Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS152565.roa
File:                     AS152565.roa (raw, json)
Hash identifier:          nT5Pa0tQKKs98+MYQ+3e86IodXuaTVKjBk8zY0IR+C8=
Subject key identifier:   41:F9:7F:86:2A:5A:4F:0F:76:4F:75:73:BC:F3:19:85:A8:59:BD:03
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       5343CD5299454757F432F082AD168C355C2F94D9
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS152565.roa
Signing time:             Sat 23 Aug 2025 15:00:22 +0000
ROA not before:           Sat 23 Aug 2025 14:55:22 +0000
ROA not after:            Sat 22 Aug 2026 15:00:22 +0000
asID:                     152565
IP address blocks:        2a13:9500:cb::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 15:50:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:43:cd:52:99:45:47:57:f4:32:f0:82:ad:16:8c:35:5c:2f:94:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Aug 23 14:55:22 2025 GMT
            Not After : Aug 22 15:00:22 2026 GMT
        Subject: CN=41F97F862A5A4F0F764F7573BCF31985A859BD03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:a9:19:70:c1:4c:90:bf:ac:54:e2:2c:fe:8a:
                    57:77:56:df:0a:8f:b2:5b:71:f2:fb:a5:99:12:d2:
                    8e:89:3d:13:5a:90:83:03:b1:4b:56:d6:99:d3:15:
                    e4:f4:65:30:06:34:d5:bf:6c:05:45:58:d5:3f:de:
                    4c:3d:3d:6e:ae:19:11:67:31:91:45:66:58:9f:e5:
                    19:e3:cb:23:4a:9f:8c:47:ae:9e:c9:fe:c3:b2:03:
                    a4:10:2d:71:24:68:9f:0b:76:ce:92:bd:d7:e7:fc:
                    83:58:c3:4e:43:dc:18:7c:42:e3:fa:75:e2:d9:7e:
                    4c:ae:ee:be:a9:70:8c:23:c7:9c:f0:d0:4c:7c:0d:
                    e0:75:cf:50:ee:af:13:c0:82:63:fe:39:40:07:ee:
                    7f:95:f0:30:f1:e3:ca:f4:db:de:e6:8c:53:f2:fa:
                    95:32:31:01:48:f9:54:62:a5:49:ff:6d:0b:38:df:
                    86:c8:2b:72:f9:7a:66:ef:45:52:d5:6d:85:27:a3:
                    2e:e3:b9:4e:34:12:a9:ba:3a:05:46:f7:85:86:63:
                    45:c3:d9:f7:d4:5a:01:62:48:02:5d:38:d3:3b:94:
                    49:5e:23:e8:34:5c:56:30:ab:e4:18:39:a6:b2:ca:
                    e2:c8:9a:22:c7:37:2e:e5:8a:fe:fa:a6:b1:96:1b:
                    ef:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:F9:7F:86:2A:5A:4F:0F:76:4F:75:73:BC:F3:19:85:A8:59:BD:03
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS152565.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:cb::/48

    Signature Algorithm: sha256WithRSAEncryption
         a3:e2:a3:62:df:9a:90:d3:10:fd:60:7e:8e:ed:14:96:9d:13:
         a5:39:1c:cf:85:69:9a:d5:2f:7b:2e:52:71:e1:79:16:0d:eb:
         db:12:66:77:78:e7:96:77:c7:d8:a9:b9:8f:eb:79:2f:03:17:
         8f:ee:1b:2c:0e:3c:45:75:c1:01:76:12:5e:e2:ce:a3:fd:d1:
         61:58:02:dc:34:f3:43:80:f1:d5:2f:8c:dd:e8:a8:93:13:ff:
         53:91:f9:61:6a:25:b7:94:f0:47:9b:34:74:d1:2c:8d:58:61:
         5a:54:68:09:cb:87:34:07:ef:84:52:0c:8f:40:2a:ad:17:a9:
         27:7e:df:18:0a:31:02:8e:39:67:d7:48:cb:28:e3:b3:a3:64:
         36:0b:b5:20:ac:93:e1:40:71:12:22:90:14:8a:a0:be:e4:5f:
         6d:e3:75:5c:bc:39:29:b6:67:98:42:fa:48:0e:a5:37:54:4b:
         3d:d6:42:22:e1:41:92:1f:1a:53:96:37:0f:5d:92:22:f5:1b:
         33:60:6b:ad:d1:3f:98:c5:43:e3:e0:86:e9:8a:8f:db:a8:a8:
         df:a9:a7:8b:4a:30:99:06:ea:8d:f8:e3:e3:b3:ea:7e:63:48:
         62:41:d5:dc:25:f5:49:15:3e:88:7f:e7:a8:58:56:ae:32:d7:
         f6:e8:b6:f8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUU0PNUplFR1f0MvCCrRaMNVwvlNkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA4MjMxNDU1MjJaFw0yNjA4MjIxNTAwMjJaMDMxMTAvBgNV
BAMTKDQxRjk3Rjg2MkE1QTRGMEY3NjRGNzU3M0JDRjMxOTg1QTg1OUJEMDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNqRlwwUyQv6xU4iz+ild3Vt8K
j7JbcfL7pZkS0o6JPRNakIMDsUtW1pnTFeT0ZTAGNNW/bAVFWNU/3kw9PW6uGRFn
MZFFZlif5RnjyyNKn4xHrp7J/sOyA6QQLXEkaJ8Lds6Svdfn/INYw05D3Bh8QuP6
deLZfkyu7r6pcIwjx5zw0Ex8DeB1z1DurxPAgmP+OUAH7n+V8DDx48r0297mjFPy
+pUyMQFI+VRipUn/bQs434bIK3L5embvRVLVbYUnoy7juU40Eqm6OgVG94WGY0XD
2ffUWgFiSAJdONM7lEleI+g0XFYwq+QYOaayyuLImiLHNy7liv76prGWG+/xAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUQfl/hipaTw92T3VzvPMZhahZvQMwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTUyNTY1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AADLMA0GCSqGSIb3DQEBCwUAA4IBAQCj4qNi35qQ0xD9YH6O7RSWnROlORzPhWma
1S97LlJx4XkWDevbEmZ3eOeWd8fYqbmP63kvAxeP7hssDjxFdcEBdhJe4s6j/dFh
WALcNPNDgPHVL4zd6KiTE/9TkflhaiW3lPBHmzR00SyNWGFaVGgJy4c0B++EUgyP
QCqtF6knft8YCjECjjln10jLKOOzo2Q2C7UgrJPhQHESIpAUiqC+5F9t43VcvDkp
tmeYQvpIDqU3VEs91kIi4UGSHxpTljcPXZIi9RszYGut0T+YxUPj4Ibpio/bqKjf
qaeLSjCZBuqN+OPjs+p+Y0hiQdXcJfVJFT6If+eoWFauMtf26Lb4
-----END CERTIFICATE-----