Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS210940.roa
File:                     AS210940.roa (raw, json)
Hash identifier:          U0IL/ASc4Ca24VasiY6FovRx6q5TuOwN/Z/46J3lDZQ=
Subject key identifier:   98:E2:86:23:23:A6:23:E7:19:F1:AB:3E:4D:FB:80:F5:3B:A9:1B:8C
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       1678C51C95230C51A9D7D3545A45F86D5B9BD419
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS210940.roa
Signing time:             Thu 05 Mar 2026 13:08:28 +0000
ROA not before:           Thu 05 Mar 2026 13:03:28 +0000
ROA not after:            Thu 04 Mar 2027 13:08:28 +0000
asID:                     210940
IP address blocks:        2a0f:85c1:bfb::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 16:05:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:78:c5:1c:95:23:0c:51:a9:d7:d3:54:5a:45:f8:6d:5b:9b:d4:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Mar  5 13:03:28 2026 GMT
            Not After : Mar  4 13:08:28 2027 GMT
        Subject: CN=98E2862323A623E719F1AB3E4DFB80F53BA91B8C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ac:8d:0a:0a:1b:f5:b6:ce:10:c4:35:6e:32:
                    64:a1:9a:4a:bf:d6:77:a1:13:9e:89:88:b0:3b:c7:
                    9b:02:a4:bc:67:3a:3c:91:d1:69:af:40:ec:b1:36:
                    73:33:21:a7:03:59:8c:65:6c:e7:ee:f9:6e:14:92:
                    d2:11:32:43:7d:68:a4:e7:75:6c:31:e8:84:52:15:
                    7f:30:5a:3d:ed:05:c4:f7:73:5a:27:4f:a0:d9:b5:
                    26:a8:0a:21:75:10:d4:76:4d:29:6f:30:56:1e:6a:
                    d3:33:cb:6d:80:75:5e:23:21:7e:25:e9:e0:21:01:
                    3a:e6:dc:95:d3:fd:4a:19:bf:a5:af:4d:38:1d:68:
                    bb:d5:6f:9d:c5:2d:94:d3:4e:b1:af:56:0d:a3:0e:
                    f8:97:63:23:75:37:f7:1c:e3:51:29:3c:2c:44:b6:
                    ff:d9:cd:88:ad:36:66:02:5a:5d:75:af:bf:7e:96:
                    af:42:19:38:0a:e1:6b:c9:1f:88:66:ca:78:d9:0e:
                    41:d7:0d:e7:08:1e:e7:ec:98:b4:7c:d6:48:9a:44:
                    87:89:1e:15:8e:23:a3:79:ec:21:64:57:0e:e5:c7:
                    04:62:38:69:1f:73:fb:7e:1a:7c:33:f1:4e:6a:7e:
                    b7:ac:7e:d5:a5:c0:40:fd:06:5c:cc:91:19:4a:93:
                    c2:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:E2:86:23:23:A6:23:E7:19:F1:AB:3E:4D:FB:80:F5:3B:A9:1B:8C
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS210940.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:bfb::/48

    Signature Algorithm: sha256WithRSAEncryption
         01:ad:bc:b9:44:fc:41:ee:d0:dc:97:8d:d8:35:37:0e:e1:a3:
         30:bb:16:6c:b6:7d:e1:cb:16:ff:74:9a:e7:2f:dc:11:dc:46:
         9a:21:aa:bd:e2:bb:d7:a3:70:50:f4:28:c8:c6:79:92:37:6e:
         c6:c3:0d:d3:a9:0a:dd:2d:06:ea:22:d1:5d:3b:b1:a8:5c:53:
         8d:b6:07:19:db:18:b5:bf:ef:f5:03:68:c7:1e:cd:fa:0d:63:
         18:02:f6:81:4b:a2:96:7b:1f:1d:46:85:34:dd:10:f9:bb:0c:
         0e:89:26:5c:64:ba:dc:f4:16:bc:9f:10:9e:2d:da:7f:06:ba:
         c3:f6:67:91:3b:de:24:68:1b:b5:e3:19:c9:22:f0:ec:db:ce:
         82:45:22:35:ac:95:36:70:ae:09:89:23:81:25:d2:66:84:df:
         0f:94:62:d3:b2:33:8d:92:78:c0:02:6e:8e:96:42:d8:23:37:
         c4:0b:4a:98:f8:42:54:d7:8a:f2:99:8e:0a:4f:23:fa:53:44:
         a8:79:ae:e0:da:d8:65:81:11:5b:bc:4f:6c:02:25:db:f7:ed:
         d1:d3:c5:6c:0e:77:58:9f:e5:93:b7:59:12:7f:84:bc:09:00:
         2a:dd:d9:11:95:1c:05:f5:5e:db:df:51:ce:08:a6:5b:bb:79:
         ae:46:83:d5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUFnjFHJUjDFGp19NUWkX4bVub1BkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjAzMDUxMzAzMjhaFw0yNzAzMDQxMzA4MjhaMDMxMTAvBgNV
BAMTKDk4RTI4NjIzMjNBNjIzRTcxOUYxQUIzRTRERkI4MEY1M0JBOTFCOEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvrI0KChv1ts4QxDVuMmShmkq/
1nehE56JiLA7x5sCpLxnOjyR0WmvQOyxNnMzIacDWYxlbOfu+W4UktIRMkN9aKTn
dWwx6IRSFX8wWj3tBcT3c1onT6DZtSaoCiF1ENR2TSlvMFYeatMzy22AdV4jIX4l
6eAhATrm3JXT/UoZv6WvTTgdaLvVb53FLZTTTrGvVg2jDviXYyN1N/cc41EpPCxE
tv/ZzYitNmYCWl11r79+lq9CGTgK4WvJH4hmynjZDkHXDecIHufsmLR81kiaRIeJ
HhWOI6N57CFkVw7lxwRiOGkfc/t+Gnwz8U5qfresftWlwED9BlzMkRlKk8JjAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUmOKGIyOmI+cZ8as+TfuA9TupG4wwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEwOTQwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQv7MA0GCSqGSIb3DQEBCwUAA4IBAQABrby5RPxB7tDcl43YNTcO4aMwuxZstn3h
yxb/dJrnL9wR3EaaIaq94rvXo3BQ9CjIxnmSN27Gww3TqQrdLQbqItFdO7GoXFON
tgcZ2xi1v+/1A2jHHs36DWMYAvaBS6KWex8dRoU03RD5uwwOiSZcZLrc9Ba8nxCe
Ldp/BrrD9meRO94kaBu14xnJIvDs286CRSI1rJU2cK4JiSOBJdJmhN8PlGLTsjON
knjAAm6OlkLYIzfEC0qY+EJU14rymY4KTyP6U0Soea7g2thlgRFbvE9sAiXb9+3R
08VsDndYn+WTt1kSf4S8CQAq3dkRlRwF9V7b31HOCKZbu3muRoPV
-----END CERTIFICATE-----