Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS211130.roa
File:                     AS211130.roa (raw, json)
Hash identifier:          C6ZxPd5EF1/r6+2udhA74YwQJE14R6XesreyRsa665g=
Subject key identifier:   16:F9:B6:98:8E:20:42:EB:A7:32:7B:F4:50:04:24:EC:42:A8:60:03
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       11FA479678DFC17477F0AF45F48A7EC31BF70892
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS211130.roa
Signing time:             Wed 01 Oct 2025 10:04:22 +0000
ROA not before:           Wed 01 Oct 2025 09:59:22 +0000
ROA not after:            Wed 30 Sep 2026 10:04:22 +0000
asID:                     211130
IP address blocks:        178.95.100.0/24 maxlen: 24
                          178.95.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Oct 2025 15:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:fa:47:96:78:df:c1:74:77:f0:af:45:f4:8a:7e:c3:1b:f7:08:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Oct  1 09:59:22 2025 GMT
            Not After : Sep 30 10:04:22 2026 GMT
        Subject: CN=16F9B6988E2042EBA7327BF4500424EC42A86003
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:1c:21:57:d1:87:f4:5c:62:b4:3b:0e:29:36:
                    30:ba:a0:da:b9:7a:9a:ce:41:04:0f:40:1c:31:a9:
                    66:2c:0c:bf:70:3e:08:43:d8:b9:a2:21:28:08:cd:
                    51:12:cc:66:16:f3:c9:bb:cb:72:0c:4e:7b:8c:a7:
                    58:89:6f:63:90:81:7a:1e:5b:f5:a4:56:83:79:e9:
                    11:ca:bf:b7:81:d7:6b:ae:df:0d:c4:e5:da:4d:93:
                    ac:0a:68:b7:db:79:bc:11:71:12:cc:05:a4:d5:89:
                    33:38:fc:25:5b:53:be:58:85:61:d7:58:c8:98:a3:
                    bc:0c:ef:a6:1b:f4:62:5c:b1:37:61:33:51:6b:82:
                    b6:58:71:b9:a8:08:fd:eb:e2:75:d9:5f:f2:b6:83:
                    b0:1f:7d:f5:a0:ce:26:25:5a:a2:fe:72:da:ea:42:
                    ef:f6:c0:19:06:ef:93:46:0f:c0:3a:a5:f1:90:36:
                    93:5c:77:3b:6d:59:0a:27:0c:79:fc:b0:85:a0:67:
                    f7:1a:0b:13:4e:16:18:71:73:6b:42:da:9d:2c:cb:
                    83:5b:e9:31:61:b3:3d:0f:4b:7e:2f:49:c5:15:c3:
                    42:be:c3:b4:6f:d9:9f:5e:22:48:34:45:d2:6a:23:
                    83:ad:16:9e:a1:23:71:cd:4d:c3:1b:5f:a8:c5:63:
                    28:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:F9:B6:98:8E:20:42:EB:A7:32:7B:F4:50:04:24:EC:42:A8:60:03
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS211130.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.95.100.0/24
                  178.95.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:ad:4d:c2:35:ea:d7:c1:37:73:11:fa:0f:56:37:ab:53:0d:
         16:95:a4:fb:92:3a:04:01:c8:b9:56:e6:8a:ef:05:ee:0d:3d:
         41:2d:27:85:fd:eb:41:1c:37:c7:03:50:ea:88:fb:24:e7:ac:
         f9:cd:a1:bd:91:26:ec:1b:f7:d6:e9:b3:82:25:2c:1a:9a:27:
         36:5b:61:ae:d8:a4:96:8b:d1:88:26:7d:9c:b3:60:84:94:a9:
         91:7b:0f:c5:8a:aa:61:a4:09:67:b4:1a:35:03:24:c8:13:3f:
         f5:87:54:56:e7:b2:7e:7e:d1:83:88:71:0d:fa:d6:c7:03:d3:
         cc:1f:89:30:df:af:d0:14:9f:11:64:a0:28:39:54:8b:83:55:
         90:b6:20:c7:f6:43:aa:e3:ba:b9:7d:ad:fa:60:97:53:29:71:
         35:8a:18:c4:0a:0d:e6:69:ea:9f:f1:d1:4b:cb:40:52:86:25:
         f7:62:d5:e6:74:51:61:7e:4d:bf:ab:3d:82:98:9b:9e:5d:f9:
         2b:3a:db:4f:76:84:6c:a1:dd:a2:9d:29:76:5a:bd:f5:c7:11:
         5e:ff:68:2d:f9:a6:ee:27:d1:df:e6:ec:24:15:b5:df:96:29:
         27:28:c9:6d:b9:00:cb:e5:f0:68:87:78:dc:02:8d:6d:ce:30:
         93:ea:df:61
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUEfpHlnjfwXR38K9F9Ip+wxv3CJIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTEwMDEwOTU5MjJaFw0yNjA5MzAxMDA0MjJaMDMxMTAvBgNV
BAMTKDE2RjlCNjk4OEUyMDQyRUJBNzMyN0JGNDUwMDQyNEVDNDJBODYwMDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD2HCFX0Yf0XGK0Ow4pNjC6oNq5
eprOQQQPQBwxqWYsDL9wPghD2LmiISgIzVESzGYW88m7y3IMTnuMp1iJb2OQgXoe
W/WkVoN56RHKv7eB12uu3w3E5dpNk6wKaLfbebwRcRLMBaTViTM4/CVbU75YhWHX
WMiYo7wM76Yb9GJcsTdhM1FrgrZYcbmoCP3r4nXZX/K2g7AfffWgziYlWqL+ctrq
Qu/2wBkG75NGD8A6pfGQNpNcdzttWQonDHn8sIWgZ/caCxNOFhhxc2tC2p0sy4Nb
6TFhsz0PS34vScUVw0K+w7Rv2Z9eIkg0RdJqI4OtFp6hI3HNTcMbX6jFYygNAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUFvm2mI4gQuunMnv0UAQk7EKoYAMwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjExMTMwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsl9k
AwQAsl+nMA0GCSqGSIb3DQEBCwUAA4IBAQCWrU3CNerXwTdzEfoPVjerUw0WlaT7
kjoEAci5VuaK7wXuDT1BLSeF/etBHDfHA1DqiPsk56z5zaG9kSbsG/fW6bOCJSwa
mic2W2Gu2KSWi9GIJn2cs2CElKmRew/FiqphpAlntBo1AyTIEz/1h1RW57J+ftGD
iHEN+tbHA9PMH4kw36/QFJ8RZKAoOVSLg1WQtiDH9kOq47q5fa36YJdTKXE1ihjE
Cg3maeqf8dFLy0BShiX3YtXmdFFhfk2/qz2CmJueXfkrOttPdoRsod2inSl2Wr31
xxFe/2gt+abuJ9Hf5uwkFbXfliknKMltuQDL5fBoh3jcAo1tzjCT6t9h
-----END CERTIFICATE-----