Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS211094.roa
File:                     AS211094.roa (raw, json)
Hash identifier:          3C87UR7rizN53lTDPDZ831n2+ur7JZ0aPXIVfgXSCXA=
Subject key identifier:   3A:C0:1A:3B:1E:08:3A:38:85:06:50:24:55:43:06:5E:4A:02:F6:9D
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       21F7B5800B832EE0BE9040DFA5D32C2A6C956021
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS211094.roa
Signing time:             Mon 18 May 2026 16:47:14 +0000
ROA not before:           Mon 18 May 2026 16:42:14 +0000
ROA not after:            Mon 17 May 2027 16:47:14 +0000
asID:                     211094
IP address blocks:        143.20.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 21:46:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:f7:b5:80:0b:83:2e:e0:be:90:40:df:a5:d3:2c:2a:6c:95:60:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May 18 16:42:14 2026 GMT
            Not After : May 17 16:47:14 2027 GMT
        Subject: CN=3AC01A3B1E083A38850650245543065E4A02F69D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:47:95:27:c5:4d:3f:9e:34:aa:eb:ad:41:b8:
                    17:fe:ef:ef:b8:cd:fd:62:ef:f8:5c:73:58:dc:3f:
                    b9:57:29:8b:5f:8e:6d:74:7d:65:b7:52:f2:a1:7c:
                    a5:c2:39:2a:fd:22:c6:8f:46:ce:d3:66:7c:ca:fe:
                    6d:f1:ac:3e:f2:12:01:af:25:0f:d8:85:69:ff:38:
                    c4:b5:b4:d2:80:bf:c0:3e:94:fe:24:5e:16:0d:0f:
                    55:b9:2b:95:7e:f6:c4:21:ad:a3:f1:f8:f9:ec:d5:
                    9e:d0:92:a2:2e:95:88:da:1e:90:44:91:d4:00:a8:
                    77:ce:e2:d4:a0:5c:64:5f:5f:3e:c6:d5:32:ff:37:
                    b4:1b:6b:07:3d:8a:aa:e5:d2:82:cf:6f:4d:68:f6:
                    59:0f:3e:05:b9:02:75:e3:7c:ab:3f:83:32:d3:ee:
                    94:6f:5c:5d:ad:a0:62:48:5f:65:02:e2:c8:f1:1a:
                    d1:f0:80:03:6d:45:32:56:9f:e0:ed:8a:34:ff:6b:
                    2e:f4:74:19:9b:ce:09:11:68:68:6c:5b:f3:1e:fa:
                    9a:6a:2f:9e:5e:f3:48:4d:33:1a:72:47:93:9d:25:
                    bb:04:bd:1b:3a:f6:c6:e1:70:b5:d3:38:02:63:11:
                    78:6a:b4:24:5f:19:ea:72:18:66:5f:ed:b1:85:b3:
                    77:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:C0:1A:3B:1E:08:3A:38:85:06:50:24:55:43:06:5E:4A:02:F6:9D
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS211094.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:fb:96:11:41:b6:b6:06:aa:d5:32:ef:2f:51:4b:34:ad:e6:
         05:5e:51:7d:83:09:2a:3f:9b:b8:97:bb:58:6a:6c:ff:92:5a:
         0c:53:9d:7b:2a:ca:59:b7:11:8c:da:19:83:20:2c:da:5c:f8:
         26:01:73:ac:4b:89:82:3d:db:a8:bd:7e:1f:0b:60:f6:f2:8f:
         aa:47:a8:28:b0:99:8c:6f:78:cc:e8:36:4c:68:67:32:7d:ee:
         51:ca:3a:58:1d:c6:fb:a5:58:9c:36:fd:30:9d:ed:9e:19:04:
         6a:66:90:c9:89:ac:c9:81:0b:7e:ce:1a:90:44:13:65:b2:3d:
         a8:24:f0:17:c4:24:ab:53:d8:63:a6:b4:61:07:c4:64:98:7b:
         cf:25:c9:1d:11:5b:40:f3:a9:16:9f:d1:33:8f:1f:06:3f:44:
         3c:29:56:47:3d:8e:3e:49:7f:19:cc:86:96:66:18:09:33:10:
         bf:79:e4:a4:b3:84:7d:fc:7b:9f:5a:27:f2:e3:87:c8:5c:08:
         a0:58:0a:5a:26:cd:74:74:22:a2:af:ba:20:d0:a9:59:e8:d2:
         a7:46:21:d7:b4:f1:6e:b6:eb:74:20:6c:83:84:57:04:84:59:
         8a:11:f9:57:e4:ea:75:bd:31:b2:57:c0:9e:53:80:71:29:be:
         11:98:de:76
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUIfe1gAuDLuC+kEDfpdMsKmyVYCEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjA1MTgxNjQyMTRaFw0yNzA1MTcxNjQ3MTRaMDMxMTAvBgNV
BAMTKDNBQzAxQTNCMUUwODNBMzg4NTA2NTAyNDU1NDMwNjVFNEEwMkY2OUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLR5UnxU0/njSq661BuBf+7++4
zf1i7/hcc1jcP7lXKYtfjm10fWW3UvKhfKXCOSr9IsaPRs7TZnzK/m3xrD7yEgGv
JQ/YhWn/OMS1tNKAv8A+lP4kXhYND1W5K5V+9sQhraPx+Pns1Z7QkqIulYjaHpBE
kdQAqHfO4tSgXGRfXz7G1TL/N7Qbawc9iqrl0oLPb01o9lkPPgW5AnXjfKs/gzLT
7pRvXF2toGJIX2UC4sjxGtHwgANtRTJWn+DtijT/ay70dBmbzgkRaGhsW/Me+ppq
L55e80hNMxpyR5OdJbsEvRs69sbhcLXTOAJjEXhqtCRfGepyGGZf7bGFs3ebAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUOsAaOx4IOjiFBlAkVUMGXkoC9p0wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjExMDk0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQo
MA0GCSqGSIb3DQEBCwUAA4IBAQBe+5YRQba2BqrVMu8vUUs0reYFXlF9gwkqP5u4
l7tYamz/kloMU517KspZtxGM2hmDICzaXPgmAXOsS4mCPduovX4fC2D28o+qR6go
sJmMb3jM6DZMaGcyfe5RyjpYHcb7pVicNv0wne2eGQRqZpDJiazJgQt+zhqQRBNl
sj2oJPAXxCSrU9hjprRhB8RkmHvPJckdEVtA86kWn9Ezjx8GP0Q8KVZHPY4+SX8Z
zIaWZhgJMxC/eeSks4R9/HufWify44fIXAigWApaJs10dCKir7og0KlZ6NKnRiHX
tPFutut0IGyDhFcEhFmKEflX5Op1vTGyV8CeU4BxKb4RmN52
-----END CERTIFICATE-----