Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS212032.roa
File:                     AS212032.roa (raw, json)
Hash identifier:          gp8lbEEvu94iRX0YS9YeOT8xNqwTL2yghAi/mkvAfS4=
Subject key identifier:   5C:D5:63:E6:C4:52:C0:E8:48:B1:12:6B:61:E6:57:E2:5A:30:AD:99
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       65672F7B1DB520C1546E6C4C41C7D5B16CD533F0
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS212032.roa
Signing time:             Tue 21 Oct 2025 04:51:38 +0000
ROA not before:           Tue 21 Oct 2025 04:46:38 +0000
ROA not after:            Tue 20 Oct 2026 04:51:38 +0000
asID:                     212032
IP address blocks:        178.95.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:67:2f:7b:1d:b5:20:c1:54:6e:6c:4c:41:c7:d5:b1:6c:d5:33:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Oct 21 04:46:38 2025 GMT
            Not After : Oct 20 04:51:38 2026 GMT
        Subject: CN=5CD563E6C452C0E848B1126B61E657E25A30AD99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:c3:24:65:f9:0f:58:e1:eb:63:b1:73:54:5f:
                    89:3b:f3:07:65:db:f6:58:98:b6:d3:7c:5c:9c:e8:
                    1b:62:94:d7:98:0f:12:5e:9d:7e:b8:fc:b7:02:92:
                    a3:e2:e4:41:1f:5c:01:f9:ca:61:71:50:94:c4:66:
                    cc:90:5c:a5:ac:8c:b9:61:ac:14:e8:74:6a:b0:af:
                    e6:fd:17:26:cc:79:58:7c:48:10:cb:a8:3b:99:ee:
                    66:6b:a2:e8:34:ba:31:fd:60:32:20:52:66:97:27:
                    63:b8:b0:43:8c:6d:d1:e9:7b:08:8e:41:35:57:e6:
                    c2:30:37:12:8c:81:a8:49:e2:49:bb:26:38:7a:e3:
                    31:11:57:ea:fe:fb:a7:ee:39:34:7c:22:d3:14:b7:
                    05:51:cc:83:1b:e9:2a:8b:b8:af:a8:5c:17:32:e5:
                    d2:07:3e:5c:3d:f8:90:63:5a:4a:ab:3a:14:c2:3c:
                    8b:c8:33:29:4e:3a:42:95:1f:b7:dc:74:b4:da:5e:
                    72:46:5d:c3:83:19:e8:2b:ec:95:7d:61:a5:7f:35:
                    31:3c:ae:9a:1e:cc:69:46:25:eb:0d:86:48:3d:68:
                    5d:05:8d:4b:59:44:04:bd:19:a4:df:1e:b2:75:8a:
                    a8:fb:f7:65:ce:d0:66:67:e5:a0:d1:65:d1:35:9b:
                    07:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:D5:63:E6:C4:52:C0:E8:48:B1:12:6B:61:E6:57:E2:5A:30:AD:99
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS212032.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.95.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:3d:45:71:1f:b4:f7:e6:fc:df:0e:46:d1:dc:b4:b9:a2:82:
         f2:33:78:1f:9f:49:7c:45:39:06:72:e8:20:4c:ff:f2:c2:9d:
         d6:6a:0d:fa:de:64:6d:00:a8:73:af:51:71:12:56:68:ee:90:
         20:21:d5:0b:0c:94:6d:df:02:7f:61:c5:6e:55:71:cc:05:18:
         b9:df:3f:1a:be:46:de:97:ca:cb:35:f8:77:cf:ab:9c:62:0b:
         1c:bc:0a:84:51:c1:e7:f9:96:10:d6:48:a2:b7:45:6f:be:97:
         91:28:5f:52:6a:fa:a7:1c:76:b6:0e:82:46:e1:c8:85:0c:a8:
         54:cb:4c:e4:17:d6:97:66:64:1c:56:ca:8e:38:33:f5:bd:a2:
         69:6a:46:09:a5:c3:e1:10:28:08:1b:37:55:ed:b3:34:d7:9b:
         68:a7:82:63:24:0a:43:8c:3c:60:24:78:58:5b:e8:6b:c1:c9:
         a2:1c:58:a3:6d:7f:cc:cd:c3:8c:85:94:24:ca:37:bf:20:f7:
         a4:7a:70:0e:89:4e:e3:94:22:77:bf:08:e5:cb:cf:f8:f6:f0:
         01:f4:c8:f5:73:59:c6:2c:85:df:02:8a:db:c8:9c:72:45:5e:
         26:08:bd:e2:77:45:b9:97:8e:44:7f:ae:8b:b3:ff:22:fc:56:
         9b:6e:b2:8f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUZWcvex21IMFUbmxMQcfVsWzVM/AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTEwMjEwNDQ2MzhaFw0yNjEwMjAwNDUxMzhaMDMxMTAvBgNV
BAMTKDVDRDU2M0U2QzQ1MkMwRTg0OEIxMTI2QjYxRTY1N0UyNUEzMEFEOTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCywyRl+Q9Y4etjsXNUX4k78wdl
2/ZYmLbTfFyc6BtilNeYDxJenX64/LcCkqPi5EEfXAH5ymFxUJTEZsyQXKWsjLlh
rBTodGqwr+b9FybMeVh8SBDLqDuZ7mZroug0ujH9YDIgUmaXJ2O4sEOMbdHpewiO
QTVX5sIwNxKMgahJ4km7Jjh64zERV+r++6fuOTR8ItMUtwVRzIMb6SqLuK+oXBcy
5dIHPlw9+JBjWkqrOhTCPIvIMylOOkKVH7fcdLTaXnJGXcODGegr7JV9YaV/NTE8
rpoezGlGJesNhkg9aF0FjUtZRAS9GaTfHrJ1iqj792XO0GZn5aDRZdE1mwfjAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUXNVj5sRSwOhIsRJrYeZX4lowrZkwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjEyMDMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsl/I
MA0GCSqGSIb3DQEBCwUAA4IBAQB6PUVxH7T35vzfDkbR3LS5ooLyM3gfn0l8RTkG
cuggTP/ywp3Wag363mRtAKhzr1FxElZo7pAgIdULDJRt3wJ/YcVuVXHMBRi53z8a
vkbel8rLNfh3z6ucYgscvAqEUcHn+ZYQ1kiit0VvvpeRKF9SavqnHHa2DoJG4ciF
DKhUy0zkF9aXZmQcVsqOODP1vaJpakYJpcPhECgIGzdV7bM015top4JjJApDjDxg
JHhYW+hrwcmiHFijbX/MzcOMhZQkyje/IPekenAOiU7jlCJ3vwjly8/49vAB9Mj1
c1nGLIXfAorbyJxyRV4mCL3id0W5l45Ef66Ls/8i/FabbrKP
-----END CERTIFICATE-----