Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS153060.roa
File:                     AS153060.roa (raw, json)
Hash identifier:          MZFiAfjK4uE3SiR97dQgBfP6E24+b9HDHWing9m1WE0=
Subject key identifier:   22:B9:58:EC:C7:E6:E7:C8:DC:A7:32:A7:01:39:94:99:E4:1B:5F:E6
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       72A0D111FAAB6433AFA2D1FBAE77982D9F6CD48E
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS153060.roa
Signing time:             Tue 19 Aug 2025 09:56:17 +0000
ROA not before:           Tue 19 Aug 2025 09:51:17 +0000
ROA not after:            Tue 18 Aug 2026 09:56:17 +0000
asID:                     153060
IP address blocks:        2a13:9500:c8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:a0:d1:11:fa:ab:64:33:af:a2:d1:fb:ae:77:98:2d:9f:6c:d4:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Aug 19 09:51:17 2025 GMT
            Not After : Aug 18 09:56:17 2026 GMT
        Subject: CN=22B958ECC7E6E7C8DCA732A701399499E41B5FE6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:61:86:c2:22:ba:18:a1:3d:81:d7:01:26:fd:
                    10:94:54:63:a3:52:5e:06:e2:a5:91:11:99:9b:c6:
                    b3:ff:65:5f:c2:48:b6:36:55:5e:14:72:df:ee:91:
                    fa:79:3f:09:91:60:f6:36:a5:10:c2:79:3d:9e:92:
                    eb:03:4c:25:a0:f5:0c:3a:e7:9d:3e:70:e3:38:1b:
                    7c:b3:e9:e8:89:b4:f3:70:d2:8d:b0:4e:a6:22:bf:
                    22:09:30:5c:22:a0:68:f4:d0:69:fb:24:a6:a0:5a:
                    35:a9:73:f3:a5:7b:6b:d1:75:15:cf:a6:ce:70:81:
                    53:03:66:4d:0e:14:a1:6f:94:8e:51:a0:c4:b8:bc:
                    cf:50:54:94:83:d9:0b:d5:1e:57:d3:c2:8a:ac:f4:
                    88:9c:5d:27:0c:29:6a:91:d9:f1:85:4a:a1:5a:b7:
                    2d:d7:09:ac:fe:94:ca:8d:86:e5:3e:8b:90:00:e4:
                    eb:fd:8c:6f:f7:7f:c9:62:28:b3:e7:d3:9d:63:84:
                    85:10:48:7a:25:4f:bb:b6:26:9e:d6:70:9f:c3:61:
                    8f:b5:a4:af:8a:81:50:37:64:18:5c:2b:54:e1:da:
                    0d:a4:b8:64:cf:a4:95:0c:6f:fd:43:66:58:a0:2c:
                    38:7a:56:14:5a:f1:9a:c5:01:d4:bc:b4:ca:2f:90:
                    10:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:B9:58:EC:C7:E6:E7:C8:DC:A7:32:A7:01:39:94:99:E4:1B:5F:E6
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS153060.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:c8::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:a0:b3:05:b9:15:f5:d9:19:ed:94:96:9a:ec:81:12:6b:d5:
         bc:ae:1d:3f:c9:56:ba:a3:c8:5b:59:95:04:c0:50:61:82:4c:
         4c:bd:bc:7d:21:61:46:d8:ff:0c:24:44:87:12:61:8c:f1:59:
         16:09:88:8b:1e:1e:11:8a:8e:bd:cb:ee:b0:5e:5e:25:78:c4:
         fe:9a:12:35:fd:4e:3e:40:04:8b:35:7b:ce:53:66:4a:58:dd:
         11:1c:94:42:f5:17:97:27:dd:06:9b:61:eb:08:9e:46:6c:54:
         27:49:1c:61:12:43:8f:d4:c8:3e:9b:31:d6:d6:6e:1f:80:1a:
         47:af:08:ad:98:26:aa:ca:e0:ed:d1:34:88:0c:71:74:a3:34:
         eb:39:54:8e:b5:d5:b4:6f:77:01:6d:26:d5:5a:b0:86:de:34:
         51:09:e5:a2:f4:cb:8f:65:af:ee:6d:5a:02:75:dd:be:72:99:
         44:1f:ec:10:04:96:df:c3:e8:90:69:25:b6:39:a5:9a:99:4c:
         2f:a6:e2:5b:e2:fe:ba:3a:12:46:d7:ee:12:0c:a9:27:bb:c0:
         17:f6:d9:9f:61:1c:86:06:2b:c9:04:1f:c2:0c:7e:5f:bd:e1:
         8e:01:d6:c1:cf:c9:1c:9f:09:9a:42:4a:28:4c:f9:c6:88:56:
         32:97:e0:3a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUcqDREfqrZDOvotH7rneYLZ9s1I4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA4MTkwOTUxMTdaFw0yNjA4MTgwOTU2MTdaMDMxMTAvBgNV
BAMTKDIyQjk1OEVDQzdFNkU3QzhEQ0E3MzJBNzAxMzk5NDk5RTQxQjVGRTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpYYbCIroYoT2B1wEm/RCUVGOj
Ul4G4qWREZmbxrP/ZV/CSLY2VV4Uct/ukfp5PwmRYPY2pRDCeT2ekusDTCWg9Qw6
550+cOM4G3yz6eiJtPNw0o2wTqYivyIJMFwioGj00Gn7JKagWjWpc/Ole2vRdRXP
ps5wgVMDZk0OFKFvlI5RoMS4vM9QVJSD2QvVHlfTwoqs9IicXScMKWqR2fGFSqFa
ty3XCaz+lMqNhuU+i5AA5Ov9jG/3f8liKLPn051jhIUQSHolT7u2Jp7WcJ/DYY+1
pK+KgVA3ZBhcK1Th2g2kuGTPpJUMb/1DZligLDh6VhRa8ZrFAdS8tMovkBCRAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUIrlY7Mfm58jcpzKnATmUmeQbX+YwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTUzMDYwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AADIMA0GCSqGSIb3DQEBCwUAA4IBAQB6oLMFuRX12RntlJaa7IESa9W8rh0/yVa6
o8hbWZUEwFBhgkxMvbx9IWFG2P8MJESHEmGM8VkWCYiLHh4Rio69y+6wXl4leMT+
mhI1/U4+QASLNXvOU2ZKWN0RHJRC9ReXJ90Gm2HrCJ5GbFQnSRxhEkOP1Mg+mzHW
1m4fgBpHrwitmCaqyuDt0TSIDHF0ozTrOVSOtdW0b3cBbSbVWrCG3jRRCeWi9MuP
Za/ubVoCdd2+cplEH+wQBJbfw+iQaSW2OaWamUwvpuJb4v66OhJG1+4SDKknu8AX
9tmfYRyGBivJBB/CDH5fveGOAdbBz8kcnwmaQkooTPnGiFYyl+A6
-----END CERTIFICATE-----