Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS136621.roa
File:                     AS136621.roa (raw, json)
Hash identifier:          tgNQULpQullc5fjHKwaNsVZ26k+Gmq+rUYnZGbKwXKs=
Subject key identifier:   FA:86:B6:27:F1:68:2A:6E:C5:3C:42:90:E9:40:1E:6F:1B:0E:E0:31
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       5A438DA49EA7865F6CE856E30BB3E3D61C104AE0
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS136621.roa
Signing time:             Thu 30 Apr 2026 18:47:07 +0000
ROA not before:           Thu 30 Apr 2026 18:42:07 +0000
ROA not after:            Thu 29 Apr 2027 18:47:07 +0000
asID:                     136621
IP address blocks:        2a13:9500:72::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:43:8d:a4:9e:a7:86:5f:6c:e8:56:e3:0b:b3:e3:d6:1c:10:4a:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 30 18:42:07 2026 GMT
            Not After : Apr 29 18:47:07 2027 GMT
        Subject: CN=FA86B627F1682A6EC53C4290E9401E6F1B0EE031
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:24:84:37:91:f6:ed:de:33:e8:61:cc:85:d0:
                    b9:be:f8:91:6b:ff:c6:56:39:f0:ff:42:11:fd:69:
                    da:d7:6f:bf:f7:af:35:7f:eb:1c:fd:54:15:a2:cd:
                    41:04:b1:0b:1c:88:93:8d:ca:f9:6c:9b:d5:71:e6:
                    49:0b:cd:52:2a:69:7d:27:59:8e:36:06:db:fd:dd:
                    05:fc:64:5a:95:b0:15:4e:63:9c:95:58:52:a1:fd:
                    d1:68:5d:00:3f:72:14:a7:36:6c:53:19:b2:38:04:
                    c5:00:c4:09:68:3b:6b:59:39:c5:52:92:c1:a9:cb:
                    f4:11:f5:6b:3c:ce:9e:aa:14:0c:56:e2:bc:17:58:
                    1b:39:95:bf:74:31:db:99:0a:6e:cc:12:df:e2:f0:
                    69:cd:fd:f4:21:96:9a:ff:f1:36:5e:21:48:44:fb:
                    bb:a8:dd:51:30:a9:d9:ee:52:d1:59:e5:f4:47:3a:
                    fd:15:d0:85:8b:4c:96:4b:f6:a8:aa:45:45:69:d6:
                    ee:71:de:c9:bc:cb:5d:eb:28:2a:73:e4:43:b0:c5:
                    89:5f:b4:60:ed:70:a8:fe:d0:72:cf:12:74:36:dd:
                    88:9d:53:3c:5d:ae:dc:4b:7c:82:31:56:a2:94:73:
                    63:51:88:f5:c4:d1:0e:78:97:13:04:f0:5f:a4:d1:
                    ab:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:86:B6:27:F1:68:2A:6E:C5:3C:42:90:E9:40:1E:6F:1B:0E:E0:31
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS136621.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:72::/48

    Signature Algorithm: sha256WithRSAEncryption
         01:55:97:42:f9:06:c1:e2:f3:80:d6:f2:d0:1d:26:25:c2:14:
         b3:a5:b1:00:a7:dc:c0:50:1d:d3:0f:b4:3b:04:4f:0c:44:75:
         ff:02:85:4a:c2:aa:78:89:be:d4:25:47:37:2d:62:43:25:d6:
         7e:8b:8e:00:7b:f5:24:90:f9:15:c1:46:de:5b:8e:c2:ff:96:
         74:a9:18:3e:8a:b4:9e:2e:ce:30:31:41:41:7f:86:2a:09:17:
         e3:34:ae:1a:df:e4:d6:74:46:6d:ab:25:f6:7e:d3:e8:2f:9b:
         f8:68:9d:70:b1:c1:99:62:6b:15:08:11:de:2b:7e:b2:7f:7e:
         e7:07:17:15:8a:a9:e8:b2:40:d7:6d:a4:68:75:08:55:6c:51:
         44:b0:74:fa:bc:31:85:b9:e4:c5:42:9d:84:bd:2b:8d:12:58:
         07:44:64:89:58:78:6c:1c:e7:25:ef:b3:00:92:b8:02:3e:f7:
         5e:0b:b2:2b:18:90:e0:9c:b5:ec:c2:fa:94:21:40:2e:7b:ed:
         51:72:31:7a:f3:e3:85:fa:88:75:5e:b1:9b:42:09:47:c1:9e:
         1f:62:be:32:65:1d:69:6a:61:76:e1:28:e7:2c:bd:a8:ce:a6:
         c3:71:9a:50:58:20:0b:bf:a3:54:c2:6f:f2:01:18:d5:cb:ce:
         51:a8:15:49
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUWkONpJ6nhl9s6FbjC7Pj1hwQSuAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MzAxODQyMDdaFw0yNzA0MjkxODQ3MDdaMDMxMTAvBgNV
BAMTKEZBODZCNjI3RjE2ODJBNkVDNTNDNDI5MEU5NDAxRTZGMUIwRUUwMzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYJIQ3kfbt3jPoYcyF0Lm++JFr
/8ZWOfD/QhH9adrXb7/3rzV/6xz9VBWizUEEsQsciJONyvlsm9Vx5kkLzVIqaX0n
WY42Btv93QX8ZFqVsBVOY5yVWFKh/dFoXQA/chSnNmxTGbI4BMUAxAloO2tZOcVS
ksGpy/QR9Ws8zp6qFAxW4rwXWBs5lb90MduZCm7MEt/i8GnN/fQhlpr/8TZeIUhE
+7uo3VEwqdnuUtFZ5fRHOv0V0IWLTJZL9qiqRUVp1u5x3sm8y13rKCpz5EOwxYlf
tGDtcKj+0HLPEnQ23YidUzxdrtxLfIIxVqKUc2NRiPXE0Q54lxME8F+k0avnAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU+oa2J/FoKm7FPEKQ6UAebxsO4DEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTM2NjIxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAByMA0GCSqGSIb3DQEBCwUAA4IBAQABVZdC+QbB4vOA1vLQHSYlwhSzpbEAp9zA
UB3TD7Q7BE8MRHX/AoVKwqp4ib7UJUc3LWJDJdZ+i44Ae/UkkPkVwUbeW47C/5Z0
qRg+irSeLs4wMUFBf4YqCRfjNK4a3+TWdEZtqyX2ftPoL5v4aJ1wscGZYmsVCBHe
K36yf37nBxcViqnoskDXbaRodQhVbFFEsHT6vDGFueTFQp2EvSuNElgHRGSJWHhs
HOcl77MAkrgCPvdeC7IrGJDgnLXswvqUIUAue+1RcjF68+OF+oh1XrGbQglHwZ4f
Yr4yZR1pamF24SjnLL2ozqbDcZpQWCALv6NUwm/yARjVy85RqBVJ
-----END CERTIFICATE-----