Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS212388.roa
File:                     AS212388.roa (raw, json)
Hash identifier:          leq4P3mEYG1JV6z72xsLUKMmasrCpHZ0OVnBUWggJ+8=
Subject key identifier:   D8:F9:AA:60:66:8D:72:7F:B1:B9:7F:C8:8F:89:BE:5D:91:42:09:E7
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       11959D7BA3D4CD1FA4AE67A0BF6412FEE490BCDC
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS212388.roa
Signing time:             Fri 30 Jan 2026 13:27:55 +0000
ROA not before:           Fri 30 Jan 2026 13:22:55 +0000
ROA not after:            Fri 29 Jan 2027 13:27:55 +0000
asID:                     212388
IP address blocks:        2a14:7580:e00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Feb 2026 12:15:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:95:9d:7b:a3:d4:cd:1f:a4:ae:67:a0:bf:64:12:fe:e4:90:bc:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Jan 30 13:22:55 2026 GMT
            Not After : Jan 29 13:27:55 2027 GMT
        Subject: CN=D8F9AA60668D727FB1B97FC88F89BE5D914209E7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:46:29:84:47:cf:66:50:3b:76:e1:b1:43:0b:
                    21:3e:de:6b:e0:83:e7:b5:01:2d:f6:ae:59:27:32:
                    06:68:44:a4:2d:10:c9:31:74:9b:19:87:4a:83:18:
                    32:6a:3f:87:81:27:59:6a:8a:41:f6:62:0d:94:bf:
                    c2:52:b1:11:52:bd:16:b2:0c:1b:9b:db:fc:f6:10:
                    9f:a3:33:77:84:a1:7c:8a:b4:af:07:85:35:f8:65:
                    9a:01:81:d1:61:fd:2a:30:ab:91:8a:11:ac:df:c7:
                    95:6e:bf:c0:06:01:8f:5f:48:1c:e2:ea:ce:af:e8:
                    35:f9:cb:33:2d:c2:35:07:30:b7:e5:87:45:51:8c:
                    48:7b:23:87:63:a7:fa:04:77:48:7d:69:29:c2:2c:
                    c7:c2:2d:ee:f3:7a:e5:3b:b3:96:e7:d8:df:c2:f1:
                    3a:17:71:36:55:0b:9a:b5:26:c2:43:31:52:fa:4c:
                    b7:ea:12:2d:34:cd:25:5d:9f:36:4f:23:1a:f0:84:
                    74:63:27:ae:33:ba:00:b9:e8:e4:4c:a0:28:a0:85:
                    dd:2a:c6:f0:12:a8:fd:c4:27:c3:a8:1a:7a:32:c8:
                    8b:d9:21:1f:ee:a7:b1:60:14:5f:e2:9d:7b:ab:fb:
                    3e:d8:51:25:da:48:1b:d8:ab:4b:c5:c6:f4:fb:9f:
                    20:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:F9:AA:60:66:8D:72:7F:B1:B9:7F:C8:8F:89:BE:5D:91:42:09:E7
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS212388.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:e00::/40

    Signature Algorithm: sha256WithRSAEncryption
         2e:8d:1c:9f:3d:0b:df:a6:a8:0c:07:c8:4d:e9:53:2b:03:04:
         8e:71:79:6b:08:81:6c:58:6c:59:b9:bb:e6:ce:82:bb:41:1c:
         89:54:99:ef:04:21:cb:cc:7e:1e:24:b0:05:5d:fb:13:47:14:
         1f:c6:15:6f:1d:b8:d1:58:9b:4c:6e:ed:e5:93:ce:d7:28:d0:
         d7:54:21:eb:0d:7a:2c:31:3b:0c:3b:ca:a7:4b:3b:c2:2d:93:
         44:80:dc:2c:7f:d7:f8:26:ad:37:b1:8f:74:00:0e:a1:4a:92:
         50:4c:a6:06:5d:f5:de:e3:6a:8f:04:b8:2c:2e:34:b1:2d:03:
         86:1e:d9:36:fe:99:b4:41:a1:36:0c:17:98:ae:15:c2:36:53:
         29:c2:75:06:55:af:e1:55:d5:c4:49:db:d7:12:03:bb:6e:9c:
         c5:1e:99:da:29:2e:f7:51:72:c2:ad:a8:64:be:b5:5a:f5:54:
         74:9b:af:d8:eb:95:d2:4d:8e:6f:20:f5:ae:f3:6f:c8:e1:22:
         f4:0e:e0:9d:24:fc:47:78:19:e0:ac:6b:47:a7:43:00:22:5d:
         0b:fd:b0:bb:ad:fd:24:4d:e4:9b:c6:a7:10:74:91:e4:73:c7:
         6a:cb:6c:fb:71:f2:72:83:4f:34:b3:88:0b:bf:c6:ba:c1:37:
         71:cf:2c:04
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUEZWde6PUzR+krmegv2QS/uSQvNwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjAxMzAxMzIyNTVaFw0yNzAxMjkxMzI3NTVaMDMxMTAvBgNV
BAMTKEQ4RjlBQTYwNjY4RDcyN0ZCMUI5N0ZDODhGODlCRTVEOTE0MjA5RTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoRimER89mUDt24bFDCyE+3mvg
g+e1AS32rlknMgZoRKQtEMkxdJsZh0qDGDJqP4eBJ1lqikH2Yg2Uv8JSsRFSvRay
DBub2/z2EJ+jM3eEoXyKtK8HhTX4ZZoBgdFh/Sowq5GKEazfx5Vuv8AGAY9fSBzi
6s6v6DX5yzMtwjUHMLflh0VRjEh7I4djp/oEd0h9aSnCLMfCLe7zeuU7s5bn2N/C
8ToXcTZVC5q1JsJDMVL6TLfqEi00zSVdnzZPIxrwhHRjJ64zugC56ORMoCighd0q
xvASqP3EJ8OoGnoyyIvZIR/up7FgFF/inXur+z7YUSXaSBvYq0vFxvT7nyAlAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQU2PmqYGaNcn+xuX/Ij4m+XZFCCecwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjEyMzg4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhR1
gA4wDQYJKoZIhvcNAQELBQADggEBAC6NHJ89C9+mqAwHyE3pUysDBI5xeWsIgWxY
bFm5u+bOgrtBHIlUme8EIcvMfh4ksAVd+xNHFB/GFW8duNFYm0xu7eWTztco0NdU
IesNeiwxOww7yqdLO8Itk0SA3Cx/1/gmrTexj3QADqFKklBMpgZd9d7jao8EuCwu
NLEtA4Ye2Tb+mbRBoTYMF5iuFcI2UynCdQZVr+FV1cRJ29cSA7tunMUemdopLvdR
csKtqGS+tVr1VHSbr9jrldJNjm8g9a7zb8jhIvQO4J0k/Ed4GeCsa0enQwAiXQv9
sLut/SRN5JvGpxB0keRzx2rLbPtx8nKDTzSziAu/xrrBN3HPLAQ=
-----END CERTIFICATE-----