Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS207860.roa
File:                     AS207860.roa (raw, json)
Hash identifier:          QazSQYB2fKy1dGdeo+I6MoyZZOyjIjdxC6VbD9kS2/A=
Subject key identifier:   A9:61:75:F0:47:C2:17:85:10:52:8A:B7:44:5D:41:D4:D3:14:C4:FD
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       3FF4C42C6471250C46DF31EAAA76B0200951D4D0
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS207860.roa
Signing time:             Mon 23 Mar 2026 18:31:00 +0000
ROA not before:           Mon 23 Mar 2026 18:26:00 +0000
ROA not after:            Mon 22 Mar 2027 18:31:00 +0000
asID:                     207860
IP address blocks:        2a13:9500:156::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:f4:c4:2c:64:71:25:0c:46:df:31:ea:aa:76:b0:20:09:51:d4:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar 23 18:26:00 2026 GMT
            Not After : Mar 22 18:31:00 2027 GMT
        Subject: CN=A96175F047C2178510528AB7445D41D4D314C4FD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:5a:ad:8c:61:bf:a8:83:6d:13:ef:6c:7c:59:
                    44:c0:c1:48:b1:37:05:26:f6:38:20:2a:4a:cf:42:
                    55:1c:49:5c:4f:73:0c:35:2a:a1:2a:ba:81:5f:84:
                    1e:5a:21:fc:91:e3:2d:de:ca:ab:e9:69:91:95:ad:
                    a1:3f:a7:e7:8d:e6:bc:2f:b2:c2:52:e2:7a:ec:c6:
                    ac:d6:39:42:80:a2:a6:98:84:7b:1c:0c:e4:da:e0:
                    39:20:ae:fd:8c:06:61:67:2e:86:c0:8d:2b:cf:dd:
                    69:83:d8:97:57:45:d7:0c:8e:aa:b3:37:ce:00:0a:
                    e4:c2:26:55:dd:a9:82:eb:2e:1d:ec:91:00:c9:d5:
                    65:7e:4f:5a:02:c0:fc:f3:83:4d:72:a3:ab:7f:94:
                    df:6e:3a:29:38:c0:5d:ad:7d:8f:5d:43:65:92:88:
                    97:80:62:88:11:13:0a:5b:dd:32:63:ce:7f:c2:7c:
                    fe:a4:80:7b:d1:d3:71:92:a7:b1:14:98:df:43:37:
                    ae:a4:97:00:8b:65:f2:e0:9f:87:13:e2:44:d3:62:
                    a7:c0:6b:42:50:1f:34:d3:a8:61:97:0f:5c:49:bb:
                    3c:69:e5:0a:a5:84:ba:61:30:f4:1e:e8:2e:ed:48:
                    fd:72:6d:0e:df:7f:2d:e6:f6:b7:ea:87:e4:a8:b8:
                    09:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:61:75:F0:47:C2:17:85:10:52:8A:B7:44:5D:41:D4:D3:14:C4:FD
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS207860.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:156::/48

    Signature Algorithm: sha256WithRSAEncryption
         96:18:f5:83:df:41:5d:2c:46:7e:fb:1b:85:2b:43:13:49:7c:
         f9:e3:d8:bc:25:46:9c:a6:20:d1:52:8a:b9:8e:95:78:0a:2d:
         94:9d:78:59:e5:c6:e6:b2:3e:a8:43:46:9a:1f:01:ae:fc:ab:
         de:ac:58:d4:64:25:d1:a5:0f:8a:c2:ff:ea:b7:58:cc:af:64:
         6c:e3:f1:3f:05:2d:6d:7c:37:12:49:9e:55:a6:85:07:29:6b:
         c5:50:1e:f5:47:5a:c3:7e:61:af:80:b9:97:3d:27:58:ba:26:
         1d:f7:d9:dc:aa:4f:5c:48:1b:74:c6:fa:87:30:6a:32:09:4a:
         ec:c0:35:49:67:63:10:7a:5e:a2:1e:62:81:a8:d0:e4:02:14:
         f1:7a:dd:ea:29:11:dd:1d:7b:83:c8:66:a5:85:b6:fe:7d:87:
         a7:53:5a:d3:f8:50:a0:7e:3f:e9:ec:9b:43:01:85:1b:df:46:
         47:ec:c0:9f:70:35:49:a9:51:c9:7f:17:bb:5a:99:16:1c:0b:
         86:01:e8:90:9e:82:02:fc:57:6c:ce:18:cb:3f:f8:92:23:65:
         73:0d:c4:af:e7:76:fe:db:23:1a:b3:a6:bf:93:c5:6d:9e:ce:
         b2:98:75:98:6d:35:fd:09:40:27:e7:dc:f2:58:d8:aa:08:cb:
         b6:bd:fe:c1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUP/TELGRxJQxG3zHqqnawIAlR1NAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMjMxODI2MDBaFw0yNzAzMjIxODMxMDBaMDMxMTAvBgNV
BAMTKEE5NjE3NUYwNDdDMjE3ODUxMDUyOEFCNzQ0NUQ0MUQ0RDMxNEM0RkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEWq2MYb+og20T72x8WUTAwUix
NwUm9jggKkrPQlUcSVxPcww1KqEquoFfhB5aIfyR4y3eyqvpaZGVraE/p+eN5rwv
ssJS4nrsxqzWOUKAoqaYhHscDOTa4Dkgrv2MBmFnLobAjSvP3WmD2JdXRdcMjqqz
N84ACuTCJlXdqYLrLh3skQDJ1WV+T1oCwPzzg01yo6t/lN9uOik4wF2tfY9dQ2WS
iJeAYogREwpb3TJjzn/CfP6kgHvR03GSp7EUmN9DN66klwCLZfLgn4cT4kTTYqfA
a0JQHzTTqGGXD1xJuzxp5QqlhLphMPQe6C7tSP1ybQ7ffy3m9rfqh+SouAm3AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUqWF18EfCF4UQUoq3RF1B1NMUxP0wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA3ODYwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAFWMA0GCSqGSIb3DQEBCwUAA4IBAQCWGPWD30FdLEZ++xuFK0MTSXz549i8JUac
piDRUoq5jpV4Ci2UnXhZ5cbmsj6oQ0aaHwGu/KverFjUZCXRpQ+Kwv/qt1jMr2Rs
4/E/BS1tfDcSSZ5VpoUHKWvFUB71R1rDfmGvgLmXPSdYuiYd99ncqk9cSBt0xvqH
MGoyCUrswDVJZ2MQel6iHmKBqNDkAhTxet3qKRHdHXuDyGalhbb+fYenU1rT+FCg
fj/p7JtDAYUb30ZH7MCfcDVJqVHJfxe7WpkWHAuGAeiQnoIC/FdszhjLP/iSI2Vz
DcSv53b+2yMas6a/k8Vtns6ymHWYbTX9CUAn59zyWNiqCMu2vf7B
-----END CERTIFICATE-----