Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS200213.roa
File:                     AS200213.roa (raw, json)
Hash identifier:          fflTCJiB0jAotNAKvmTyN2qVJft57DAZbmv8cxV58c0=
Subject key identifier:   FB:69:4D:56:D6:63:3B:36:64:F5:6C:E0:CB:2B:12:6A:2B:CD:11:91
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       331CCE1A06F64E12E7E56704D651C72E4369C4CE
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS200213.roa
Signing time:             Mon 23 Mar 2026 07:45:29 +0000
ROA not before:           Mon 23 Mar 2026 07:40:29 +0000
ROA not after:            Mon 22 Mar 2027 07:45:29 +0000
asID:                     200213
IP address blocks:        2a13:9500:155::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:1c:ce:1a:06:f6:4e:12:e7:e5:67:04:d6:51:c7:2e:43:69:c4:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar 23 07:40:29 2026 GMT
            Not After : Mar 22 07:45:29 2027 GMT
        Subject: CN=FB694D56D6633B3664F56CE0CB2B126A2BCD1191
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a4:22:c1:da:29:b4:2f:14:a4:ec:73:e7:da:
                    1b:ca:59:0e:4a:d7:c7:4a:29:0a:fa:a7:00:31:d5:
                    98:6b:b0:c6:ca:ed:e5:81:2d:e9:7a:4a:8b:ce:06:
                    49:8a:b1:6a:f4:35:2f:88:53:3c:ea:61:ca:01:80:
                    c0:13:c7:2c:40:06:89:49:b0:4e:fa:2a:a8:0f:6e:
                    06:65:d9:06:b6:34:5b:3f:86:cd:1a:bc:9d:ca:2d:
                    cc:90:a4:5c:d2:61:c0:b5:18:1d:5e:86:f8:e1:20:
                    06:43:0c:28:58:de:be:ef:d3:69:78:42:13:95:92:
                    d0:de:cc:51:7e:01:ef:83:ab:f7:ff:27:fe:b0:48:
                    21:65:c7:37:1c:07:46:43:7f:53:82:ce:fb:cc:8f:
                    0f:a7:e8:86:97:89:d4:df:c5:f5:17:2c:5a:6d:b6:
                    3f:ba:75:4d:38:14:dd:52:c6:d7:24:87:8b:ef:64:
                    ed:e4:d3:15:c2:59:fa:3b:63:ac:27:d5:f0:85:43:
                    78:6d:0b:ad:cd:7c:57:c4:a4:d1:5c:49:3f:6e:bd:
                    4c:3b:6d:05:3f:06:96:be:76:e4:f2:44:06:f6:cd:
                    c9:c9:22:e0:04:c4:0b:59:7b:9b:19:d8:89:f4:ea:
                    84:e9:eb:74:3d:31:4c:d0:63:04:08:76:4e:d2:eb:
                    d6:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:69:4D:56:D6:63:3B:36:64:F5:6C:E0:CB:2B:12:6A:2B:CD:11:91
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS200213.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:155::/48

    Signature Algorithm: sha256WithRSAEncryption
         4c:26:13:14:82:93:d6:d0:a1:dd:f3:b4:bd:b5:a6:79:e0:87:
         37:85:60:88:d9:ce:a0:89:b0:37:a7:2d:99:f4:37:d8:73:a1:
         13:4b:3d:e3:c9:19:4a:94:3f:7e:9d:cb:b4:ab:94:a0:4d:82:
         70:f4:88:98:79:e7:18:e0:a5:81:fb:ba:f0:d0:77:d1:de:40:
         e7:c8:8f:82:83:54:28:9b:e0:55:cc:f3:7b:53:27:15:5a:d2:
         33:f0:c2:2d:34:e0:12:48:55:2b:c4:32:83:61:32:05:7a:bb:
         de:8b:f7:fc:5b:51:3e:4b:46:02:b9:ec:a5:79:8d:73:f5:78:
         98:44:b5:ca:da:52:1d:18:66:29:fa:fe:a4:50:57:cd:7d:db:
         bc:35:7a:f7:c7:11:7f:a7:2e:31:12:61:bd:68:fa:1c:6a:6c:
         22:f8:58:5c:36:72:35:02:e6:9e:9a:b2:0f:ed:42:3a:bf:f8:
         eb:0a:e8:ef:70:47:9a:e8:85:66:a2:39:53:e5:88:6f:b3:ed:
         5d:80:80:b8:19:f4:11:97:b2:e7:37:5c:10:a6:ef:68:2e:d6:
         23:bb:d2:36:e5:ad:d1:01:fc:61:b1:ef:07:ff:55:05:14:0b:
         55:5f:30:d4:01:76:5a:8b:21:bf:4d:06:5e:ae:1c:ee:24:31:
         05:ce:fd:fc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUMxzOGgb2ThLn5WcE1lHHLkNpxM4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMjMwNzQwMjlaFw0yNzAzMjIwNzQ1MjlaMDMxMTAvBgNV
BAMTKEZCNjk0RDU2RDY2MzNCMzY2NEY1NkNFMENCMkIxMjZBMkJDRDExOTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzpCLB2im0LxSk7HPn2hvKWQ5K
18dKKQr6pwAx1ZhrsMbK7eWBLel6SovOBkmKsWr0NS+IUzzqYcoBgMATxyxABolJ
sE76KqgPbgZl2Qa2NFs/hs0avJ3KLcyQpFzSYcC1GB1ehvjhIAZDDChY3r7v02l4
QhOVktDezFF+Ae+Dq/f/J/6wSCFlxzccB0ZDf1OCzvvMjw+n6IaXidTfxfUXLFpt
tj+6dU04FN1Sxtckh4vvZO3k0xXCWfo7Y6wn1fCFQ3htC63NfFfEpNFcST9uvUw7
bQU/Bpa+duTyRAb2zcnJIuAExAtZe5sZ2In06oTp63Q9MUzQYwQIdk7S69b9AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU+2lNVtZjOzZk9WzgyysSaivNEZEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjAwMjEzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAFVMA0GCSqGSIb3DQEBCwUAA4IBAQBMJhMUgpPW0KHd87S9taZ54Ic3hWCI2c6g
ibA3py2Z9DfYc6ETSz3jyRlKlD9+ncu0q5SgTYJw9IiYeecY4KWB+7rw0HfR3kDn
yI+Cg1Qom+BVzPN7UycVWtIz8MItNOASSFUrxDKDYTIFervei/f8W1E+S0YCueyl
eY1z9XiYRLXK2lIdGGYp+v6kUFfNfdu8NXr3xxF/py4xEmG9aPocamwi+FhcNnI1
AuaemrIP7UI6v/jrCujvcEea6IVmojlT5Yhvs+1dgIC4GfQRl7LnN1wQpu9oLtYj
u9I25a3RAfxhse8H/1UFFAtVXzDUAXZaiyG/TQZerhzuJDEFzv38
-----END CERTIFICATE-----