:54:eb:30:b7:e9:1a:7e:
                    29:b2:1b:1d:85:b2:6f:0f:4a:fb:41:6b:dc:55:11:
                    8a:33:69:53:f6:62:a2:f9:46:d6:9a:c4:ca:02:7b:
                    29:9d:dd:cf:0a:41:68:bc:6b:33:c9:72:72:93:60:
                    ec:18:5d:ee:7e:a1:1a:36:3b:d1:c5:9b:80:3c:92:
                    06:68:8d:09:c6:4b:95:3a:9a:56:8f:ef:b2:7d:df:
                    61:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:7E:43:E5:3F:35:AB:34:96:50:1C:A8:92:62:7B:3E:B7:2C:8C:7B
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS212477.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.83.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:b1:5f:dc:5b:2d:56:a1:4b:b3:f2:67:11:5b:6e:ed:9f:86:
         4b:ae:1d:15:3b:08:44:ad:d4:c5:80:4f:69:41:12:76:1c:15:
         47:d8:3e:60:02:fd:b3:fb:a5:49:99:b6:2e:01:2d:8c:86:de:
         cd:b2:a5:74:ea:8c:65:a3:af:3c:0b:14:dc:2e:56:82:f6:e2:
         ae:fb:04:ac:06:d2:e2:f9:f6:5d:c3:de:2f:e1:3e:94:c7:a5:
         8a:e7:9b:dc:af:0f:04:f6:01:3b:82:b3:ac:8e:5b:ab:b9:3e:
         7c:e4:23:1b:db:c0:a7:8f:0f:33:b5:55:40:a1:a3:e3:6f:76:
         39:14:0f:7b:a8:33:fb:87:cd:a7:48:87:7f:3b:62:5f:4c:ec:
         1a:64:dc:5f:03:15:ba:49:45:5f:63:e5:89:b8:7b:bd:69:f8:
         fd:ec:da:4b:1e:de:9b:23:7f:ff:44:e4:5e:84:b2:70:ea:b1:
         e5:b0:b0:23:ce:96:b5:80:e0:03:1d:f4:f7:9a:6f:4f:c9:6d:
         85:0e:8d:8a:d3:05:30:13:ed:8d:58:1e:f3:b8:12:3b:e9:09:
         f2:f3:b9:fe:ac:7c:bf:d4:51:1f:33:6d:44:2a:8d:54:c9:1d:
         97:40:a9:7a:65:8f:7f:e2:4b:52:e9:41:58:cd:9c:85:9b:3a:
         5a:de:14:f6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUKiLtias0/mUCWjMoTpYMusi01PIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA2MDMxNTQ4NDNaFw0yNzA2MDIxNTUzNDNaMDMxMTAvBgNV
BAMTKDAwN0U0M0U1M0YzNUFCMzQ5NjUwMUNBODkyNjI3QjNFQjcyQzhDN0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeAD6E50sL6FBp8A/FG/4kgxtV
kpqJ6aWamxW4BUJS7g0NNSIJUPcNJr36/fOFg9jvP02kIcqU3Ny9CTnbEtI8i47e
OGxV6xecHqIiUKF8VwHCXFs7j+3O+Rwh7du1bvMqr6WAGxH28OlEHQJJwrmVKXY9
tDxScNO3WSwNo8fqdxevEZhRuWh1hqkc5aHr8fXw0twV9B5uImud/8azvTYpopw/
6eTZvC7WC7PHVOswt+kafimyGx2Fsm8PSvtBa9xVEYozaVP2YqL5RtaaxMoCeymd
3c8KQWi8azPJcnKTYOwYXe5+oRo2O9HFm4A8kgZojQnGS5U6mlaP77J932GfAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUAH5D5T81qzSWUByokmJ7PrcsjHswHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjEyNDc3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAslNw
MA0GCSqGSIb3DQEBCwUAA4IBAQAksV/cWy1WoUuz8mcRW27tn4ZLrh0VOwhErdTF
gE9pQRJ2HBVH2D5gAv2z+6VJmbYuAS2Mht7NsqV06oxlo688CxTcLlaC9uKu+wSs
BtLi+fZdw94v4T6Ux6WK55vcrw8E9gE7grOsjluruT585CMb28Cnjw8ztVVAoaPj
b3Y5FA97qDP7h82nSId/O2JfTOwaZNxfAxW6SUVfY+WJuHu9afj97NpLHt6bI3//
RORehLJw6rHlsLAjzpa1gOADHfT3mm9PyW2FDo2K0wUwE+2NWB7zuBI76Qny87n+
rHy/1FEfM21EKo1UyR2XQKl6ZY9/4ktS6UFYzZyFmzpa3hT2
-----END CERTIFICATE-----