Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS216307.roa
File:                     AS216307.roa (raw, json)
Hash identifier:          lcswV8uN5//Asgd+byaw625KGxWGS8O/AceLOBEF8pk=
Subject key identifier:   DF:5E:38:37:24:BB:B2:E0:43:95:00:3E:CB:EC:DA:BB:91:59:BC:8E
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       408B419278A3BCD28E0C0C49CADE4A90D6E6452F
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS216307.roa
Signing time:             Thu 05 Feb 2026 17:20:02 +0000
ROA not before:           Thu 05 Feb 2026 17:15:02 +0000
ROA not after:            Thu 04 Feb 2027 17:20:02 +0000
asID:                     216307
IP address blocks:        82.29.109.0/24 maxlen: 24
                          2a13:9500:62::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 18 Feb 2026 16:10:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:8b:41:92:78:a3:bc:d2:8e:0c:0c:49:ca:de:4a:90:d6:e6:45:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Feb  5 17:15:02 2026 GMT
            Not After : Feb  4 17:20:02 2027 GMT
        Subject: CN=DF5E383724BBB2E04395003ECBECDABB9159BC8E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:a2:ff:ff:12:79:ff:fe:dd:90:61:60:f4:c3:
                    a3:f6:fd:0c:6a:28:35:64:6d:ff:90:6f:5c:f9:fa:
                    ee:f8:8e:17:47:00:35:d8:e4:5b:b3:6d:51:d0:81:
                    86:8c:08:e8:6a:54:fb:03:4a:51:18:25:3d:1f:cb:
                    7c:d8:fe:c3:c0:55:5e:c9:d5:9d:71:32:d4:82:74:
                    7f:2a:aa:19:71:a9:0b:9f:f2:f9:d3:94:54:73:34:
                    e4:d7:fe:41:46:79:e5:f9:10:0d:bf:2b:e9:ad:4f:
                    7e:8d:51:9b:04:46:34:02:d0:06:a7:4f:27:de:1b:
                    df:57:ae:41:ce:3a:94:30:05:93:1a:89:a7:d2:1f:
                    fe:99:b3:3c:96:7e:ed:b9:35:5f:b5:84:e0:ae:68:
                    3c:8e:dc:d7:2f:77:04:d0:19:e6:c8:65:81:3e:5d:
                    91:4f:e8:11:ee:5b:c6:a2:af:64:7e:0a:4b:31:98:
                    dc:5e:d4:4b:20:b8:1f:70:7d:c4:f8:97:b9:62:31:
                    0c:91:d5:a4:97:32:d0:5e:b1:a5:b3:f7:15:7c:0e:
                    85:71:06:1a:81:fd:02:c5:c9:a3:7f:97:35:47:90:
                    27:83:c0:8a:57:c2:b0:e1:16:fe:bc:52:16:d1:70:
                    08:bb:b7:9f:41:54:a0:6f:dd:bc:19:fa:c1:d8:af:
                    e7:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:5E:38:37:24:BB:B2:E0:43:95:00:3E:CB:EC:DA:BB:91:59:BC:8E
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS216307.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.29.109.0/24
                IPv6:
                  2a13:9500:62::/48

    Signature Algorithm: sha256WithRSAEncryption
         0e:be:b4:26:fc:77:c7:03:e3:08:13:fd:da:6f:5c:7a:8b:9a:
         13:d9:e4:d5:aa:df:a2:08:95:23:65:c6:2d:69:fe:de:fb:12:
         61:5b:74:84:3e:12:8f:73:55:5b:6f:02:b1:3e:05:14:9b:17:
         3f:c2:20:e6:4d:e7:3d:80:1b:7b:cd:e4:7d:41:d8:0b:c4:2b:
         91:30:b7:0f:65:04:42:90:18:19:00:a0:c4:3b:23:c8:bb:a3:
         96:f5:d8:5a:d2:17:1c:77:a7:36:28:03:ca:bb:a0:71:d1:2e:
         2a:b7:90:d1:74:03:5b:73:00:b2:bd:57:f8:2a:2c:3d:a8:22:
         49:4a:46:40:71:b6:54:28:01:86:49:10:55:a8:d8:c2:63:1a:
         96:f5:13:56:30:cf:9d:f8:55:be:64:4a:90:fd:d5:bd:ac:26:
         8f:bc:70:36:82:20:e2:32:a0:2b:60:c9:05:d4:73:11:4f:e7:
         ba:b1:fe:f5:3e:ea:56:1f:94:af:ea:d4:b7:f5:21:05:b4:f1:
         60:b7:eb:0d:be:b6:a3:65:98:89:7a:60:80:0b:bc:ca:cd:fa:
         92:06:a3:77:72:6e:b7:da:bb:f8:fc:13:86:9e:04:08:74:88:
         08:e6:aa:2e:04:5c:3d:10:0c:93:c8:94:bb:d9:ed:44:18:55:
         56:8a:d3:3d
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIUQItBknijvNKODAxJyt5KkNbmRS8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAyMDUxNzE1MDJaFw0yNzAyMDQxNzIwMDJaMDMxMTAvBgNV
BAMTKERGNUUzODM3MjRCQkIyRTA0Mzk1MDAzRUNCRUNEQUJCOTE1OUJDOEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRov//Enn//t2QYWD0w6P2/Qxq
KDVkbf+Qb1z5+u74jhdHADXY5FuzbVHQgYaMCOhqVPsDSlEYJT0fy3zY/sPAVV7J
1Z1xMtSCdH8qqhlxqQuf8vnTlFRzNOTX/kFGeeX5EA2/K+mtT36NUZsERjQC0Aan
TyfeG99XrkHOOpQwBZMaiafSH/6ZszyWfu25NV+1hOCuaDyO3NcvdwTQGebIZYE+
XZFP6BHuW8air2R+CksxmNxe1EsguB9wfcT4l7liMQyR1aSXMtBesaWz9xV8DoVx
BhqB/QLFyaN/lzVHkCeDwIpXwrDhFv68UhbRcAi7t59BVKBv3bwZ+sHYr+frAgMB
AAGjggIbMIICFzAdBgNVHQ4EFgQU3144NyS7suBDlQA+y+zau5FZvI4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE2MzA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAUh1t
MA8EAgACMAkDBwAqE5UAAGIwDQYJKoZIhvcNAQELBQADggEBAA6+tCb8d8cD4wgT
/dpvXHqLmhPZ5NWq36IIlSNlxi1p/t77EmFbdIQ+Eo9zVVtvArE+BRSbFz/CIOZN
5z2AG3vN5H1B2AvEK5Ewtw9lBEKQGBkAoMQ7I8i7o5b12FrSFxx3pzYoA8q7oHHR
Liq3kNF0A1tzALK9V/gqLD2oIklKRkBxtlQoAYZJEFWo2MJjGpb1E1Ywz534Vb5k
SpD91b2sJo+8cDaCIOIyoCtgyQXUcxFP57qx/vU+6lYflK/q1Lf1IQW08WC36w2+
tqNlmIl6YIALvMrN+pIGo3dybrfau/j8E4aeBAh0iAjmqi4EXD0QDJPIlLvZ7UQY
VVaK0z0=
-----END CERTIFICATE-----