Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS216291.roa
File:                     AS216291.roa (raw, json)
Hash identifier:          FWkxvc7W6B0bfzWR9STy02Gqsfs9sSTsr/ceYW4AeMI=
Subject key identifier:   1D:F4:5F:B8:0E:94:21:DA:B9:D6:91:49:06:D5:3D:B0:D1:E4:6D:88
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       2AB9542C005620BC76677A0A72655CFA65F7150C
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS216291.roa
Signing time:             Tue 07 Oct 2025 14:27:31 +0000
ROA not before:           Tue 07 Oct 2025 14:22:31 +0000
ROA not after:            Tue 06 Oct 2026 14:27:31 +0000
asID:                     216291
IP address blocks:        185.36.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Oct 2025 15:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:b9:54:2c:00:56:20:bc:76:67:7a:0a:72:65:5c:fa:65:f7:15:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Oct  7 14:22:31 2025 GMT
            Not After : Oct  6 14:27:31 2026 GMT
        Subject: CN=1DF45FB80E9421DAB9D6914906D53DB0D1E46D88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:e1:ad:1a:9f:24:7d:dc:a1:13:e9:a3:02:85:
                    3b:f3:39:22:a7:b6:f8:a6:14:ba:7a:97:26:21:ba:
                    43:9c:33:18:08:b8:1e:93:87:6c:63:34:77:8d:3c:
                    ea:f0:8d:fb:b4:93:c0:b1:a2:74:87:d0:00:9e:5d:
                    58:51:68:86:5b:43:ef:5e:b2:3d:de:0d:76:44:7f:
                    85:a5:5b:12:25:dd:94:33:b3:51:12:af:21:56:21:
                    bf:2e:e1:2c:fa:ef:41:a0:39:fa:e8:c5:4c:31:62:
                    58:32:49:96:00:68:9c:a2:99:fb:74:8b:a6:71:5f:
                    2e:4d:88:1c:c8:01:ed:20:bd:41:58:e4:da:d0:c4:
                    fd:c2:11:a8:f5:a0:41:ec:31:65:08:77:56:30:a4:
                    ff:8a:4a:66:33:dc:c8:b7:71:3e:f3:52:1f:d2:4e:
                    c2:25:8c:56:fc:97:b9:0d:d1:a5:4e:87:88:5c:e1:
                    7e:78:44:4b:1b:66:53:ef:ba:92:2d:24:86:69:83:
                    b4:cd:39:ee:e6:b7:02:7c:d4:5c:db:2c:19:2a:15:
                    31:b8:af:36:b3:c4:a4:20:e0:bc:9e:12:a3:08:6d:
                    b7:19:f9:85:70:ba:fc:d7:05:1c:2f:93:db:2c:b4:
                    c4:c9:1d:02:0a:54:c8:76:a8:40:73:7e:fb:86:7a:
                    8d:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:F4:5F:B8:0E:94:21:DA:B9:D6:91:49:06:D5:3D:B0:D1:E4:6D:88
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS216291.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.36.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:1f:b0:07:bd:73:f6:4c:0d:38:77:d7:65:45:19:1f:58:e0:
         22:26:af:e2:9f:83:71:1d:b9:52:c6:1b:fe:b2:67:b5:ca:67:
         c4:d0:8d:ee:55:45:4d:4a:13:a9:91:11:cf:47:01:65:5d:11:
         ae:ce:65:ec:ab:7b:ec:79:1d:58:61:1d:d4:1c:91:6d:eb:b7:
         dd:12:93:44:99:83:82:36:48:86:58:10:bf:2e:0e:cc:1f:38:
         c2:aa:94:e4:6c:97:6e:ed:27:f5:9d:98:1e:06:4e:a3:61:d9:
         6b:00:2e:49:44:7e:5c:1a:09:8a:e3:7d:12:0c:a3:d6:4d:e2:
         57:58:95:67:d0:ae:bd:12:79:9f:81:43:ca:c1:71:2f:10:b1:
         a8:11:34:52:1c:4b:9b:d3:d8:cc:ef:ef:23:51:cd:8b:e0:2a:
         35:a2:df:96:d8:13:c9:66:67:b4:5d:b6:00:66:25:a9:07:65:
         56:23:af:03:d8:a7:73:fc:19:47:23:8c:06:f7:e9:d1:3e:3b:
         a0:f0:46:d2:8f:ce:2b:7e:7b:e8:f8:b8:53:c0:23:ed:74:51:
         74:26:8c:35:2f:74:58:b8:60:cb:07:c0:e7:2f:99:d5:d9:3a:
         8e:12:b5:83:3a:ef:8b:94:d1:86:d0:fe:7f:df:04:48:73:0e:
         bd:ac:af:69
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUKrlULABWILx2Z3oKcmVc+mX3FQwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTEwMDcxNDIyMzFaFw0yNjEwMDYxNDI3MzFaMDMxMTAvBgNV
BAMTKDFERjQ1RkI4MEU5NDIxREFCOUQ2OTE0OTA2RDUzREIwRDFFNDZEODgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDH4a0anyR93KET6aMChTvzOSKn
tvimFLp6lyYhukOcMxgIuB6Th2xjNHeNPOrwjfu0k8CxonSH0ACeXVhRaIZbQ+9e
sj3eDXZEf4WlWxIl3ZQzs1ESryFWIb8u4Sz670GgOfroxUwxYlgySZYAaJyimft0
i6ZxXy5NiBzIAe0gvUFY5NrQxP3CEaj1oEHsMWUId1YwpP+KSmYz3Mi3cT7zUh/S
TsIljFb8l7kN0aVOh4hc4X54REsbZlPvupItJIZpg7TNOe7mtwJ81FzbLBkqFTG4
rzazxKQg4LyeEqMIbbcZ+YVwuvzXBRwvk9sstMTJHQIKVMh2qEBzfvuGeo0zAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUHfRfuA6UIdq51pFJBtU9sNHkbYgwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE2MjkxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSQ5
MA0GCSqGSIb3DQEBCwUAA4IBAQAZH7AHvXP2TA04d9dlRRkfWOAiJq/in4NxHblS
xhv+sme1ymfE0I3uVUVNShOpkRHPRwFlXRGuzmXsq3vseR1YYR3UHJFt67fdEpNE
mYOCNkiGWBC/Lg7MHzjCqpTkbJdu7Sf1nZgeBk6jYdlrAC5JRH5cGgmK430SDKPW
TeJXWJVn0K69EnmfgUPKwXEvELGoETRSHEub09jM7+8jUc2L4Co1ot+W2BPJZme0
XbYAZiWpB2VWI68D2Kdz/BlHI4wG9+nRPjug8EbSj84rfnvo+LhTwCPtdFF0Jow1
L3RYuGDLB8DnL5nV2TqOErWDOu+LlNGG0P5/3wRIcw69rK9p
-----END CERTIFICATE-----