Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS212503.roa
File:                     AS212503.roa (raw, json)
Hash identifier:          qogv1qI0vTK6/h+wuUjdxWEJijG3xQRO9+P/kRv0hts=
Subject key identifier:   43:F2:9F:2F:4E:D8:61:0E:26:93:83:4B:A9:9E:5B:93:21:77:DE:26
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       71BB8D9BB4BE92FB07E72B26CB907035FE692B7B
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS212503.roa
Signing time:             Sat 13 Sep 2025 02:22:32 +0000
ROA not before:           Sat 13 Sep 2025 02:17:32 +0000
ROA not after:            Sat 12 Sep 2026 02:22:32 +0000
asID:                     212503
IP address blocks:        2a0f:85c1:d42::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 16 Sep 2025 08:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:bb:8d:9b:b4:be:92:fb:07:e7:2b:26:cb:90:70:35:fe:69:2b:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Sep 13 02:17:32 2025 GMT
            Not After : Sep 12 02:22:32 2026 GMT
        Subject: CN=43F29F2F4ED8610E2693834BA99E5B932177DE26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:68:f2:f5:41:c3:2d:66:1a:9c:d1:da:ae:69:
                    72:d7:11:21:24:b7:7b:73:30:40:ad:1d:6f:09:31:
                    87:5e:9a:1c:fd:5e:0d:c7:98:3e:02:3e:d0:b6:14:
                    5b:4d:d7:eb:3f:49:34:22:ab:89:b0:ce:55:d7:7d:
                    28:b5:50:cc:22:e2:3b:d9:2b:d6:f7:e8:97:4d:9e:
                    15:b8:9a:61:87:4e:ac:82:ec:21:ef:43:e1:bf:cf:
                    ef:a7:76:29:78:d9:03:79:46:38:f6:4c:48:5e:8e:
                    f3:f9:a8:1d:3b:02:f7:7d:53:a2:99:a8:51:eb:db:
                    4d:33:03:20:c7:e6:ff:2f:bc:81:ef:a8:c4:5e:d3:
                    61:b9:37:e3:3c:75:61:d9:cc:3e:f5:83:52:f7:55:
                    1d:93:fc:51:e5:89:cb:38:fc:d1:24:2f:00:6d:2c:
                    0b:83:97:98:01:84:b8:a7:90:82:4b:fa:f2:ec:61:
                    81:6a:4a:3b:62:97:c3:b6:31:ac:e3:e2:3c:c8:e4:
                    7a:21:45:30:0e:ff:bb:7a:d3:31:35:e3:ba:d3:c3:
                    fd:3a:4c:68:ae:30:1a:9c:29:3b:c7:a4:f5:3f:56:
                    6f:d3:59:1b:20:4c:fa:00:e9:4d:8b:58:53:d1:f0:
                    a7:ea:80:aa:fb:e0:e9:ca:6e:87:e7:6e:60:5e:ce:
                    1c:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:F2:9F:2F:4E:D8:61:0E:26:93:83:4B:A9:9E:5B:93:21:77:DE:26
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS212503.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:d42::/48

    Signature Algorithm: sha256WithRSAEncryption
         b8:69:b4:fa:74:18:77:7f:61:4a:b2:10:a3:67:8e:22:b8:8b:
         72:bc:79:d7:15:1d:bf:8b:f6:a5:c4:a7:12:19:b5:e4:e2:10:
         6c:5b:40:0a:7a:a6:79:05:9f:ad:55:c8:a7:96:29:8e:77:75:
         2d:f5:e4:5c:81:15:b6:7f:23:97:06:20:28:71:62:8d:73:3e:
         0e:55:1d:8f:7b:79:07:98:47:22:2c:d4:63:61:b8:f9:4f:05:
         be:4f:37:34:3f:fe:37:c6:47:a1:cb:f9:38:64:54:c4:34:26:
         af:ac:45:a7:25:40:c5:27:99:e0:e4:02:01:ce:ef:ef:96:b6:
         b8:88:c6:6c:c8:01:64:d8:ac:eb:b7:69:f7:cf:ab:00:5e:33:
         9a:9f:49:a0:20:63:28:a2:68:29:1f:b7:3d:e8:a5:da:c2:01:
         f1:16:95:3c:77:fd:cf:1d:9b:90:21:48:30:3d:49:1d:28:fe:
         ca:1c:14:66:06:35:03:35:5a:de:2b:61:d6:cc:25:6a:04:84:
         40:c0:76:31:1d:0a:6d:ca:27:05:5c:00:a2:64:c8:0b:86:92:
         c7:22:d3:23:d3:9c:8a:0c:0b:45:93:93:73:45:8e:21:20:bd:
         26:3c:6c:30:75:cd:56:43:a7:52:58:f8:65:2e:5a:fb:d7:00:
         74:b7:ae:a0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUcbuNm7S+kvsH5ysmy5BwNf5pK3swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA5MTMwMjE3MzJaFw0yNjA5MTIwMjIyMzJaMDMxMTAvBgNV
BAMTKDQzRjI5RjJGNEVEODYxMEUyNjkzODM0QkE5OUU1QjkzMjE3N0RFMjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkaPL1QcMtZhqc0dquaXLXESEk
t3tzMECtHW8JMYdemhz9Xg3HmD4CPtC2FFtN1+s/STQiq4mwzlXXfSi1UMwi4jvZ
K9b36JdNnhW4mmGHTqyC7CHvQ+G/z++ndil42QN5Rjj2TEhejvP5qB07Avd9U6KZ
qFHr200zAyDH5v8vvIHvqMRe02G5N+M8dWHZzD71g1L3VR2T/FHlics4/NEkLwBt
LAuDl5gBhLinkIJL+vLsYYFqSjtil8O2Mazj4jzI5HohRTAO/7t60zE147rTw/06
TGiuMBqcKTvHpPU/Vm/TWRsgTPoA6U2LWFPR8KfqgKr74OnKbofnbmBezhzPAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUQ/KfL07YYQ4mk4NLqZ5bkyF33iYwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEyNTAzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQ1CMA0GCSqGSIb3DQEBCwUAA4IBAQC4abT6dBh3f2FKshCjZ44iuItyvHnXFR2/
i/alxKcSGbXk4hBsW0AKeqZ5BZ+tVcinlimOd3Ut9eRcgRW2fyOXBiAocWKNcz4O
VR2Pe3kHmEciLNRjYbj5TwW+Tzc0P/43xkehy/k4ZFTENCavrEWnJUDFJ5ng5AIB
zu/vlra4iMZsyAFk2Kzrt2n3z6sAXjOan0mgIGMoomgpH7c96KXawgHxFpU8d/3P
HZuQIUgwPUkdKP7KHBRmBjUDNVreK2HWzCVqBIRAwHYxHQptyicFXACiZMgLhpLH
ItMj05yKDAtFk5NzRY4hIL0mPGwwdc1WQ6dSWPhlLlr71wB0t66g
-----END CERTIFICATE-----