Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS213495.roa
File:                     AS213495.roa (raw, json)
Hash identifier:          YZ1wKw/5qvtBkcx8lKmCURA0SCWq9wlYjZq8VsK2DzE=
Subject key identifier:   21:0B:3F:8F:6C:8E:8B:C7:24:77:77:C2:D9:9D:22:B2:01:D4:12:7D
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       496E9F9275E7EB1356EED4AA14CB8D7C41CB8EEC
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS213495.roa
Signing time:             Tue 30 Sep 2025 10:03:15 +0000
ROA not before:           Tue 30 Sep 2025 09:58:15 +0000
ROA not after:            Tue 29 Sep 2026 10:03:15 +0000
asID:                     213495
IP address blocks:        82.139.220.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:6e:9f:92:75:e7:eb:13:56:ee:d4:aa:14:cb:8d:7c:41:cb:8e:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep 30 09:58:15 2025 GMT
            Not After : Sep 29 10:03:15 2026 GMT
        Subject: CN=210B3F8F6C8E8BC7247777C2D99D22B201D4127D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:65:fc:11:42:8f:2f:f2:6d:8c:b3:12:03:e8:
                    46:5b:c0:45:ff:15:6e:96:8a:46:e8:56:2e:5c:63:
                    f0:ba:20:38:5c:e8:0a:25:8b:2b:c8:44:31:bf:8a:
                    10:d5:67:cb:5d:d0:e6:ef:3a:ba:f4:9f:c3:83:9f:
                    91:01:94:d8:a9:4f:ec:fa:18:42:91:c9:b5:5b:a7:
                    72:bd:71:97:1f:fc:ec:6f:23:69:b6:4e:9d:aa:9a:
                    85:5f:58:30:ec:42:67:0f:ac:3d:49:65:1d:01:e8:
                    f5:be:c7:c1:d6:dd:f6:02:c6:48:0d:cc:9e:5c:62:
                    c7:1a:2c:62:fb:49:4a:32:b7:d0:d1:3a:f1:f2:2a:
                    fe:ff:8d:44:0f:93:34:36:3b:90:6e:45:f0:64:51:
                    40:6c:f4:73:34:d1:b5:fc:ed:33:1e:b5:18:e2:89:
                    58:61:67:9f:23:8f:ea:3e:0e:20:5f:df:6e:50:ba:
                    06:21:37:0c:1f:a0:16:1f:cd:19:53:e9:cc:87:b8:
                    a9:27:fd:ac:97:36:8a:02:ae:39:e4:6c:b5:b0:7c:
                    73:e7:24:db:a5:09:ca:89:50:1d:c5:37:28:0f:83:
                    56:41:84:cb:92:fa:10:0d:49:e9:84:95:d4:80:1f:
                    7b:8a:04:32:e1:50:a2:38:19:2b:85:52:24:b8:ee:
                    ea:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:0B:3F:8F:6C:8E:8B:C7:24:77:77:C2:D9:9D:22:B2:01:D4:12:7D
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS213495.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.139.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5d:4a:e0:90:55:14:b1:81:89:42:19:9b:f4:06:bb:96:cc:3c:
         e7:24:02:5a:a5:0e:f5:95:8f:80:c6:70:3c:d8:fe:57:87:06:
         2e:a8:8b:bb:27:49:2e:b0:79:b3:7a:c9:3b:f9:b0:d2:be:b1:
         3f:e4:88:8e:8e:ed:7f:79:a2:82:89:39:1e:3c:72:93:a2:01:
         39:fe:56:3e:ce:88:54:0a:f1:76:58:32:ea:43:f6:d6:15:14:
         4d:d0:f9:e2:3f:27:d8:85:da:bd:3c:87:4e:74:76:cd:c5:29:
         f6:40:de:8d:61:d2:1b:00:d5:b7:86:d2:6b:07:7d:a6:6a:92:
         56:16:dd:e4:ef:f9:a7:64:65:1b:fc:6b:69:17:87:56:12:16:
         4c:7e:48:15:96:78:1f:a5:f8:d3:c4:9a:d2:37:ec:17:dc:4b:
         57:0b:67:76:2e:b5:74:dc:09:f0:c8:5d:95:ef:42:67:d1:7c:
         6e:a1:f0:23:ee:45:fe:cd:19:f6:3d:82:89:7c:79:72:27:73:
         1d:e6:02:9f:18:69:54:82:f3:78:98:c1:e7:69:fd:02:23:94:
         3b:18:df:7a:ed:dc:bd:c2:f0:2f:42:90:e9:10:bc:b2:8b:3d:
         e5:1e:f9:73:42:18:68:5a:9f:64:f7:9a:11:ef:33:7e:b2:21:
         62:a6:8f:35
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUSW6fknXn6xNW7tSqFMuNfEHLjuwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MzAwOTU4MTVaFw0yNjA5MjkxMDAzMTVaMDMxMTAvBgNV
BAMTKDIxMEIzRjhGNkM4RThCQzcyNDc3NzdDMkQ5OUQyMkIyMDFENDEyN0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaZfwRQo8v8m2MsxID6EZbwEX/
FW6WikboVi5cY/C6IDhc6AoliyvIRDG/ihDVZ8td0ObvOrr0n8ODn5EBlNipT+z6
GEKRybVbp3K9cZcf/OxvI2m2Tp2qmoVfWDDsQmcPrD1JZR0B6PW+x8HW3fYCxkgN
zJ5cYscaLGL7SUoyt9DROvHyKv7/jUQPkzQ2O5BuRfBkUUBs9HM00bX87TMetRji
iVhhZ58jj+o+DiBf325QugYhNwwfoBYfzRlT6cyHuKkn/ayXNooCrjnkbLWwfHPn
JNulCcqJUB3FNygPg1ZBhMuS+hANSemEldSAH3uKBDLhUKI4GSuFUiS47uo1AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUIQs/j2yOi8ckd3fC2Z0isgHUEn0wHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMjEzNDk1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUovc
MA0GCSqGSIb3DQEBCwUAA4IBAQBdSuCQVRSxgYlCGZv0BruWzDznJAJapQ71lY+A
xnA82P5XhwYuqIu7J0kusHmzesk7+bDSvrE/5IiOju1/eaKCiTkePHKTogE5/lY+
zohUCvF2WDLqQ/bWFRRN0PniPyfYhdq9PIdOdHbNxSn2QN6NYdIbANW3htJrB32m
apJWFt3k7/mnZGUb/GtpF4dWEhZMfkgVlngfpfjTxJrSN+wX3EtXC2d2LrV03Anw
yF2V70Jn0XxuofAj7kX+zRn2PYKJfHlyJ3Md5gKfGGlUgvN4mMHnaf0CI5Q7GN96
7dy9wvAvQpDpELyyiz3lHvlzQhhoWp9k95oR7zN+siFipo81
-----END CERTIFICATE-----