Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS212477.roa
File:                     AS212477.roa (raw, json)
Hash identifier:          GNVxbuzEBpWjUj8qlASgxhFuBFzfImmyInBMRjwCBps=
Subject key identifier:   04:1E:0D:B4:8D:AF:97:6B:CE:E5:B1:59:6F:8A:7B:67:F8:9B:7B:36
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       4A64A667B6303BC8F55E1B7AA730C1A9B3DA8698
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS212477.roa
Signing time:             Wed 20 May 2026 04:21:24 +0000
ROA not before:           Wed 20 May 2026 04:16:24 +0000
ROA not after:            Wed 19 May 2027 04:21:24 +0000
asID:                     212477
IP address blocks:        95.135.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 20 May 2026 22:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:64:a6:67:b6:30:3b:c8:f5:5e:1b:7a:a7:30:c1:a9:b3:da:86:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: May 20 04:16:24 2026 GMT
            Not After : May 19 04:21:24 2027 GMT
        Subject: CN=041E0DB48DAF976BCEE5B1596F8A7B67F89B7B36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:f5:5e:30:62:a4:ba:36:81:06:48:73:a0:aa:
                    c7:25:5e:bd:ad:7f:84:41:7a:a2:a7:97:47:6b:c5:
                    35:6c:a1:00:70:9e:02:78:59:e2:2d:c8:9e:b6:ba:
                    c3:99:03:d9:9a:4b:0f:c7:17:9e:d9:d4:5a:8e:79:
                    8d:c4:4f:17:2e:6a:1a:b0:a2:54:8e:eb:ef:07:e6:
                    2b:73:59:18:3f:e0:3c:02:3e:c5:2d:4f:3b:99:93:
                    a0:9d:03:2b:a5:e9:86:4a:53:b8:17:64:36:da:e4:
                    ac:e4:30:2c:1c:e9:8d:03:5f:79:54:29:36:6a:5a:
                    3e:e5:82:0a:e3:b9:1a:8c:03:a6:f6:d6:a0:c2:8a:
                    70:54:cf:42:0d:40:9c:dc:9a:44:9c:14:92:6d:8e:
                    0c:97:59:21:49:9c:b8:6e:a4:29:44:81:10:f0:e1:
                    6b:23:6a:4b:c2:45:80:89:10:0c:bc:08:7b:b9:ac:
                    49:24:4c:a6:f4:c7:dc:78:13:e1:eb:97:b1:22:aa:
                    23:56:a9:5b:5f:e5:0b:78:99:38:52:b4:bc:a2:03:
                    cf:34:47:84:fb:e5:7e:50:46:bd:be:69:2b:5a:dc:
                    01:95:3f:05:74:07:41:38:1c:05:d8:23:4c:59:9a:
                    67:0c:40:a1:c4:41:fe:15:d6:5e:96:0c:3f:59:b6:
                    2d:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:1E:0D:B4:8D:AF:97:6B:CE:E5:B1:59:6F:8A:7B:67:F8:9B:7B:36
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS212477.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.135.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:54:fc:47:31:b4:fb:f1:8c:62:9f:f9:99:10:48:c8:43:c3:
         eb:42:2d:a4:c3:ad:e7:04:77:1e:af:eb:6f:7c:11:82:48:a3:
         89:02:a3:57:06:9d:4e:7b:0c:99:57:57:0e:46:bb:16:4b:f5:
         1e:6d:a7:09:6e:d9:44:e2:b4:3b:fa:91:e5:99:0e:47:90:a4:
         e9:01:d6:67:79:c3:df:58:4d:6e:b3:5b:cb:df:11:69:0a:8b:
         8e:f4:4b:d8:d6:84:85:0f:ad:41:73:d4:1a:6a:b0:20:0a:35:
         4e:ff:99:f3:82:93:3f:ad:25:ca:6a:96:ad:29:e0:da:ac:1c:
         a6:57:a3:97:f5:62:2d:e6:3b:63:13:e7:ac:64:c6:15:f7:48:
         2f:56:21:e3:92:14:39:31:25:64:f3:27:cf:70:2c:c1:a9:a7:
         bb:73:92:b2:dc:93:27:1c:0e:47:51:d3:1a:58:f4:37:f7:da:
         ab:17:b9:14:7f:f1:0c:f8:51:24:3b:73:f3:30:02:eb:dc:74:
         58:a1:1a:0c:50:19:90:18:a1:5a:88:97:e7:e7:a6:29:41:f0:
         d0:bf:70:59:e9:8a:30:64:d8:2c:da:a8:72:af:7c:20:20:85:
         e1:45:42:9c:23:f2:99:66:00:69:21:c0:b6:cb:31:c6:66:42:
         e5:cc:e3:18
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUSmSmZ7YwO8j1Xht6pzDBqbPahpgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA1MjAwNDE2MjRaFw0yNzA1MTkwNDIxMjRaMDMxMTAvBgNV
BAMTKDA0MUUwREI0OERBRjk3NkJDRUU1QjE1OTZGOEE3QjY3Rjg5QjdCMzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCS9V4wYqS6NoEGSHOgqsclXr2t
f4RBeqKnl0drxTVsoQBwngJ4WeItyJ62usOZA9maSw/HF57Z1FqOeY3ETxcuahqw
olSO6+8H5itzWRg/4DwCPsUtTzuZk6CdAyul6YZKU7gXZDba5KzkMCwc6Y0DX3lU
KTZqWj7lggrjuRqMA6b21qDCinBUz0INQJzcmkScFJJtjgyXWSFJnLhupClEgRDw
4WsjakvCRYCJEAy8CHu5rEkkTKb0x9x4E+Hrl7EiqiNWqVtf5Qt4mThStLyiA880
R4T75X5QRr2+aSta3AGVPwV0B0E4HAXYI0xZmmcMQKHEQf4V1l6WDD9Zti1fAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUBB4NtI2vl2vO5bFZb4p7Z/ibezYwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjEyNDc3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4cx
MA0GCSqGSIb3DQEBCwUAA4IBAQBcVPxHMbT78Yxin/mZEEjIQ8PrQi2kw63nBHce
r+tvfBGCSKOJAqNXBp1OewyZV1cORrsWS/UebacJbtlE4rQ7+pHlmQ5HkKTpAdZn
ecPfWE1us1vL3xFpCouO9EvY1oSFD61Bc9QaarAgCjVO/5nzgpM/rSXKapatKeDa
rBymV6OX9WIt5jtjE+esZMYV90gvViHjkhQ5MSVk8yfPcCzBqae7c5Ky3JMnHA5H
UdMaWPQ399qrF7kUf/EM+FEkO3PzMALr3HRYoRoMUBmQGKFaiJfn56YpQfDQv3BZ
6YowZNgs2qhyr3wgIIXhRUKcI/KZZgBpIcC2yzHGZkLlzOMY
-----END CERTIFICATE-----