Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS216326.roa
File:                     AS216326.roa (raw, json)
Hash identifier:          xO6MSeheYU3cZXm90mQwO+kHyAl8+kQM/hD8O/wvVSU=
Subject key identifier:   61:CB:3D:5C:44:78:CA:57:7D:02:85:37:B8:1C:A8:CE:F6:0F:C4:2D
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       411B8CCDDEC5192D5A809DE9307F304BE97A81AD
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS216326.roa
Signing time:             Tue 15 Apr 2025 00:48:41 +0000
ROA not before:           Tue 15 Apr 2025 00:43:41 +0000
ROA not after:            Tue 14 Apr 2026 00:48:41 +0000
asID:                     216326
IP address blocks:        2a0f:85c1:c11::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:1b:8c:cd:de:c5:19:2d:5a:80:9d:e9:30:7f:30:4b:e9:7a:81:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Apr 15 00:43:41 2025 GMT
            Not After : Apr 14 00:48:41 2026 GMT
        Subject: CN=61CB3D5C4478CA577D028537B81CA8CEF60FC42D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:e4:b1:8f:ea:9e:c8:ca:f6:6b:4a:d1:b4:ba:
                    83:d5:04:96:88:cb:7c:bb:cc:77:3f:4e:a0:30:48:
                    c1:27:e9:e5:87:c7:72:21:56:8a:57:62:3e:88:3a:
                    59:d1:b3:f1:50:b7:b0:6f:c2:a0:2f:97:92:f6:31:
                    5e:a2:b6:f5:43:a4:00:6c:d5:ce:31:98:f6:29:40:
                    2c:71:4e:1c:92:1d:c4:bd:b5:31:a0:92:bb:f4:7f:
                    ca:c3:d1:88:33:a4:c7:a4:f5:20:54:46:20:f0:e0:
                    3d:05:85:c5:ce:99:ad:b6:10:73:29:b2:73:56:82:
                    c7:f2:85:ca:39:84:8a:94:c3:79:04:59:13:7f:c1:
                    85:9d:3f:84:13:71:ee:c9:05:7f:5e:1d:19:cb:8c:
                    d7:8c:c1:32:e7:d3:71:b8:27:60:fa:d1:04:4e:9e:
                    92:15:f3:ff:57:8a:54:57:af:7f:45:45:d0:80:22:
                    b8:7f:f2:fe:e6:b4:f0:66:51:bc:83:05:1b:8f:86:
                    bc:f0:8d:39:28:fd:0b:b1:a8:af:f2:8d:b9:46:83:
                    21:92:5f:40:05:ef:42:35:53:90:cb:ea:7b:0c:f6:
                    86:2a:2b:b2:88:00:4b:23:6f:29:6d:8d:2f:79:cd:
                    b6:1a:d0:a3:97:e1:04:f5:03:e5:bb:64:ff:a4:47:
                    57:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:CB:3D:5C:44:78:CA:57:7D:02:85:37:B8:1C:A8:CE:F6:0F:C4:2D
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS216326.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:c11::/48

    Signature Algorithm: sha256WithRSAEncryption
         b3:07:31:0e:bd:f2:4f:51:eb:df:bb:e0:dd:15:11:ad:c3:d6:
         7d:8b:f1:38:46:25:c5:f1:b8:e2:ac:b9:03:21:be:ee:68:19:
         dd:dc:07:aa:e4:d2:2e:8b:4f:f5:95:75:ee:d3:a9:b6:7b:19:
         2f:aa:28:af:ee:c0:30:2f:12:ff:17:3d:5d:01:5d:33:ca:57:
         51:19:86:42:b5:40:82:45:6a:2a:47:9d:2b:1c:9e:3b:41:c2:
         6b:7d:32:f6:11:a6:d2:03:9b:ae:4f:af:25:0c:cf:7b:77:00:
         08:5c:9f:21:d9:a9:ce:0c:34:68:81:aa:6b:3f:d8:b9:80:29:
         51:5e:2c:ee:c1:5a:19:6c:ff:e3:52:63:a4:e1:d1:14:91:8c:
         fa:58:9e:db:44:58:ec:ff:ef:38:e6:c0:d2:e3:79:8d:ae:61:
         a4:a5:aa:35:59:8f:a1:40:60:c1:d0:93:6e:aa:78:1d:bf:db:
         57:66:0f:dd:c7:92:9e:f7:94:cb:f9:10:93:ab:35:d2:09:b4:
         08:bb:64:a0:64:e9:cc:75:f1:74:73:cf:7f:c1:dd:c2:05:3c:
         30:5a:3c:db:0f:89:21:16:a7:b1:88:df:a7:72:d4:9d:b8:2c:
         93:f1:20:49:28:2e:45:55:d7:5b:f0:21:1f:94:15:db:ea:97:
         3f:9c:bd:72
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUQRuMzd7FGS1agJ3pMH8wS+l6ga0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA0MTUwMDQzNDFaFw0yNjA0MTQwMDQ4NDFaMDMxMTAvBgNV
BAMTKDYxQ0IzRDVDNDQ3OENBNTc3RDAyODUzN0I4MUNBOENFRjYwRkM0MkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC25LGP6p7IyvZrStG0uoPVBJaI
y3y7zHc/TqAwSMEn6eWHx3IhVopXYj6IOlnRs/FQt7BvwqAvl5L2MV6itvVDpABs
1c4xmPYpQCxxThySHcS9tTGgkrv0f8rD0YgzpMek9SBURiDw4D0FhcXOma22EHMp
snNWgsfyhco5hIqUw3kEWRN/wYWdP4QTce7JBX9eHRnLjNeMwTLn03G4J2D60QRO
npIV8/9XilRXr39FRdCAIrh/8v7mtPBmUbyDBRuPhrzwjTko/QuxqK/yjblGgyGS
X0AF70I1U5DL6nsM9oYqK7KIAEsjbyltjS95zbYa0KOX4QT1A+W7ZP+kR1fDAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUYcs9XER4yld9AoU3uByozvYPxC0wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE2MzI2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQwRMA0GCSqGSIb3DQEBCwUAA4IBAQCzBzEOvfJPUevfu+DdFRGtw9Z9i/E4RiXF
8bjirLkDIb7uaBnd3Aeq5NIui0/1lXXu06m2exkvqiiv7sAwLxL/Fz1dAV0zyldR
GYZCtUCCRWoqR50rHJ47QcJrfTL2EabSA5uuT68lDM97dwAIXJ8h2anODDRogapr
P9i5gClRXizuwVoZbP/jUmOk4dEUkYz6WJ7bRFjs/+845sDS43mNrmGkpao1WY+h
QGDB0JNuqngdv9tXZg/dx5Ke95TL+RCTqzXSCbQIu2SgZOnMdfF0c89/wd3CBTww
WjzbD4khFqexiN+nctSduCyT8SBJKC5FVddb8CEflBXb6pc/nL1y
-----END CERTIFICATE-----