Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS216145.roa
File:                     AS216145.roa (raw, json)
Hash identifier:          URDJDx8E0jvZco+f/qyCNF5bMIbeVhA6CbFCU65hXR0=
Subject key identifier:   05:E4:CA:F2:10:FE:0C:55:AC:22:2B:CD:23:BF:77:E4:D7:34:64:6F
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       4091D15B6A7FDA501F2113094E723DB6F8856131
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS216145.roa
Signing time:             Sat 20 Sep 2025 15:18:45 +0000
ROA not before:           Sat 20 Sep 2025 15:13:45 +0000
ROA not after:            Sat 19 Sep 2026 15:18:45 +0000
asID:                     216145
IP address blocks:        46.203.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Oct 2025 15:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:91:d1:5b:6a:7f:da:50:1f:21:13:09:4e:72:3d:b6:f8:85:61:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Sep 20 15:13:45 2025 GMT
            Not After : Sep 19 15:18:45 2026 GMT
        Subject: CN=05E4CAF210FE0C55AC222BCD23BF77E4D734646F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:02:d2:b9:5e:40:57:75:e2:52:2c:ee:12:df:
                    71:79:a9:7e:c1:5f:fc:5c:f5:f9:9f:ce:a3:d6:ed:
                    f9:c7:8a:bb:b5:e1:b0:77:66:87:62:70:25:ea:39:
                    0b:71:c3:81:e9:b3:8f:4f:cb:f6:95:db:36:ad:4d:
                    1a:8f:34:69:0a:c1:1a:3a:a7:c9:72:83:80:d4:9f:
                    8c:b0:c9:a9:76:35:18:c8:41:3a:20:94:39:c8:1f:
                    b3:28:90:d2:f0:31:9f:d7:65:60:5b:47:eb:02:ff:
                    09:d7:4f:0b:ce:04:2a:9f:96:a4:f2:85:41:00:4d:
                    b0:48:5d:7b:8a:ea:4c:2e:22:ec:f7:13:fd:04:dd:
                    f4:e6:84:13:f8:65:53:6f:eb:7a:db:f0:48:4a:f0:
                    0a:cd:88:83:70:7d:11:5c:1b:ff:1c:86:10:f9:9c:
                    0c:13:a3:17:20:22:c4:73:18:d3:0a:9b:85:6a:1b:
                    3b:ca:4f:29:8f:62:3d:cd:2f:fe:f7:1b:7c:c2:65:
                    e3:46:20:bf:08:79:34:19:d6:a0:4d:22:e4:b9:d5:
                    b3:7f:96:4c:be:a0:d9:3a:8e:2e:fa:19:2c:34:73:
                    70:79:02:f8:f5:f6:50:cf:2e:93:09:07:1a:fd:3a:
                    96:e4:78:71:9a:e7:23:1f:f1:5c:c1:57:5d:93:da:
                    bf:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:E4:CA:F2:10:FE:0C:55:AC:22:2B:CD:23:BF:77:E4:D7:34:64:6F
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS216145.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.203.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:24:c1:da:5b:12:53:7b:f9:b7:80:9c:e0:48:7c:77:7d:6a:
         33:ea:05:ae:6a:13:2f:9c:0b:b0:5e:3c:fd:8c:77:13:5d:d9:
         38:06:f7:02:7a:11:d8:40:25:60:f8:57:91:bd:da:f4:4c:68:
         32:8a:dd:bb:68:11:7f:49:2f:ea:e5:6e:97:15:7c:e2:7b:99:
         ce:7f:3a:0f:7e:e5:1a:d3:f8:f0:69:3c:f0:92:93:ac:72:f6:
         e6:d8:5f:2c:a9:65:ec:73:fb:e2:14:49:f2:3b:f6:d9:de:93:
         f0:5e:59:e5:86:19:79:2c:99:04:1a:36:38:dd:e6:5a:6a:a4:
         42:21:a8:8e:50:8b:4c:64:ab:fd:b8:f0:6b:92:39:ea:e0:69:
         ac:8e:c3:91:98:82:30:49:9d:b7:45:23:a7:bb:da:09:ae:a6:
         7e:33:10:f9:ce:8d:6b:dc:83:4b:3d:ba:4a:11:a2:20:6a:3d:
         8c:5e:52:8a:60:25:a6:ca:43:2c:44:7b:5e:17:95:7c:6c:fb:
         74:0d:f2:b0:67:4f:b7:ed:de:4f:cd:af:f1:c3:d9:ab:20:01:
         09:1a:92:50:da:a4:e3:fe:1d:07:0c:54:a8:95:d0:1d:e6:fe:
         df:e4:a0:15:84:59:24:30:3e:43:d4:cf:cf:70:95:f6:15:22:
         76:fa:58:6c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUQJHRW2p/2lAfIRMJTnI9tviFYTEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA5MjAxNTEzNDVaFw0yNjA5MTkxNTE4NDVaMDMxMTAvBgNV
BAMTKDA1RTRDQUYyMTBGRTBDNTVBQzIyMkJDRDIzQkY3N0U0RDczNDY0NkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGAtK5XkBXdeJSLO4S33F5qX7B
X/xc9fmfzqPW7fnHiru14bB3ZodicCXqOQtxw4Hps49Py/aV2zatTRqPNGkKwRo6
p8lyg4DUn4ywyal2NRjIQToglDnIH7MokNLwMZ/XZWBbR+sC/wnXTwvOBCqflqTy
hUEATbBIXXuK6kwuIuz3E/0E3fTmhBP4ZVNv63rb8EhK8ArNiINwfRFcG/8chhD5
nAwToxcgIsRzGNMKm4VqGzvKTymPYj3NL/73G3zCZeNGIL8IeTQZ1qBNIuS51bN/
lky+oNk6ji76GSw0c3B5Avj19lDPLpMJBxr9OpbkeHGa5yMf8VzBV12T2r8VAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUBeTK8hD+DFWsIivNI7935Nc0ZG8wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE2MTQ1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALstL
MA0GCSqGSIb3DQEBCwUAA4IBAQAgJMHaWxJTe/m3gJzgSHx3fWoz6gWuahMvnAuw
Xjz9jHcTXdk4BvcCehHYQCVg+FeRvdr0TGgyit27aBF/SS/q5W6XFXzie5nOfzoP
fuUa0/jwaTzwkpOscvbm2F8sqWXsc/viFEnyO/bZ3pPwXlnlhhl5LJkEGjY43eZa
aqRCIaiOUItMZKv9uPBrkjnq4GmsjsORmIIwSZ23RSOnu9oJrqZ+MxD5zo1r3INL
PbpKEaIgaj2MXlKKYCWmykMsRHteF5V8bPt0DfKwZ0+37d5Pza/xw9mrIAEJGpJQ
2qTj/h0HDFSoldAd5v7f5KAVhFkkMD5D1M/PcJX2FSJ2+lhs
-----END CERTIFICATE-----