Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS135325.roa
File:                     AS135325.roa (raw, json)
Hash identifier:          iLXFpgA1zldgS53J0+0IESbG4wZSM56GZs7KIQYi7zc=
Subject key identifier:   51:FA:CA:17:F8:26:1A:AD:82:FA:7D:45:E7:E4:89:96:47:FB:17:7C
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       48408259FAC9B4D66C6BB9774115AB8734E1FABC
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS135325.roa
Signing time:             Mon 09 Mar 2026 13:08:41 +0000
ROA not before:           Mon 09 Mar 2026 13:03:41 +0000
ROA not after:            Mon 08 Mar 2027 13:08:41 +0000
asID:                     135325
IP address blocks:        2a13:9500:148::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:40:82:59:fa:c9:b4:d6:6c:6b:b9:77:41:15:ab:87:34:e1:fa:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar  9 13:03:41 2026 GMT
            Not After : Mar  8 13:08:41 2027 GMT
        Subject: CN=51FACA17F8261AAD82FA7D45E7E4899647FB177C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:33:65:fd:70:de:b4:cf:56:0e:1a:db:7c:90:
                    37:1c:5b:08:cd:a5:54:1e:b5:a1:bb:64:d8:e5:c1:
                    78:c7:2e:87:00:8e:d2:ea:24:00:f5:0f:15:33:80:
                    0c:88:49:d4:9f:38:06:fc:69:94:de:d1:a6:fb:bf:
                    4f:23:46:92:44:70:a4:15:db:e3:de:c6:f9:5a:d2:
                    10:7d:65:1e:e1:c7:60:d2:a2:a2:23:6a:a8:5d:87:
                    ac:53:66:11:33:b9:73:8f:a1:63:6c:f8:3a:78:93:
                    04:91:f1:ed:28:f0:b1:11:96:af:b6:b8:c7:de:7d:
                    5d:bf:79:a1:b4:c5:10:e5:bf:0e:03:e0:5a:2d:3b:
                    72:f8:ca:ea:0b:93:8b:65:2a:5b:5e:eb:57:13:95:
                    af:22:99:3d:a6:42:0d:a5:39:e1:60:29:4b:bd:53:
                    21:14:a9:ff:b9:e2:08:40:ae:f7:47:89:9b:fc:18:
                    b0:13:5b:df:45:1c:68:ee:8b:66:6d:a2:f2:b8:20:
                    a8:a3:1b:be:16:fa:82:66:bc:7b:d0:23:7e:27:cb:
                    09:02:0e:ef:95:a6:24:f5:73:eb:34:42:da:10:74:
                    33:38:e7:a5:0b:ee:98:2c:a6:40:77:40:a8:f8:29:
                    d3:b5:30:9c:3a:46:cb:30:f6:ad:06:bc:fc:6d:fe:
                    6e:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:FA:CA:17:F8:26:1A:AD:82:FA:7D:45:E7:E4:89:96:47:FB:17:7C
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS135325.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:148::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:d8:65:22:a6:d3:87:cb:ce:f9:7e:c6:e2:59:d4:ca:8b:3f:
         d7:73:2b:26:f3:f3:43:b4:42:e3:2b:2b:91:73:ce:3b:e6:92:
         97:7d:ee:68:dd:58:dc:7f:ca:6e:f7:77:c6:2e:86:79:1d:23:
         90:34:e8:42:2c:04:ae:02:b2:32:a2:2c:f8:60:9b:46:33:ef:
         36:68:b3:ee:55:5b:1d:46:8f:8e:c6:f7:52:ce:d0:04:1f:17:
         75:19:6b:00:45:fd:88:1a:b8:28:57:9c:8f:b5:58:8b:fa:51:
         d0:4c:db:bb:cf:b7:b0:89:6d:51:1a:9d:19:f6:a1:05:46:91:
         1e:23:48:e6:cf:4d:59:ed:b3:e8:a0:b4:ad:3a:cc:4c:32:bd:
         37:fa:2d:37:ab:ee:0c:f1:87:22:2c:eb:93:0f:39:17:2e:8b:
         87:a3:e5:6c:4c:26:95:8b:4b:92:de:2c:43:f5:2e:c4:d7:d0:
         88:98:b2:f5:43:d6:5d:3b:b3:04:b3:2f:35:de:17:ca:d2:1e:
         0c:2e:02:0f:eb:33:9b:47:02:f3:e3:7b:94:40:58:9b:49:9f:
         74:81:30:6d:20:e6:14:e2:f8:10:62:0b:5b:bb:96:47:b2:cd:
         99:e1:e2:d9:7a:cc:bf:10:be:28:3a:52:0e:76:74:44:c0:74:
         ab:99:cb:f3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUSECCWfrJtNZsa7l3QRWrhzTh+rwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMDkxMzAzNDFaFw0yNzAzMDgxMzA4NDFaMDMxMTAvBgNV
BAMTKDUxRkFDQTE3RjgyNjFBQUQ4MkZBN0Q0NUU3RTQ4OTk2NDdGQjE3N0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTM2X9cN60z1YOGtt8kDccWwjN
pVQetaG7ZNjlwXjHLocAjtLqJAD1DxUzgAyISdSfOAb8aZTe0ab7v08jRpJEcKQV
2+Pexvla0hB9ZR7hx2DSoqIjaqhdh6xTZhEzuXOPoWNs+Dp4kwSR8e0o8LERlq+2
uMfefV2/eaG0xRDlvw4D4FotO3L4yuoLk4tlKlte61cTla8imT2mQg2lOeFgKUu9
UyEUqf+54ghArvdHiZv8GLATW99FHGjui2ZtovK4IKijG74W+oJmvHvQI34nywkC
Du+VpiT1c+s0QtoQdDM456UL7pgspkB3QKj4KdO1MJw6Rssw9q0GvPxt/m5NAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUUfrKF/gmGq2C+n1F5+SJlkf7F3wwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTM1MzI1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAFIMA0GCSqGSIb3DQEBCwUAA4IBAQAC2GUiptOHy875fsbiWdTKiz/Xcysm8/ND
tELjKyuRc8475pKXfe5o3Vjcf8pu93fGLoZ5HSOQNOhCLASuArIyoiz4YJtGM+82
aLPuVVsdRo+OxvdSztAEHxd1GWsARf2IGrgoV5yPtViL+lHQTNu7z7ewiW1RGp0Z
9qEFRpEeI0jmz01Z7bPooLStOsxMMr03+i03q+4M8YciLOuTDzkXLouHo+VsTCaV
i0uS3ixD9S7E19CImLL1Q9ZdO7MEsy813hfK0h4MLgIP6zObRwLz43uUQFibSZ90
gTBtIOYU4vgQYgtbu5ZHss2Z4eLZesy/EL4oOlIOdnREwHSrmcvz
-----END CERTIFICATE-----