Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS206921.roa
File:                     AS206921.roa (raw, json)
Hash identifier:          utleuSMmYcU8c0PAS3bM0DXP2u+Frj73Beahs/3Z9Lw=
Subject key identifier:   D4:D6:63:C7:20:E4:A5:58:12:E4:3F:39:E8:66:59:63:03:DA:78:7D
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       7942122BAFD9351F67D9F4A4893FCA83002C9733
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS206921.roa
Signing time:             Sat 28 Jun 2025 07:32:25 +0000
ROA not before:           Sat 28 Jun 2025 07:27:25 +0000
ROA not after:            Sat 27 Jun 2026 07:32:25 +0000
asID:                     206921
IP address blocks:        2a13:9500:9c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 11:27:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:42:12:2b:af:d9:35:1f:67:d9:f4:a4:89:3f:ca:83:00:2c:97:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 28 07:27:25 2025 GMT
            Not After : Jun 27 07:32:25 2026 GMT
        Subject: CN=D4D663C720E4A55812E43F39E866596303DA787D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:2e:b8:76:1b:bc:a0:d4:e6:dd:fc:a5:62:f3:
                    98:1d:8c:69:6a:73:d5:5a:c7:4a:e0:51:21:f7:30:
                    09:5c:22:de:d3:4e:2c:3b:ba:df:30:5a:fe:dd:0c:
                    33:09:a5:17:69:d7:96:3d:8a:f8:22:71:47:70:16:
                    d5:03:d3:4f:ca:22:d9:30:fd:67:92:cd:b1:79:d0:
                    60:32:5d:69:25:e0:17:2c:b2:45:5e:00:30:20:62:
                    c9:0f:e5:f6:23:57:08:e9:63:c4:98:84:10:63:39:
                    43:31:b0:81:02:54:4a:a3:a1:5c:fc:3d:33:e2:49:
                    03:8c:f1:4e:d3:93:1f:11:d0:de:73:fe:1f:1c:7a:
                    f1:90:7d:0a:1c:8a:00:5f:09:7e:b1:ee:34:b7:fb:
                    03:97:54:e4:b3:00:e7:8e:34:a9:ac:6e:63:72:46:
                    7a:bd:f4:b3:e5:59:85:f1:5f:82:66:40:6b:a5:7f:
                    e7:73:90:a2:78:ec:1e:83:d2:da:70:ce:d4:d6:f2:
                    e2:54:3e:71:db:ce:85:37:1d:e8:a1:51:e8:16:cf:
                    a3:d1:42:ff:ee:43:f6:11:60:d2:e9:81:81:d8:80:
                    f3:e9:c9:28:fc:dd:9c:82:90:09:69:a6:ac:02:a5:
                    dd:54:f3:bf:eb:ee:fb:32:be:ae:09:6f:05:0e:40:
                    94:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:D6:63:C7:20:E4:A5:58:12:E4:3F:39:E8:66:59:63:03:DA:78:7D
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS206921.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:9c::/48

    Signature Algorithm: sha256WithRSAEncryption
         a0:0a:71:05:db:7f:d3:a7:4b:f7:53:a2:34:b5:63:e6:2a:99:
         b5:53:02:fe:6c:10:59:fc:39:77:64:d2:b9:67:48:19:b9:60:
         26:c8:f4:4b:fe:5c:6a:58:60:2a:cc:81:ff:16:34:26:4f:0a:
         9a:a9:e2:74:a0:0e:00:b7:6e:a1:bd:bc:ea:b6:65:40:6a:bd:
         25:e7:43:c7:70:96:81:21:c0:67:b1:c5:d4:49:92:16:bf:f6:
         04:bf:3d:5c:a0:2e:18:fe:24:80:50:c3:2e:15:23:10:ec:5c:
         ed:cd:29:7e:dc:6a:e4:24:84:11:3c:46:30:57:ee:6d:6b:7f:
         a7:db:cd:ea:d9:e5:03:c4:0c:23:6e:e2:cf:ee:20:f6:d5:2f:
         b0:03:18:61:48:f4:3e:d6:5e:41:05:dc:8d:53:94:aa:4d:a7:
         2f:a9:5c:63:16:2e:8c:87:8d:64:98:51:9d:9a:3f:6e:22:ef:
         15:0f:84:fb:82:45:1b:2a:83:dc:44:58:ab:d8:2e:96:ae:8c:
         20:57:de:65:be:75:99:76:6a:df:e6:b7:24:5e:86:c1:36:5a:
         18:96:c8:c1:b1:3f:ff:b4:b6:65:19:3a:49:ca:00:ee:c7:83:
         5a:96:e9:ab:23:1b:95:0f:27:22:2e:f8:6e:9e:a8:c2:03:93:
         58:35:8e:01
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUeUISK6/ZNR9n2fSkiT/KgwAslzMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MjgwNzI3MjVaFw0yNjA2MjcwNzMyMjVaMDMxMTAvBgNV
BAMTKEQ0RDY2M0M3MjBFNEE1NTgxMkU0M0YzOUU4NjY1OTYzMDNEQTc4N0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdLrh2G7yg1Obd/KVi85gdjGlq
c9Vax0rgUSH3MAlcIt7TTiw7ut8wWv7dDDMJpRdp15Y9ivgicUdwFtUD00/KItkw
/WeSzbF50GAyXWkl4BcsskVeADAgYskP5fYjVwjpY8SYhBBjOUMxsIECVEqjoVz8
PTPiSQOM8U7Tkx8R0N5z/h8cevGQfQocigBfCX6x7jS3+wOXVOSzAOeONKmsbmNy
Rnq99LPlWYXxX4JmQGulf+dzkKJ47B6D0tpwztTW8uJUPnHbzoU3HeihUegWz6PR
Qv/uQ/YRYNLpgYHYgPPpySj83ZyCkAlppqwCpd1U87/r7vsyvq4JbwUOQJSNAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU1NZjxyDkpVgS5D856GZZYwPaeH0wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA2OTIxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AACcMA0GCSqGSIb3DQEBCwUAA4IBAQCgCnEF23/Tp0v3U6I0tWPmKpm1UwL+bBBZ
/Dl3ZNK5Z0gZuWAmyPRL/lxqWGAqzIH/FjQmTwqaqeJ0oA4At26hvbzqtmVAar0l
50PHcJaBIcBnscXUSZIWv/YEvz1coC4Y/iSAUMMuFSMQ7FztzSl+3GrkJIQRPEYw
V+5ta3+n283q2eUDxAwjbuLP7iD21S+wAxhhSPQ+1l5BBdyNU5SqTacvqVxjFi6M
h41kmFGdmj9uIu8VD4T7gkUbKoPcRFir2C6WrowgV95lvnWZdmrf5rckXobBNloY
lsjBsT//tLZlGTpJygDux4NalumrIxuVDyciLvhunqjCA5NYNY4B
-----END CERTIFICATE-----