Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS142401.roa
File:                     AS142401.roa (raw, json)
Hash identifier:          9s1Mm9cz0X146VEC9ByhZITxyCAk89dQmPRJhk2W67g=
Subject key identifier:   87:FB:85:D7:C0:2E:A1:BF:95:7E:D8:A1:BF:DB:D2:E2:C6:FA:2D:51
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       2DC54BD061A790E34F58935694B95049C64F3F80
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS142401.roa
Signing time:             Sun 08 Mar 2026 16:49:35 +0000
ROA not before:           Sun 08 Mar 2026 16:44:35 +0000
ROA not after:            Sun 07 Mar 2027 16:49:35 +0000
asID:                     142401
IP address blocks:        2a13:9500:147::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:c5:4b:d0:61:a7:90:e3:4f:58:93:56:94:b9:50:49:c6:4f:3f:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar  8 16:44:35 2026 GMT
            Not After : Mar  7 16:49:35 2027 GMT
        Subject: CN=87FB85D7C02EA1BF957ED8A1BFDBD2E2C6FA2D51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:cd:1e:c5:84:f0:c0:76:cc:fd:7a:de:52:f0:
                    99:aa:0f:85:6a:41:ea:3d:22:1d:47:59:5a:fb:87:
                    a5:e5:f0:81:b6:4a:1a:49:53:38:a3:98:b3:d8:d1:
                    bb:dc:b6:72:53:01:5c:47:43:e0:5d:ba:c8:b6:f4:
                    64:57:be:ce:1c:0a:48:59:64:d3:70:4b:54:d7:81:
                    41:91:37:b6:a6:87:b8:1f:c7:bf:5f:02:83:9f:0d:
                    cb:e8:a3:48:95:75:7c:b8:4b:3e:d4:3a:89:46:f7:
                    03:8c:26:ba:29:c9:ce:fd:95:80:8b:ac:c5:e2:c0:
                    c2:bb:a1:c1:ce:07:c4:ef:b6:b0:c1:1d:e3:4a:3b:
                    6c:92:1c:b5:2a:db:c0:79:70:4f:f8:2e:8d:db:84:
                    50:f1:e4:97:5b:68:8d:76:33:6b:19:8d:59:a4:e0:
                    23:ee:9d:69:b7:ea:7a:2a:86:c9:6c:e4:2f:ed:b1:
                    3d:38:20:5d:c9:c6:c9:33:bb:21:b1:77:72:4e:62:
                    e8:6e:fd:f6:47:cd:61:8a:fd:b7:10:e9:e4:6f:e4:
                    ac:02:ef:11:89:d9:52:82:e4:33:ed:6a:ea:f4:3d:
                    4a:97:b5:b6:67:c5:e4:8d:64:73:01:f9:b2:9b:db:
                    f0:0f:70:08:f9:2f:86:a9:cb:20:49:af:4c:70:3b:
                    e6:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:FB:85:D7:C0:2E:A1:BF:95:7E:D8:A1:BF:DB:D2:E2:C6:FA:2D:51
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS142401.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:147::/48

    Signature Algorithm: sha256WithRSAEncryption
         99:d8:a7:67:26:8d:4d:13:6c:0e:30:68:e6:cc:33:7d:5f:da:
         a3:08:67:41:41:97:9c:42:b1:a3:1b:f8:10:60:7b:28:58:36:
         e3:59:6b:4b:5b:a8:4a:f3:4a:d1:f2:d3:35:0f:4a:87:cf:ee:
         6f:63:0a:ab:93:a4:19:e4:ea:01:ea:db:0b:2e:f4:06:99:11:
         5c:2b:c4:42:37:de:e4:ba:11:f8:05:dd:7e:7a:8c:73:86:37:
         ba:4d:67:7c:0f:e1:b5:ac:2b:f3:53:26:bb:9b:dd:74:85:5b:
         b0:d6:99:da:87:a6:28:3b:b8:6f:6a:8b:8b:22:f9:e6:79:43:
         c6:e8:7c:82:ec:cb:f1:60:e6:98:c9:4b:cf:3e:06:ca:88:44:
         ff:8d:f4:48:d9:d3:c1:76:af:38:23:34:c7:0a:a2:d6:29:17:
         c6:b3:93:61:1d:cd:30:89:7f:c9:f9:a1:d9:77:d6:a0:64:ad:
         e4:9a:d8:b7:49:82:c4:e0:88:27:97:e6:62:53:bd:a4:88:33:
         d4:22:28:2a:18:17:cf:7a:d4:4e:59:00:33:ee:76:15:29:35:
         c9:48:01:c4:e4:59:1e:8a:5c:cb:7b:e2:d2:8a:f4:fe:ef:23:
         69:21:3d:90:1b:b3:4e:86:54:14:94:52:8b:09:50:c8:5c:98:
         61:b7:a1:4b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIULcVL0GGnkONPWJNWlLlQScZPP4AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMDgxNjQ0MzVaFw0yNzAzMDcxNjQ5MzVaMDMxMTAvBgNV
BAMTKDg3RkI4NUQ3QzAyRUExQkY5NTdFRDhBMUJGREJEMkUyQzZGQTJENTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCozR7FhPDAdsz9et5S8JmqD4Vq
Qeo9Ih1HWVr7h6Xl8IG2ShpJUzijmLPY0bvctnJTAVxHQ+Bdusi29GRXvs4cCkhZ
ZNNwS1TXgUGRN7amh7gfx79fAoOfDcvoo0iVdXy4Sz7UOolG9wOMJropyc79lYCL
rMXiwMK7ocHOB8TvtrDBHeNKO2ySHLUq28B5cE/4Lo3bhFDx5JdbaI12M2sZjVmk
4CPunWm36noqhsls5C/tsT04IF3JxskzuyGxd3JOYuhu/fZHzWGK/bcQ6eRv5KwC
7xGJ2VKC5DPtaur0PUqXtbZnxeSNZHMB+bKb2/APcAj5L4apyyBJr0xwO+aNAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUh/uF18Auob+Vftihv9vS4sb6LVEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTQyNDAxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAFHMA0GCSqGSIb3DQEBCwUAA4IBAQCZ2KdnJo1NE2wOMGjmzDN9X9qjCGdBQZec
QrGjG/gQYHsoWDbjWWtLW6hK80rR8tM1D0qHz+5vYwqrk6QZ5OoB6tsLLvQGmRFc
K8RCN97kuhH4Bd1+eoxzhje6TWd8D+G1rCvzUya7m910hVuw1pnah6YoO7hvaouL
IvnmeUPG6HyC7MvxYOaYyUvPPgbKiET/jfRI2dPBdq84IzTHCqLWKRfGs5NhHc0w
iX/J+aHZd9agZK3kmti3SYLE4Ignl+ZiU72kiDPUIigqGBfPetROWQAz7nYVKTXJ
SAHE5FkeilzLe+LSivT+7yNpIT2QG7NOhlQUlFKLCVDIXJhht6FL
-----END CERTIFICATE-----