Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS211415.roa
File:                     AS211415.roa (raw, json)
Hash identifier:          DKqxOmoH1oUvkd5hwlQHVDc52UoG8tXKaREXCMNwJ3Y=
Subject key identifier:   5C:20:60:4E:9B:9F:81:F0:A6:4E:91:01:45:AE:7C:80:4E:04:0C:E1
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       54DF326535B319D17D6AE082058778BED8538E34
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS211415.roa
Signing time:             Wed 04 Mar 2026 08:30:28 +0000
ROA not before:           Wed 04 Mar 2026 08:25:28 +0000
ROA not after:            Wed 03 Mar 2027 08:30:28 +0000
asID:                     211415
IP address blocks:        147.125.214.0/24 maxlen: 24
                          147.125.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 10:24:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:df:32:65:35:b3:19:d1:7d:6a:e0:82:05:87:78:be:d8:53:8e:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Mar  4 08:25:28 2026 GMT
            Not After : Mar  3 08:30:28 2027 GMT
        Subject: CN=5C20604E9B9F81F0A64E910145AE7C804E040CE1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:00:59:34:39:28:dd:85:77:a6:ca:2f:5e:a0:
                    35:5b:4f:8d:a9:b0:c8:f0:25:f1:05:a4:e9:a0:42:
                    08:b0:f5:82:3f:41:91:99:fb:68:33:16:92:fa:4e:
                    96:e3:0d:f5:ca:be:00:97:8e:2a:d2:fd:65:b3:25:
                    71:cb:96:4f:54:e8:62:65:2c:59:71:31:1b:f4:ed:
                    f4:a2:6c:1e:71:b6:67:2a:9e:27:92:b7:d4:27:8b:
                    6a:38:37:53:1f:31:b7:4b:c5:84:be:c4:03:d5:e2:
                    8a:42:5c:9f:4f:71:d9:28:9b:9b:52:79:da:f2:46:
                    0a:47:d3:ee:ae:b6:9b:27:8e:b3:a9:65:5a:b9:f8:
                    cc:c9:88:ed:9d:55:66:44:54:cd:3f:4f:5d:33:37:
                    40:65:6a:9d:f1:dc:76:67:23:5a:d1:a6:1f:3e:7c:
                    08:47:23:c3:a5:40:d6:34:f0:da:83:71:49:ef:3d:
                    6c:6b:f4:0d:2f:d7:6c:55:6f:57:fb:f4:69:b3:8d:
                    a7:47:83:0b:30:10:35:88:16:f0:63:ea:55:13:2e:
                    7c:38:a4:26:95:b1:60:e5:ff:fa:27:69:e1:db:30:
                    7d:ba:3b:b0:8f:fb:5c:5e:2c:1e:6d:5e:1f:fb:af:
                    d2:1a:16:7a:a6:30:30:f2:4d:74:61:89:f4:16:24:
                    0d:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:20:60:4E:9B:9F:81:F0:A6:4E:91:01:45:AE:7C:80:4E:04:0C:E1
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS211415.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.214.0/24
                  147.125.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:a5:ad:6b:e6:33:c0:8d:fb:1f:c3:07:ab:5c:16:2f:45:cb:
         22:2f:04:15:d7:34:24:79:ec:21:e8:a5:88:d5:35:8d:55:14:
         63:af:ed:f7:98:46:1e:4a:8f:3f:9e:43:16:9f:45:46:f1:ff:
         0d:9d:0a:e3:3b:ec:d8:1c:5d:43:63:06:30:bd:12:61:8d:cf:
         c2:ad:75:ad:25:4b:df:d9:44:80:f3:1f:b1:47:64:21:31:23:
         12:1b:a6:b4:87:96:d3:46:b1:70:75:f7:b6:ce:e4:d5:81:78:
         e7:01:55:bc:2c:c6:7d:5b:60:40:56:b5:f8:df:a5:65:e0:89:
         b3:8b:ec:98:a7:87:64:6b:70:f4:b9:9a:59:88:a4:fe:23:a7:
         d0:62:ed:7e:2d:48:f0:62:b5:02:34:4e:29:b9:17:04:9d:ee:
         c0:f4:5e:19:0e:8c:f1:a4:22:76:4d:00:d4:3c:ea:12:22:4d:
         3f:0d:36:f1:a7:02:8d:ab:8b:f5:e5:0c:ee:1e:4c:20:f8:12:
         ea:1b:ca:1b:a8:c1:d1:cb:a3:13:28:c7:e3:a7:b2:8f:96:f0:
         09:ef:b9:4c:2b:f0:1c:d6:14:cd:15:b1:5a:ab:12:bb:f3:a9:
         c1:d6:92:2d:f7:17:be:49:d7:2c:b3:ce:9f:f7:c7:f4:e7:c8:
         6d:5b:69:ae
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUVN8yZTWzGdF9auCCBYd4vthTjjQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjAzMDQwODI1MjhaFw0yNzAzMDMwODMwMjhaMDMxMTAvBgNV
BAMTKDVDMjA2MDRFOUI5RjgxRjBBNjRFOTEwMTQ1QUU3QzgwNEUwNDBDRTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwAFk0OSjdhXemyi9eoDVbT42p
sMjwJfEFpOmgQgiw9YI/QZGZ+2gzFpL6TpbjDfXKvgCXjirS/WWzJXHLlk9U6GJl
LFlxMRv07fSibB5xtmcqnieSt9Qni2o4N1MfMbdLxYS+xAPV4opCXJ9Pcdkom5tS
edryRgpH0+6utpsnjrOpZVq5+MzJiO2dVWZEVM0/T10zN0Blap3x3HZnI1rRph8+
fAhHI8OlQNY08NqDcUnvPWxr9A0v12xVb1f79GmzjadHgwswEDWIFvBj6lUTLnw4
pCaVsWDl//onaeHbMH26O7CP+1xeLB5tXh/7r9IaFnqmMDDyTXRhifQWJA2RAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUXCBgTpufgfCmTpEBRa58gE4EDOEwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2NjZDM4ODRhLWMzODUt
NGI2NS05ODY2LTRmNjM4MzE3MjY3Mi8wL0FTMjExNDE1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAk33W
AwQAk339MA0GCSqGSIb3DQEBCwUAA4IBAQA7pa1r5jPAjfsfwwerXBYvRcsiLwQV
1zQkeewh6KWI1TWNVRRjr+33mEYeSo8/nkMWn0VG8f8NnQrjO+zYHF1DYwYwvRJh
jc/CrXWtJUvf2USA8x+xR2QhMSMSG6a0h5bTRrFwdfe2zuTVgXjnAVW8LMZ9W2BA
VrX436Vl4Imzi+yYp4dka3D0uZpZiKT+I6fQYu1+LUjwYrUCNE4puRcEne7A9F4Z
DozxpCJ2TQDUPOoSIk0/DTbxpwKNq4v15QzuHkwg+BLqG8obqMHRy6MTKMfjp7KP
lvAJ77lMK/Ac1hTNFbFaqxK786nB1pIt9xe+Sdcss86f98f058htW2mu
-----END CERTIFICATE-----