Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS216145.roa
File:                     AS216145.roa (raw, json)
Hash identifier:          0lhv+kr4BhDrI/FplC3c2JbA3soQEX0ZJAUi4I1IKeA=
Subject key identifier:   32:44:7B:1A:FE:A5:AD:FE:E9:3B:3D:B4:46:28:99:F6:75:3C:7C:B0
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       14EB276C4513F553D6705CF71B4A6780580704BA
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS216145.roa
Signing time:             Fri 06 Mar 2026 15:18:45 +0000
ROA not before:           Fri 06 Mar 2026 15:13:45 +0000
ROA not after:            Fri 05 Mar 2027 15:18:45 +0000
asID:                     216145
IP address blocks:        141.11.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 18 Mar 2026 09:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:eb:27:6c:45:13:f5:53:d6:70:5c:f7:1b:4a:67:80:58:07:04:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Mar  6 15:13:45 2026 GMT
            Not After : Mar  5 15:18:45 2027 GMT
        Subject: CN=32447B1AFEA5ADFEE93B3DB4462899F6753C7CB0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f0:9a:2f:c5:0f:84:72:54:d9:f0:ca:a0:63:
                    64:21:dc:8e:ac:36:e3:fe:86:21:92:e8:0b:bb:43:
                    c9:10:23:0d:39:76:85:ae:b1:af:d5:fb:24:5b:27:
                    f2:a2:90:d2:91:82:0b:d0:62:30:0c:d5:66:d1:85:
                    fb:7b:fb:0f:56:0e:1f:6c:07:2a:7b:ee:cd:74:e2:
                    4f:86:f5:d5:27:af:2d:c5:00:02:22:d4:46:96:7a:
                    b6:31:bf:11:a0:7c:04:cd:90:d1:ce:7e:d5:d4:79:
                    14:89:fa:b4:b5:4d:46:ce:40:f9:10:3c:a9:13:51:
                    a1:40:3a:9f:5f:2d:5b:34:0d:d2:b7:51:cf:be:cc:
                    ea:46:ee:07:03:62:1a:58:f9:ba:e9:71:8d:98:e0:
                    02:3c:18:87:d3:b4:f3:59:a9:06:f9:87:e7:5f:5e:
                    05:7a:11:03:48:55:f3:fb:8f:00:73:80:a1:b4:df:
                    4e:10:11:ca:81:c8:4d:af:c7:ba:1c:be:82:94:5c:
                    6f:05:d9:9e:22:ea:1a:8c:62:88:be:fb:31:dd:1b:
                    86:6d:01:e9:33:c3:42:b8:7f:ac:b8:cd:56:5b:17:
                    83:7d:8b:13:af:0d:fc:a6:fd:cc:91:b0:6c:b6:72:
                    78:0e:89:7f:f2:d0:65:82:09:54:23:81:46:02:0a:
                    c5:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:44:7B:1A:FE:A5:AD:FE:E9:3B:3D:B4:46:28:99:F6:75:3C:7C:B0
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS216145.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:ad:80:ae:de:44:62:86:e3:67:20:98:71:f5:97:a7:1f:e4:
         39:85:09:d9:aa:9d:9c:ed:30:87:79:05:a5:18:06:3e:fb:0f:
         bd:79:af:4c:62:9a:a0:f8:48:50:f4:04:5c:7b:99:ab:d4:fd:
         09:c0:3d:48:5f:6f:3a:0f:4f:d8:30:71:58:3c:dc:ee:6c:3e:
         ad:7e:95:03:ef:9f:5a:2d:6e:f6:04:3e:c7:d9:4c:cb:da:15:
         3a:53:4c:01:c1:b9:9a:6d:ab:53:0b:db:a8:d5:b2:11:1e:e8:
         1b:5b:de:a9:c9:18:a3:ba:10:61:f4:1d:4f:f0:57:4b:52:8e:
         a1:77:53:ac:05:15:09:03:48:06:fd:64:9d:6e:e7:da:f7:76:
         48:a7:d2:26:3e:c3:56:45:78:15:24:9e:2d:c0:2c:2a:62:d5:
         d1:15:7f:81:93:02:c8:e4:30:a6:55:b1:f9:2b:b2:f1:4b:c4:
         27:d0:0e:d1:43:c5:cb:4c:b5:2e:31:13:d8:02:a7:c3:54:21:
         dc:2d:db:40:8f:98:26:22:dc:cd:cb:c5:ae:43:10:4c:7a:39:
         05:e6:fc:44:5b:c5:bd:71:0b:4a:1f:f8:bd:1f:2b:6b:f1:43:
         74:9c:ba:7b:13:50:82:de:c1:b6:57:65:c0:ba:39:ee:63:ce:
         1e:df:9a:78
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUFOsnbEUT9VPWcFz3G0pngFgHBLowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjAzMDYxNTEzNDVaFw0yNzAzMDUxNTE4NDVaMDMxMTAvBgNV
BAMTKDMyNDQ3QjFBRkVBNUFERkVFOTNCM0RCNDQ2Mjg5OUY2NzUzQzdDQjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC28JovxQ+EclTZ8MqgY2Qh3I6s
NuP+hiGS6Au7Q8kQIw05doWusa/V+yRbJ/KikNKRggvQYjAM1WbRhft7+w9WDh9s
Byp77s104k+G9dUnry3FAAIi1EaWerYxvxGgfATNkNHOftXUeRSJ+rS1TUbOQPkQ
PKkTUaFAOp9fLVs0DdK3Uc++zOpG7gcDYhpY+brpcY2Y4AI8GIfTtPNZqQb5h+df
XgV6EQNIVfP7jwBzgKG0304QEcqByE2vx7ocvoKUXG8F2Z4i6hqMYoi++zHdG4Zt
Aekzw0K4f6y4zVZbF4N9ixOvDfym/cyRsGy2cngOiX/y0GWCCVQjgUYCCsUrAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUMkR7Gv6lrf7pOz20RiiZ9nU8fLAwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE2MTQ1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQu1
MA0GCSqGSIb3DQEBCwUAA4IBAQDBrYCu3kRihuNnIJhx9ZenH+Q5hQnZqp2c7TCH
eQWlGAY++w+9ea9MYpqg+EhQ9ARce5mr1P0JwD1IX286D0/YMHFYPNzubD6tfpUD
759aLW72BD7H2UzL2hU6U0wBwbmabatTC9uo1bIRHugbW96pyRijuhBh9B1P8FdL
Uo6hd1OsBRUJA0gG/WSdbufa93ZIp9ImPsNWRXgVJJ4twCwqYtXRFX+BkwLI5DCm
VbH5K7LxS8Qn0A7RQ8XLTLUuMRPYAqfDVCHcLdtAj5gmItzNy8WuQxBMejkF5vxE
W8W9cQtKH/i9Hytr8UN0nLp7E1CC3sG2V2XAujnuY84e35p4
-----END CERTIFICATE-----