Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS216069.roa
File:                     AS216069.roa (raw, json)
Hash identifier:          2sKg3C9eFA4oF44s2BQdWo0un36AO8rX5hsniR8sjH4=
Subject key identifier:   B6:87:83:6F:90:05:78:C8:49:3B:A2:C7:3B:D5:21:00:F8:6C:04:04
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       0B8DD6A77DD77E5357777321D6CFD6354C55D8E9
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS216069.roa
Signing time:             Tue 02 Sep 2025 16:37:07 +0000
ROA not before:           Tue 02 Sep 2025 16:32:07 +0000
ROA not after:            Tue 01 Sep 2026 16:37:07 +0000
asID:                     216069
IP address blocks:        2a0f:85c1:d3b::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 20:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:8d:d6:a7:7d:d7:7e:53:57:77:73:21:d6:cf:d6:35:4c:55:d8:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Sep  2 16:32:07 2025 GMT
            Not After : Sep  1 16:37:07 2026 GMT
        Subject: CN=B687836F900578C8493BA2C73BD52100F86C0404
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:9a:ca:68:23:00:c5:c4:c4:c4:41:4d:db:b0:
                    a3:35:5a:5e:25:3e:36:5a:6f:ee:ac:35:aa:f8:e9:
                    1f:70:3c:25:cf:ec:aa:a5:29:e1:86:f5:21:bd:90:
                    de:23:6c:1d:cc:c2:9d:1a:4c:cc:e7:89:c4:96:c9:
                    01:e9:86:86:aa:51:44:10:4c:6b:31:e9:96:a8:d5:
                    8b:7b:30:5f:b0:0d:a2:50:d1:85:4e:e9:a3:11:f1:
                    1d:6e:49:4f:80:22:99:2a:bc:5f:b9:f7:c6:8b:0d:
                    b5:90:c5:00:e4:55:0a:1b:d1:52:ba:f0:ba:1d:35:
                    2a:23:f8:ca:fe:fe:f4:07:a0:70:ba:e4:d9:61:bf:
                    be:52:9e:00:bf:5d:7b:de:0a:02:3e:42:e5:aa:05:
                    db:15:88:cd:80:91:e5:59:ba:7d:26:4b:e1:1f:49:
                    96:6d:37:00:9c:88:6b:83:f1:13:cc:78:16:c1:03:
                    fd:47:9f:8f:00:01:07:8a:cc:69:22:6c:49:ba:0c:
                    09:65:3d:93:34:6f:f0:99:38:8b:a8:7b:fe:8f:d5:
                    c2:6a:26:06:92:ae:6d:2f:bb:9b:02:2f:6f:51:41:
                    05:83:57:af:91:cd:32:b9:c8:39:eb:b0:e3:09:7a:
                    b5:c4:a3:a0:1a:3d:06:a6:33:54:2a:b6:f9:01:af:
                    55:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:87:83:6F:90:05:78:C8:49:3B:A2:C7:3B:D5:21:00:F8:6C:04:04
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS216069.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:d3b::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:83:b1:01:77:12:27:03:50:de:f9:07:15:64:84:44:64:e4:
         cd:17:52:53:bf:59:1c:5f:b2:b6:9f:11:78:56:d9:73:24:39:
         f1:d8:0c:32:94:fe:e0:4c:51:0d:0a:71:6f:d4:5d:74:d1:91:
         8f:3e:dc:87:d9:a2:3e:cd:50:44:25:30:01:ae:6e:15:70:62:
         3d:07:fe:de:60:d8:75:7e:bf:44:b5:a8:07:e8:ca:b9:b2:1a:
         02:59:a5:79:2b:cd:c1:5a:45:07:3a:7e:01:5d:16:71:85:86:
         1e:c5:fd:6a:cd:1a:97:5a:6b:40:6b:4c:33:3d:83:17:12:d5:
         2d:09:cc:a7:28:4e:56:66:a4:fa:98:9e:c2:f3:c8:14:9a:f2:
         c4:33:b0:f3:fc:64:ce:09:4d:f9:fc:71:c6:61:08:8f:9f:21:
         3f:74:7d:e3:4b:2b:70:86:aa:e3:78:82:bb:54:f7:35:14:b3:
         5b:4a:8a:ca:73:b6:3a:a0:37:9b:77:a1:9d:46:40:f4:19:44:
         79:08:09:c5:6a:ec:c4:ad:b4:7f:ca:96:1a:09:18:15:0e:de:
         cb:d1:17:81:33:30:ad:f8:bd:c8:67:50:72:c2:1e:7b:28:ba:
         cb:71:ac:c1:37:94:97:15:ab:a2:5b:23:0c:cd:92:1d:88:2b:
         f0:ce:3b:5d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUC43Wp33XflNXd3Mh1s/WNUxV2OkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA5MDIxNjMyMDdaFw0yNjA5MDExNjM3MDdaMDMxMTAvBgNV
BAMTKEI2ODc4MzZGOTAwNTc4Qzg0OTNCQTJDNzNCRDUyMTAwRjg2QzA0MDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNmspoIwDFxMTEQU3bsKM1Wl4l
PjZab+6sNar46R9wPCXP7KqlKeGG9SG9kN4jbB3Mwp0aTMznicSWyQHphoaqUUQQ
TGsx6Zao1Yt7MF+wDaJQ0YVO6aMR8R1uSU+AIpkqvF+598aLDbWQxQDkVQob0VK6
8LodNSoj+Mr+/vQHoHC65Nlhv75SngC/XXveCgI+QuWqBdsViM2AkeVZun0mS+Ef
SZZtNwCciGuD8RPMeBbBA/1Hn48AAQeKzGkibEm6DAllPZM0b/CZOIuoe/6P1cJq
JgaSrm0vu5sCL29RQQWDV6+RzTK5yDnrsOMJerXEo6AaPQamM1QqtvkBr1UBAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUtoeDb5AFeMhJO6LHO9UhAPhsBAQwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE2MDY5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQ07MA0GCSqGSIb3DQEBCwUAA4IBAQBqg7EBdxInA1De+QcVZIREZOTNF1JTv1kc
X7K2nxF4VtlzJDnx2AwylP7gTFENCnFv1F100ZGPPtyH2aI+zVBEJTABrm4VcGI9
B/7eYNh1fr9EtagH6Mq5shoCWaV5K83BWkUHOn4BXRZxhYYexf1qzRqXWmtAa0wz
PYMXEtUtCcynKE5WZqT6mJ7C88gUmvLEM7Dz/GTOCU35/HHGYQiPnyE/dH3jSytw
hqrjeIK7VPc1FLNbSorKc7Y6oDebd6GdRkD0GUR5CAnFauzErbR/ypYaCRgVDt7L
0ReBMzCt+L3IZ1Bywh57KLrLcazBN5SXFauiWyMMzZIdiCvwzjtd
-----END CERTIFICATE-----