Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS212609.roa
File:                     AS212609.roa (raw, json)
Hash identifier:          h287YNomtskDOPEQA57TiiiZ9+NIMepRK1K0V/gWE/E=
Subject key identifier:   7E:3F:67:58:BD:32:A7:1A:B0:DF:1D:B3:C4:F2:11:3B:52:EF:41:30
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       75695C6FCC69C59F8620C7C1403F12ACE1910365
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS212609.roa
Signing time:             Wed 04 Mar 2026 13:33:09 +0000
ROA not before:           Wed 04 Mar 2026 13:28:09 +0000
ROA not after:            Wed 03 Mar 2027 13:33:09 +0000
asID:                     212609
IP address blocks:        147.125.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 10:24:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:69:5c:6f:cc:69:c5:9f:86:20:c7:c1:40:3f:12:ac:e1:91:03:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Mar  4 13:28:09 2026 GMT
            Not After : Mar  3 13:33:09 2027 GMT
        Subject: CN=7E3F6758BD32A71AB0DF1DB3C4F2113B52EF4130
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:6b:7c:85:1a:c8:5f:3f:7b:46:e1:43:a5:40:
                    fd:3f:88:c7:a6:c3:e5:1d:48:31:86:d0:93:43:34:
                    b5:fc:82:cc:cd:f0:1e:5b:08:83:e2:12:63:95:02:
                    9d:e3:8b:76:3a:e5:7d:46:af:3c:82:1c:54:9f:27:
                    8c:b5:a2:f8:b6:c9:6e:4d:be:d0:bd:bd:d4:12:ce:
                    fc:d8:95:df:b3:65:44:5f:cc:6d:48:41:c6:e8:87:
                    d6:9a:da:96:21:3f:63:92:aa:fd:8f:4d:45:26:fa:
                    04:83:9d:86:ed:7a:c3:a3:68:65:78:37:b9:ab:93:
                    ae:b9:59:73:a4:00:e8:ed:2a:82:c6:5a:3f:a2:01:
                    90:4d:04:39:48:c2:b9:ce:69:bc:38:19:74:96:db:
                    b7:0a:58:00:75:b3:47:94:5b:17:36:48:af:60:39:
                    3c:ef:42:c9:45:dc:9a:fc:ca:e9:2f:00:65:d9:12:
                    69:7d:ef:3a:86:1e:84:67:29:90:17:90:d5:13:02:
                    a9:d2:37:6b:5f:2d:d4:ee:95:b9:02:2d:c4:92:6b:
                    92:cc:8a:97:e7:95:07:2c:d1:dc:02:d9:66:b5:41:
                    d5:48:1a:62:66:af:ef:de:3b:d1:e0:7f:bb:04:16:
                    bc:25:9e:6a:ea:8d:67:2e:70:5e:4c:f8:3d:e3:c8:
                    8a:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:3F:67:58:BD:32:A7:1A:B0:DF:1D:B3:C4:F2:11:3B:52:EF:41:30
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS212609.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:5d:f6:5f:30:89:44:25:33:0e:1a:e4:83:3f:05:e3:11:4b:
         4b:98:09:f8:e7:61:26:46:c3:9e:49:e1:7d:81:c1:a8:dd:b6:
         68:b1:5a:f2:71:97:c9:98:b1:b0:0b:54:78:95:40:c4:c5:38:
         3d:ec:b3:12:83:f4:7c:81:04:35:72:01:96:73:3a:28:cd:50:
         a7:de:d6:d1:a7:82:93:3e:b1:5b:0e:9b:be:a8:c1:db:1a:f8:
         72:91:ff:51:eb:79:02:2e:85:b6:62:2d:ed:57:ef:85:c3:74:
         e3:90:d4:c0:6a:a2:53:c0:0f:41:88:46:ad:96:e1:e0:d9:68:
         3b:eb:c0:1b:ba:a0:24:bb:50:47:44:62:ad:87:17:7c:62:ef:
         da:0c:a3:65:a2:65:ef:c9:32:a1:bb:bb:55:33:45:53:92:4f:
         8a:de:2c:91:6c:4c:d7:a4:41:c9:ea:f7:c3:75:f1:62:a1:88:
         e1:9d:21:5d:1a:85:ef:6f:0c:d7:6b:69:d3:b2:ee:5c:49:39:
         4f:83:3d:1a:82:ea:8d:30:86:6f:e0:b4:f6:ed:05:cc:89:19:
         eb:5c:e8:41:e6:61:76:fe:c8:4f:c4:4d:36:d9:a1:1a:c0:ab:
         89:a0:8a:36:43:04:84:07:a0:7d:be:d4:48:1a:82:e2:ce:68:
         3a:30:41:27
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUdWlcb8xpxZ+GIMfBQD8SrOGRA2UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjAzMDQxMzI4MDlaFw0yNzAzMDMxMzMzMDlaMDMxMTAvBgNV
BAMTKDdFM0Y2NzU4QkQzMkE3MUFCMERGMURCM0M0RjIxMTNCNTJFRjQxMzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaa3yFGshfP3tG4UOlQP0/iMem
w+UdSDGG0JNDNLX8gszN8B5bCIPiEmOVAp3ji3Y65X1GrzyCHFSfJ4y1ovi2yW5N
vtC9vdQSzvzYld+zZURfzG1IQcboh9aa2pYhP2OSqv2PTUUm+gSDnYbtesOjaGV4
N7mrk665WXOkAOjtKoLGWj+iAZBNBDlIwrnOabw4GXSW27cKWAB1s0eUWxc2SK9g
OTzvQslF3Jr8yukvAGXZEml97zqGHoRnKZAXkNUTAqnSN2tfLdTulbkCLcSSa5LM
ipfnlQcs0dwC2Wa1QdVIGmJmr+/eO9Hgf7sEFrwlnmrqjWcucF5M+D3jyIrJAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUfj9nWL0ypxqw3x2zxPIRO1LvQTAwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2NjZDM4ODRhLWMzODUt
NGI2NS05ODY2LTRmNjM4MzE3MjY3Mi8wL0FTMjEyNjA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk33W
MA0GCSqGSIb3DQEBCwUAA4IBAQBgXfZfMIlEJTMOGuSDPwXjEUtLmAn452EmRsOe
SeF9gcGo3bZosVrycZfJmLGwC1R4lUDExTg97LMSg/R8gQQ1cgGWczoozVCn3tbR
p4KTPrFbDpu+qMHbGvhykf9R63kCLoW2Yi3tV++Fw3TjkNTAaqJTwA9BiEatluHg
2Wg768AbuqAku1BHRGKthxd8Yu/aDKNlomXvyTKhu7tVM0VTkk+K3iyRbEzXpEHJ
6vfDdfFioYjhnSFdGoXvbwzXa2nTsu5cSTlPgz0aguqNMIZv4LT27QXMiRnrXOhB
5mF2/shPxE022aEawKuJoIo2QwSEB6B9vtRIGoLizmg6MEEn
-----END CERTIFICATE-----