Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS210202.roa
File:                     AS210202.roa (raw, json)
Hash identifier:          JZtpozIt96iLS10hBGD1lkOGfxw3fulVHm/kftvcaO0=
Subject key identifier:   8B:C7:92:45:4F:11:5A:46:27:4A:83:13:1B:B4:A3:1A:EE:8F:5F:16
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       0DA36565AB47BA6609E16C7C5D194FD8B7DBC0E3
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS210202.roa
Signing time:             Fri 26 Jun 2026 08:08:39 +0000
ROA not before:           Fri 26 Jun 2026 08:03:39 +0000
ROA not after:            Fri 25 Jun 2027 08:08:39 +0000
asID:                     210202
IP address blocks:        2a0f:85c1:50::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 20:30:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:a3:65:65:ab:47:ba:66:09:e1:6c:7c:5d:19:4f:d8:b7:db:c0:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jun 26 08:03:39 2026 GMT
            Not After : Jun 25 08:08:39 2027 GMT
        Subject: CN=8BC792454F115A46274A83131BB4A31AEE8F5F16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:d8:f1:10:bf:8a:97:bb:7e:cc:ed:c6:93:fb:
                    2a:00:f6:30:26:0b:9a:27:87:7f:d3:9b:51:37:60:
                    e5:91:8a:8a:05:cd:c8:4e:9d:00:95:a1:8f:e7:e5:
                    05:a5:c4:90:28:0e:8e:15:43:10:97:6f:db:27:71:
                    c2:53:cb:e6:dc:f9:fa:32:7f:10:5f:78:1b:33:9e:
                    4b:f4:41:6a:7a:92:32:ff:f5:30:43:6c:92:a3:3f:
                    ee:76:75:22:7a:73:01:98:07:73:0d:9d:d0:ad:b4:
                    2b:a8:c6:57:96:bb:f5:6d:a2:c6:d5:90:df:3f:53:
                    72:72:d6:28:08:59:dd:c4:b8:5e:bb:ec:0a:96:75:
                    f2:a9:2f:71:41:08:53:a3:14:31:d1:f4:74:b0:ea:
                    6f:5f:e0:35:02:5c:16:f0:39:40:cf:12:fa:68:9d:
                    95:c9:db:3b:f3:2a:72:06:ab:ab:cf:94:ab:de:a9:
                    bb:66:d6:ca:fc:87:d1:2c:09:74:e7:ce:b8:62:a5:
                    49:fb:5c:10:98:e2:39:9a:76:37:e2:1e:ef:40:d6:
                    e4:51:30:6e:c5:55:0f:eb:fe:e2:74:93:06:3a:76:
                    63:a5:91:2b:01:9d:f1:e4:1b:b9:30:bb:be:b5:67:
                    f6:05:c1:c0:f0:17:00:c5:fe:ee:b5:ca:ba:fa:ef:
                    44:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:C7:92:45:4F:11:5A:46:27:4A:83:13:1B:B4:A3:1A:EE:8F:5F:16
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS210202.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:50::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:95:55:51:e7:7c:92:68:b3:d1:3c:c9:17:ab:cb:8e:a4:e9:
         86:d4:5a:35:a6:00:ce:90:7c:c3:b0:68:7e:a5:10:53:13:f0:
         4b:ac:0d:a8:cf:84:c7:12:42:30:3a:e8:75:ac:42:62:6b:3e:
         f5:80:7e:bb:8f:61:ae:f0:05:eb:32:54:38:d8:20:8b:8a:e0:
         0c:e6:5e:81:32:dc:88:6f:32:af:6a:f4:53:7e:4e:2e:c7:b8:
         6b:2d:ca:f4:85:3d:c0:2d:6e:5c:e7:9e:ed:cc:33:a1:fa:e5:
         23:4b:89:50:8e:c2:6f:8c:79:b5:aa:62:d0:dc:2f:bc:55:85:
         cb:d7:e2:d5:72:ad:3d:93:14:0e:6f:ba:a6:8c:e1:df:29:b4:
         8d:68:4f:67:7b:ac:97:d7:d9:da:ee:f7:4f:e8:c8:47:d2:9c:
         4e:d9:7f:af:3a:ef:6a:e6:ae:89:c5:f9:06:d2:fc:9b:66:3b:
         90:21:d2:82:44:53:f5:c5:fa:61:24:5a:2c:fe:1e:3d:94:59:
         09:a5:40:a9:55:5e:0a:b0:17:09:ce:c7:6e:23:cd:4d:ee:92:
         48:ab:de:c1:43:a3:1f:84:10:02:17:9b:1b:2a:f3:e2:37:7d:
         f0:b4:08:b0:86:52:a0:cc:40:3f:58:d9:78:66:de:b1:05:3b:
         80:bc:94:92
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUDaNlZatHumYJ4Wx8XRlP2LfbwOMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjA2MjYwODAzMzlaFw0yNzA2MjUwODA4MzlaMDMxMTAvBgNV
BAMTKDhCQzc5MjQ1NEYxMTVBNDYyNzRBODMxMzFCQjRBMzFBRUU4RjVGMTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDL2PEQv4qXu37M7caT+yoA9jAm
C5onh3/Tm1E3YOWRiooFzchOnQCVoY/n5QWlxJAoDo4VQxCXb9snccJTy+bc+foy
fxBfeBsznkv0QWp6kjL/9TBDbJKjP+52dSJ6cwGYB3MNndCttCuoxleWu/VtosbV
kN8/U3Jy1igIWd3EuF677AqWdfKpL3FBCFOjFDHR9HSw6m9f4DUCXBbwOUDPEvpo
nZXJ2zvzKnIGq6vPlKveqbtm1sr8h9EsCXTnzrhipUn7XBCY4jmadjfiHu9A1uRR
MG7FVQ/r/uJ0kwY6dmOlkSsBnfHkG7kwu761Z/YFwcDwFwDF/u61yrr670QzAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUi8eSRU8RWkYnSoMTG7SjGu6PXxYwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEwMjAyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQBQMA0GCSqGSIb3DQEBCwUAA4IBAQCNlVVR53ySaLPRPMkXq8uOpOmG1Fo1pgDO
kHzDsGh+pRBTE/BLrA2oz4THEkIwOuh1rEJiaz71gH67j2Gu8AXrMlQ42CCLiuAM
5l6BMtyIbzKvavRTfk4ux7hrLcr0hT3ALW5c557tzDOh+uUjS4lQjsJvjHm1qmLQ
3C+8VYXL1+LVcq09kxQOb7qmjOHfKbSNaE9ne6yX19na7vdP6MhH0pxO2X+vOu9q
5q6JxfkG0vybZjuQIdKCRFP1xfphJFos/h49lFkJpUCpVV4KsBcJzsduI81N7pJI
q97BQ6MfhBACF5sbKvPiN33wtAiwhlKgzEA/WNl4Zt6xBTuAvJSS
-----END CERTIFICATE-----
Generated at Wed Jul 1 02:35:55 2026 by rpki-client