Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS216276.roa
File:                     AS216276.roa (raw, json)
Hash identifier:          wkEQuX50q4tBLFWPIOWN0HsCb3WIzYVyBNjnV/DO8iY=
Subject key identifier:   21:6C:BD:24:93:E6:F5:60:D7:B4:42:E0:2E:01:19:C5:88:DD:C9:AA
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       0DD11087B31F879B9C895361E0EB32E23B9C9DE4
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS216276.roa
Signing time:             Tue 07 Oct 2025 11:03:18 +0000
ROA not before:           Tue 07 Oct 2025 10:58:18 +0000
ROA not after:            Tue 06 Oct 2026 11:03:18 +0000
asID:                     216276
IP address blocks:        2a0f:85c1:ceb::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:d1:10:87:b3:1f:87:9b:9c:89:53:61:e0:eb:32:e2:3b:9c:9d:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Oct  7 10:58:18 2025 GMT
            Not After : Oct  6 11:03:18 2026 GMT
        Subject: CN=216CBD2493E6F560D7B442E02E0119C588DDC9AA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d6:e3:f7:08:41:e4:5e:01:ab:56:84:6d:db:
                    10:ac:a7:5f:0d:60:ae:95:09:53:48:77:33:ff:a1:
                    36:7c:21:26:ff:2a:c7:91:dc:bf:75:c3:ee:64:ec:
                    9d:be:ac:ab:be:5d:24:ec:c2:11:2a:f1:a1:90:ab:
                    82:6c:fb:b7:92:96:e1:21:4a:61:4b:d6:67:88:d2:
                    9e:a5:7f:d7:01:7e:6c:47:91:f5:55:1f:6b:05:33:
                    d5:08:95:b2:bd:8b:ab:5a:a0:e7:63:a8:7b:d0:6b:
                    d7:20:e0:01:93:a9:3a:ce:bb:7e:b7:55:29:2e:de:
                    77:be:af:fc:b1:98:40:52:19:1c:73:84:7b:e7:72:
                    53:c4:29:62:0b:19:7c:fb:97:02:32:e0:8f:e7:e6:
                    06:5b:b0:7f:39:b5:bb:bd:52:6d:4b:d7:72:17:dc:
                    1d:b9:4e:44:a7:78:b2:c7:68:81:48:5d:9c:e3:72:
                    fe:6c:7a:88:33:18:01:cd:0d:36:a4:fe:34:15:cb:
                    04:14:c3:e1:95:77:71:fb:f6:b7:9a:44:62:59:cf:
                    aa:c8:14:85:e2:df:e8:ef:93:83:ba:1f:a4:de:04:
                    9e:37:c8:34:25:93:26:e2:c1:c1:01:2b:80:66:c1:
                    7f:34:cd:2f:47:a6:b7:d1:e6:c0:85:b4:f5:79:1b:
                    ba:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:6C:BD:24:93:E6:F5:60:D7:B4:42:E0:2E:01:19:C5:88:DD:C9:AA
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS216276.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:ceb::/48

    Signature Algorithm: sha256WithRSAEncryption
         8a:e6:b8:5f:65:e3:11:a8:31:8b:d7:05:68:4e:48:81:f4:12:
         a3:fd:d4:b0:30:22:41:e1:e6:40:12:23:30:43:c5:02:72:7a:
         c5:3b:b8:79:8c:b2:d7:de:94:f6:81:28:ad:a4:fd:37:93:76:
         35:16:5a:46:67:5e:23:50:5b:e6:47:e9:4c:1f:34:41:99:8f:
         19:eb:12:9d:a8:29:ab:44:8c:f2:a6:a5:b2:a6:9a:ae:b1:28:
         b0:61:5d:70:e0:e8:30:0e:f5:50:35:9a:bc:47:33:c0:e9:3e:
         1d:1b:9d:fe:4d:75:d9:cf:5a:63:09:7d:e1:1c:86:6a:55:cd:
         68:41:bb:7f:11:38:d6:f5:eb:9a:ac:a3:2c:69:fa:86:74:26:
         0e:ae:e8:ac:af:53:78:1d:12:99:1f:3f:fa:76:3d:c1:e0:ec:
         aa:0d:aa:1b:10:cd:7e:e8:2d:7f:01:bf:37:a4:02:4b:7d:9d:
         b2:89:4b:0c:6e:d5:35:a0:a3:c1:56:18:d4:93:91:ad:19:36:
         de:45:65:5e:6b:8c:2e:cb:b3:b8:69:94:3f:1e:cb:d1:21:5d:
         03:c7:99:e4:1d:c3:e8:30:f9:a3:d5:4b:5f:9a:04:21:8d:a2:
         fe:49:3d:84:10:d4:8c:b0:9c:20:c0:97:0e:78:60:d0:1d:c2:
         95:bc:88:95
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUDdEQh7Mfh5uciVNh4Osy4jucneQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTEwMDcxMDU4MThaFw0yNjEwMDYxMTAzMThaMDMxMTAvBgNV
BAMTKDIxNkNCRDI0OTNFNkY1NjBEN0I0NDJFMDJFMDExOUM1ODhEREM5QUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCz1uP3CEHkXgGrVoRt2xCsp18N
YK6VCVNIdzP/oTZ8ISb/KseR3L91w+5k7J2+rKu+XSTswhEq8aGQq4Js+7eSluEh
SmFL1meI0p6lf9cBfmxHkfVVH2sFM9UIlbK9i6taoOdjqHvQa9cg4AGTqTrOu363
VSku3ne+r/yxmEBSGRxzhHvnclPEKWILGXz7lwIy4I/n5gZbsH85tbu9Um1L13IX
3B25TkSneLLHaIFIXZzjcv5seogzGAHNDTak/jQVywQUw+GVd3H79reaRGJZz6rI
FIXi3+jvk4O6H6TeBJ43yDQlkybiwcEBK4BmwX80zS9HprfR5sCFtPV5G7rdAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUIWy9JJPm9WDXtELgLgEZxYjdyaowHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE2Mjc2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQzrMA0GCSqGSIb3DQEBCwUAA4IBAQCK5rhfZeMRqDGL1wVoTkiB9BKj/dSwMCJB
4eZAEiMwQ8UCcnrFO7h5jLLX3pT2gSitpP03k3Y1FlpGZ14jUFvmR+lMHzRBmY8Z
6xKdqCmrRIzypqWyppqusSiwYV1w4OgwDvVQNZq8RzPA6T4dG53+TXXZz1pjCX3h
HIZqVc1oQbt/ETjW9euarKMsafqGdCYOruisr1N4HRKZHz/6dj3B4OyqDaobEM1+
6C1/Ab83pAJLfZ2yiUsMbtU1oKPBVhjUk5GtGTbeRWVea4wuy7O4aZQ/HsvRIV0D
x5nkHcPoMPmj1UtfmgQhjaL+ST2EENSMsJwgwJcOeGDQHcKVvIiV
-----END CERTIFICATE-----