Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS211759.roa
File:                     AS211759.roa (raw, json)
Hash identifier:          lUQybnlRf+3YhEKCYZE1Bku+6KnBOYIzPjwiqgl7O0w=
Subject key identifier:   EB:53:C2:C7:A6:EC:20:62:5B:3C:92:20:04:A0:2B:D6:D6:8C:BA:0D
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       61F57064CF51207C0CFC54B563BC3BF4B665227E
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS211759.roa
Signing time:             Sat 28 Jun 2025 07:42:22 +0000
ROA not before:           Sat 28 Jun 2025 07:37:22 +0000
ROA not after:            Sat 27 Jun 2026 07:42:22 +0000
asID:                     211759
IP address blocks:        2a13:9500:9b::/48 maxlen: 48
                          2a13:9500:9d::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 11:27:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:f5:70:64:cf:51:20:7c:0c:fc:54:b5:63:bc:3b:f4:b6:65:22:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 28 07:37:22 2025 GMT
            Not After : Jun 27 07:42:22 2026 GMT
        Subject: CN=EB53C2C7A6EC20625B3C922004A02BD6D68CBA0D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:c3:0a:75:cf:4b:80:0c:d5:a5:ea:52:ee:ad:
                    ec:6a:0a:3e:79:45:a9:22:89:81:00:ec:fa:7e:8e:
                    f5:8b:24:af:fe:c5:43:e7:84:df:08:b5:ae:b4:b8:
                    87:94:ee:49:2d:62:95:48:e0:8d:ea:92:e0:9c:62:
                    8c:70:f6:d0:f7:53:b0:4a:f6:d1:0a:e8:b9:da:76:
                    01:33:d1:84:b3:0d:80:ee:9f:de:48:f5:d5:fe:b1:
                    2a:0c:e3:f7:3c:cf:93:d7:e5:57:bd:b9:d2:91:06:
                    8b:41:bf:f8:84:a9:94:ae:61:64:a7:e1:27:f7:8c:
                    68:35:bc:d2:7d:3a:8c:e1:8b:19:c1:42:2e:a2:69:
                    2b:b3:98:94:9b:c7:59:38:ed:04:a7:f1:80:f9:1b:
                    ae:35:0b:1d:0b:2d:d2:bb:7f:87:53:f9:fd:63:cd:
                    4f:ea:a3:1a:b5:5f:52:ed:17:ca:8a:65:8c:21:f7:
                    98:5a:3e:01:09:7c:64:aa:11:b2:f6:a3:3b:d4:44:
                    2c:b3:34:88:6f:e8:bf:00:bf:fe:39:6c:81:fb:a6:
                    bc:95:60:90:00:f4:d8:02:ba:a2:22:3b:d3:7b:09:
                    90:e2:e6:80:72:7b:fa:84:56:c3:14:5a:b8:b8:c9:
                    1c:70:ac:ca:94:f3:90:22:64:a4:5c:2a:c2:1e:91:
                    93:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:53:C2:C7:A6:EC:20:62:5B:3C:92:20:04:A0:2B:D6:D6:8C:BA:0D
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS211759.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:9b::/48
                  2a13:9500:9d::/48

    Signature Algorithm: sha256WithRSAEncryption
         a2:63:c3:76:4f:4f:1b:18:f3:3a:da:da:21:9f:f9:e1:d5:af:
         1d:20:6e:65:dd:b2:41:ea:b4:2d:9d:66:62:3e:31:ce:13:17:
         be:ec:e7:25:f4:9d:b6:f3:fd:9c:ce:d2:e3:3c:9e:1f:14:f9:
         93:d5:b5:60:f5:61:a8:16:f6:8f:21:b9:bf:18:7d:25:92:f6:
         56:e3:01:25:68:e1:42:e2:eb:3a:eb:68:c7:17:f2:88:8d:da:
         55:39:7a:dd:d5:cf:d9:b9:83:eb:cd:7d:08:37:e3:fa:ad:19:
         4c:96:e2:bc:d5:e0:a5:53:42:55:c1:ce:41:50:62:92:4f:a5:
         fe:b7:03:33:7e:54:a8:21:28:5f:b4:08:fc:90:25:22:8d:29:
         cf:f1:d4:53:ee:3f:98:7c:91:de:78:62:f7:c2:ff:bb:8d:ad:
         0a:ab:14:3d:77:15:b7:56:47:c2:a7:83:70:37:ec:ea:1a:4f:
         e4:15:04:98:8a:1e:88:35:98:b0:f2:a9:bf:34:81:e1:c2:c2:
         0f:2a:59:63:44:61:84:98:45:2f:34:bc:5c:7c:d6:2b:66:7b:
         93:45:0e:26:bd:8c:93:52:46:d9:49:cc:78:65:a6:aa:93:7b:
         d0:6f:69:44:a5:e9:78:95:44:21:24:aa:c1:80:05:a4:38:fe:
         ce:95:99:97
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUYfVwZM9RIHwM/FS1Y7w79LZlIn4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MjgwNzM3MjJaFw0yNjA2MjcwNzQyMjJaMDMxMTAvBgNV
BAMTKEVCNTNDMkM3QTZFQzIwNjI1QjNDOTIyMDA0QTAyQkQ2RDY4Q0JBMEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChwwp1z0uADNWl6lLurexqCj55
RakiiYEA7Pp+jvWLJK/+xUPnhN8Ita60uIeU7kktYpVI4I3qkuCcYoxw9tD3U7BK
9tEK6LnadgEz0YSzDYDun95I9dX+sSoM4/c8z5PX5Ve9udKRBotBv/iEqZSuYWSn
4Sf3jGg1vNJ9OozhixnBQi6iaSuzmJSbx1k47QSn8YD5G641Cx0LLdK7f4dT+f1j
zU/qoxq1X1LtF8qKZYwh95haPgEJfGSqEbL2ozvURCyzNIhv6L8Av/45bIH7pryV
YJAA9NgCuqIiO9N7CZDi5oBye/qEVsMUWri4yRxwrMqU85AiZKRcKsIekZM5AgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQU61PCx6bsIGJbPJIgBKAr1taMug0wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjExNzU5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhOV
AACbAwcAKhOVAACdMA0GCSqGSIb3DQEBCwUAA4IBAQCiY8N2T08bGPM62tohn/nh
1a8dIG5l3bJB6rQtnWZiPjHOExe+7Ocl9J228/2cztLjPJ4fFPmT1bVg9WGoFvaP
Ibm/GH0lkvZW4wElaOFC4us662jHF/KIjdpVOXrd1c/ZuYPrzX0IN+P6rRlMluK8
1eClU0JVwc5BUGKST6X+twMzflSoIShftAj8kCUijSnP8dRT7j+YfJHeeGL3wv+7
ja0KqxQ9dxW3VkfCp4NwN+zqGk/kFQSYih6INZiw8qm/NIHhwsIPKlljRGGEmEUv
NLxcfNYrZnuTRQ4mvYyTUkbZScx4Zaaqk3vQb2lEpel4lUQhJKrBgAWkOP7OlZmX
-----END CERTIFICATE-----