Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS216044.roa
File:                     AS216044.roa (raw, json)
Hash identifier:          /F3k3DiTFhYiDZwp3cb2fVfoHOzcQPezBGvfOHQ6N4o=
Subject key identifier:   A2:DB:0B:02:87:36:E9:11:22:3A:8D:F7:EB:02:32:0D:35:A5:A3:4C
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       659C7E538C032E17E7BD31382FCF9BE199FE0F2C
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS216044.roa
Signing time:             Mon 08 Sep 2025 11:34:09 +0000
ROA not before:           Mon 08 Sep 2025 11:29:09 +0000
ROA not after:            Mon 07 Sep 2026 11:34:09 +0000
asID:                     216044
IP address blocks:        2a14:7580:ffa0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 23:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:9c:7e:53:8c:03:2e:17:e7:bd:31:38:2f:cf:9b:e1:99:fe:0f:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Sep  8 11:29:09 2025 GMT
            Not After : Sep  7 11:34:09 2026 GMT
        Subject: CN=A2DB0B028736E911223A8DF7EB02320D35A5A34C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:ea:88:3f:98:af:32:d0:20:26:f7:b1:e7:87:
                    6a:5c:c4:5c:f3:74:46:b5:71:37:57:58:4c:2a:3a:
                    be:e4:38:b1:7a:92:05:44:4e:c6:c3:fb:64:b1:ca:
                    60:6c:16:08:2f:70:b6:72:10:a7:36:a4:b0:11:d2:
                    59:98:c0:d0:fb:78:d2:6e:4b:90:36:d0:d9:db:35:
                    56:4e:22:bc:e6:f8:85:37:40:af:fc:21:ad:92:39:
                    ca:50:c7:9e:11:a3:c1:37:f7:99:08:e6:ee:0b:6f:
                    63:4d:c6:89:d0:3f:16:c3:67:4e:4b:d9:1a:c3:d7:
                    d4:21:2e:58:34:37:43:cb:b5:ec:bf:8a:64:2e:b7:
                    86:9d:46:92:5f:fd:73:45:60:75:01:ad:62:3f:06:
                    ed:3a:ca:4b:67:d0:74:41:39:40:77:3f:20:2a:5d:
                    58:b1:35:43:66:05:4f:02:68:e2:17:92:e4:b0:7f:
                    89:d9:a4:d8:65:ad:fe:e0:b8:a7:5f:42:cf:88:22:
                    28:02:3c:a3:ce:b2:25:3d:fd:bf:80:c2:dd:e3:bd:
                    8d:1d:95:55:16:b7:bf:01:a1:4a:c1:b8:32:a9:6f:
                    66:55:32:2a:0c:d6:37:98:75:6b:5d:a2:a3:e9:87:
                    e9:07:73:91:1b:44:83:68:77:e5:16:88:19:73:08:
                    ec:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:DB:0B:02:87:36:E9:11:22:3A:8D:F7:EB:02:32:0D:35:A5:A3:4C
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS216044.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:ffa0::/44

    Signature Algorithm: sha256WithRSAEncryption
         2c:39:46:f5:c2:fa:80:4b:3a:91:79:94:52:7b:2a:eb:e4:d2:
         d6:a5:e5:a6:f7:b3:b9:cc:36:a4:0a:6d:44:f0:5c:f9:83:53:
         16:f5:e3:6a:65:2b:f4:14:31:f5:34:9f:e3:3d:18:17:84:bb:
         8e:0b:0c:7e:e9:ba:ba:8a:6e:ac:aa:92:d3:59:da:fa:be:76:
         85:a1:ae:a2:8b:a1:e4:bc:f5:bb:13:4a:eb:0e:37:27:ac:c3:
         ce:3b:06:27:86:4c:62:17:85:9b:bb:56:15:f4:55:2a:cf:c7:
         59:06:36:f1:a0:de:ef:93:4a:83:cd:9e:82:6d:54:f3:8d:5a:
         46:93:2d:d9:90:cd:78:65:d3:2e:17:b2:16:62:2c:69:46:ca:
         13:31:68:22:3d:5c:19:7e:aa:69:aa:4b:a6:d3:20:59:8f:be:
         c7:05:a2:f5:5a:e6:00:e2:fc:2c:d9:51:75:1d:ec:d4:74:8f:
         15:a3:35:7e:0f:01:7f:02:52:45:5f:60:3e:37:f1:89:2e:47:
         f3:2b:0d:b6:2a:af:a0:06:f5:0d:d0:ce:c0:89:82:aa:84:d5:
         35:6c:db:2e:28:63:47:19:f2:ea:70:7f:15:89:f2:b8:2c:8a:
         4f:2a:88:93:e7:88:5e:4f:65:08:ea:b9:4c:89:f8:0d:f9:9b:
         3e:6d:78:d7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUZZx+U4wDLhfnvTE4L8+b4Zn+DywwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTA5MDgxMTI5MDlaFw0yNjA5MDcxMTM0MDlaMDMxMTAvBgNV
BAMTKEEyREIwQjAyODczNkU5MTEyMjNBOERGN0VCMDIzMjBEMzVBNUEzNEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDx6og/mK8y0CAm97Hnh2pcxFzz
dEa1cTdXWEwqOr7kOLF6kgVETsbD+2SxymBsFggvcLZyEKc2pLAR0lmYwND7eNJu
S5A20NnbNVZOIrzm+IU3QK/8Ia2SOcpQx54Ro8E395kI5u4Lb2NNxonQPxbDZ05L
2RrD19QhLlg0N0PLtey/imQut4adRpJf/XNFYHUBrWI/Bu06yktn0HRBOUB3PyAq
XVixNUNmBU8CaOIXkuSwf4nZpNhlrf7guKdfQs+IIigCPKPOsiU9/b+Awt3jvY0d
lVUWt78BoUrBuDKpb2ZVMioM1jeYdWtdoqPph+kHc5EbRINod+UWiBlzCOwTAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUotsLAoc26REiOo336wIyDTWlo0wwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjE2MDQ0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhR1
gP+gMA0GCSqGSIb3DQEBCwUAA4IBAQAsOUb1wvqASzqReZRSeyrr5NLWpeWm97O5
zDakCm1E8Fz5g1MW9eNqZSv0FDH1NJ/jPRgXhLuOCwx+6bq6im6sqpLTWdr6vnaF
oa6ii6HkvPW7E0rrDjcnrMPOOwYnhkxiF4Wbu1YV9FUqz8dZBjbxoN7vk0qDzZ6C
bVTzjVpGky3ZkM14ZdMuF7IWYixpRsoTMWgiPVwZfqppqkum0yBZj77HBaL1WuYA
4vws2VF1HezUdI8VozV+DwF/AlJFX2A+N/GJLkfzKw22Kq+gBvUN0M7AiYKqhNU1
bNsuKGNHGfLqcH8VifK4LIpPKoiT54heT2UI6rlMifgN+Zs+bXjX
-----END CERTIFICATE-----