Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS211440.roa
File:                     AS211440.roa (raw, json)
Hash identifier:          3oNZ5ewNv8Sbvz6XFvWIN8nGmcyTKLTYxvYVuMnKbJE=
Subject key identifier:   97:A4:58:ED:5B:42:A5:54:12:2D:E6:15:CE:F7:64:0D:E7:6D:11:69
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       453BC95EFA1ECCD047AF936454F71F60B56910BD
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS211440.roa
Signing time:             Sat 16 May 2026 01:47:13 +0000
ROA not before:           Sat 16 May 2026 01:42:13 +0000
ROA not after:            Sat 15 May 2027 01:47:13 +0000
asID:                     211440
IP address blocks:        141.11.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:3b:c9:5e:fa:1e:cc:d0:47:af:93:64:54:f7:1f:60:b5:69:10:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May 16 01:42:13 2026 GMT
            Not After : May 15 01:47:13 2027 GMT
        Subject: CN=97A458ED5B42A554122DE615CEF7640DE76D1169
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:22:17:03:51:d8:ff:43:f2:a5:8a:fe:6c:be:
                    c5:6f:f2:9e:2e:84:62:7f:35:08:c3:5d:74:f9:63:
                    08:5d:fe:be:b6:04:4e:bf:3c:3c:fe:60:ac:99:ad:
                    5d:69:76:35:50:19:41:4b:c4:9a:a5:32:70:69:b9:
                    da:31:27:c6:57:d6:1c:33:c6:6c:12:01:2c:85:4d:
                    49:48:16:26:c9:15:e1:db:6b:b5:e6:31:4f:15:90:
                    48:a5:26:f2:1e:0c:df:a6:c9:13:39:86:f7:ba:f4:
                    5c:4d:62:a8:f1:12:f4:26:9b:b4:98:e8:b9:9b:d7:
                    85:e5:a2:7f:eb:9c:31:e8:e5:cd:48:7e:f9:bf:c6:
                    dc:1e:41:e8:26:e0:81:c9:85:70:f5:0f:82:51:8e:
                    61:8e:66:98:1e:ef:42:2c:a4:52:4d:83:2c:52:b4:
                    41:a0:ac:ec:fb:60:53:35:e6:96:2a:eb:5e:68:e6:
                    f2:a6:75:71:d1:c4:e8:1a:b4:b8:c2:1e:04:f5:dc:
                    b9:2a:a3:6e:b3:15:c5:6e:88:51:eb:0b:a9:5e:e0:
                    50:b6:e0:c8:4f:5b:74:b0:62:bb:a6:8c:18:83:d3:
                    7a:d2:88:24:d5:e9:80:16:af:18:9c:26:43:f9:ba:
                    f5:91:34:69:82:8a:d3:81:59:e4:5f:63:7d:22:8f:
                    e5:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:A4:58:ED:5B:42:A5:54:12:2D:E6:15:CE:F7:64:0D:E7:6D:11:69
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS211440.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:c0:3f:90:78:f9:81:bb:73:4c:24:a6:4a:42:a4:eb:ef:30:
         30:d4:c5:34:58:24:67:e2:9f:f3:71:84:54:80:13:4c:7b:a2:
         22:83:c2:a8:cb:1d:e9:b4:e3:18:34:f0:00:6e:30:39:aa:bc:
         52:89:eb:e0:ca:19:6f:84:af:ef:ab:38:48:6c:24:72:d5:3f:
         53:30:0e:a5:b7:9d:e4:de:98:2f:44:5b:ff:3b:77:ea:25:9f:
         55:db:b0:a9:00:ab:2f:43:5d:2c:bc:49:13:0a:01:6d:60:09:
         6c:00:7b:63:6d:0e:f7:5d:34:0a:4f:85:bb:c5:d6:d8:1d:57:
         92:b2:66:5c:45:b5:ff:c9:63:38:43:11:fb:96:ab:9e:cf:c8:
         2e:6a:15:c9:a4:fa:1c:15:e3:08:c8:26:6f:44:a7:2b:88:cc:
         92:f7:22:f6:4e:e9:21:4e:e7:dd:80:1b:0b:29:54:69:c9:77:
         d3:de:19:ba:e0:69:3d:59:dc:8c:48:6b:43:97:ee:a4:65:69:
         43:15:33:79:fd:0c:7c:0e:35:dc:f4:25:b2:85:eb:f4:f6:24:
         31:64:81:9b:2c:4c:8e:9a:f4:79:c1:ed:5e:b2:13:ef:8d:da:
         49:2b:fe:83:48:6e:0a:92:6b:ba:29:a2:6c:d9:f1:b7:25:c8:
         53:95:60:88
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURTvJXvoezNBHr5NkVPcfYLVpEL0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA1MTYwMTQyMTNaFw0yNzA1MTUwMTQ3MTNaMDMxMTAvBgNV
BAMTKDk3QTQ1OEVENUI0MkE1NTQxMjJERTYxNUNFRjc2NDBERTc2RDExNjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkIhcDUdj/Q/Kliv5svsVv8p4u
hGJ/NQjDXXT5Ywhd/r62BE6/PDz+YKyZrV1pdjVQGUFLxJqlMnBpudoxJ8ZX1hwz
xmwSASyFTUlIFibJFeHba7XmMU8VkEilJvIeDN+myRM5hve69FxNYqjxEvQmm7SY
6Lmb14Xlon/rnDHo5c1Ifvm/xtweQegm4IHJhXD1D4JRjmGOZpge70IspFJNgyxS
tEGgrOz7YFM15pYq615o5vKmdXHRxOgatLjCHgT13Lkqo26zFcVuiFHrC6le4FC2
4MhPW3SwYrumjBiD03rSiCTV6YAWrxicJkP5uvWRNGmCitOBWeRfY30ij+UrAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUl6RY7VtCpVQSLeYVzvdkDedtEWkwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjExNDQwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQtj
MA0GCSqGSIb3DQEBCwUAA4IBAQBSwD+QePmBu3NMJKZKQqTr7zAw1MU0WCRn4p/z
cYRUgBNMe6Iig8Koyx3ptOMYNPAAbjA5qrxSievgyhlvhK/vqzhIbCRy1T9TMA6l
t53k3pgvRFv/O3fqJZ9V27CpAKsvQ10svEkTCgFtYAlsAHtjbQ73XTQKT4W7xdbY
HVeSsmZcRbX/yWM4QxH7lquez8guahXJpPocFeMIyCZvRKcriMyS9yL2TukhTufd
gBsLKVRpyXfT3hm64Gk9WdyMSGtDl+6kZWlDFTN5/Qx8DjXc9CWyhev09iQxZIGb
LEyOmvR5we1eshPvjdpJK/6DSG4Kkmu6KaJs2fG3JchTlWCI
-----END CERTIFICATE-----