Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS212980.roa
File:                     AS212980.roa (raw, json)
Hash identifier:          q3hkHB+FE3o+1sD6VZBtTczg5GiO5BLMwh5IKEPNx88=
Subject key identifier:   BC:8A:C2:A2:79:4C:B7:0A:1D:BC:A0:64:7C:94:5C:E4:71:3E:4A:79
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       79512426344847F65CB2AFE25918FF50A7942815
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS212980.roa
Signing time:             Mon 04 May 2026 08:32:47 +0000
ROA not before:           Mon 04 May 2026 08:27:47 +0000
ROA not after:            Mon 03 May 2027 08:32:47 +0000
asID:                     212980
IP address blocks:        2a13:9500:16e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:51:24:26:34:48:47:f6:5c:b2:af:e2:59:18:ff:50:a7:94:28:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May  4 08:27:47 2026 GMT
            Not After : May  3 08:32:47 2027 GMT
        Subject: CN=BC8AC2A2794CB70A1DBCA0647C945CE4713E4A79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:67:d5:08:4a:4c:9a:68:2c:30:3b:dc:3b:ce:
                    89:aa:fc:67:6d:e3:9f:58:5f:83:66:af:80:7b:60:
                    29:41:4c:1b:c9:e7:d9:88:46:f1:c0:f0:5a:63:92:
                    d4:78:32:e9:20:f7:b2:d6:fa:86:92:4e:e8:a9:37:
                    ff:7e:0d:53:14:32:ad:40:f2:9a:78:4e:e0:56:4f:
                    ac:78:43:24:71:bd:ea:7d:b6:56:0f:57:b1:ef:34:
                    f6:42:96:b9:9c:54:1b:62:91:83:89:36:37:15:91:
                    d5:9e:46:d2:58:bb:56:dc:57:84:7d:07:73:c9:0d:
                    95:f5:1b:c2:27:21:77:5e:9a:6d:b7:98:39:3d:e1:
                    79:94:22:42:46:a0:0f:d7:d4:c8:f7:f3:a7:1d:48:
                    81:95:2c:5b:77:21:ce:f1:b6:77:c7:9a:07:1f:68:
                    a4:27:95:ad:3a:9c:0c:95:a2:0b:20:a7:00:34:e5:
                    06:d8:f1:d3:58:7b:40:18:82:ff:0d:ce:d8:75:b0:
                    70:2d:8b:8b:fc:95:b5:ed:a5:68:43:ed:28:fc:61:
                    cc:6e:84:79:f9:c8:1a:69:e2:ac:03:b9:e0:21:a3:
                    7a:24:f5:09:1d:3d:46:94:d4:3c:42:7c:9f:d6:66:
                    50:dd:60:83:51:44:65:fb:3c:2c:26:f8:b8:b1:44:
                    53:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:8A:C2:A2:79:4C:B7:0A:1D:BC:A0:64:7C:94:5C:E4:71:3E:4A:79
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS212980.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:16e::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:10:b8:8f:bd:9b:df:8e:23:ee:72:d8:11:e7:bd:58:f1:1a:
         33:b0:94:93:75:7a:a6:4d:23:3b:5b:29:6f:2a:8a:1e:0f:13:
         90:dc:7b:c2:c6:ab:f7:ce:6d:3d:19:59:c9:e5:60:ce:55:9d:
         e4:1b:fa:c2:2f:1e:df:54:ec:92:00:84:a8:5f:49:23:8e:51:
         fe:90:f8:79:fd:9f:bd:51:32:38:47:74:58:0d:e6:07:94:dc:
         8b:52:5b:92:26:b1:62:a9:3f:67:01:d5:61:8b:a1:6c:6e:12:
         7b:8d:da:2a:b9:1b:e3:14:13:f0:f8:4e:f2:b8:98:75:3c:bf:
         04:0c:9f:22:6b:24:3e:88:e5:71:80:45:bc:f9:c8:ba:6c:88:
         44:15:f1:15:70:57:4f:43:f9:71:e7:a3:c1:42:8a:cf:1e:23:
         de:94:26:c3:06:a9:94:40:76:77:b7:61:b1:06:19:31:a7:b3:
         de:22:e9:a5:db:c4:57:6a:44:ca:42:56:e6:f5:02:20:28:b3:
         5e:66:0d:f6:8e:76:40:e6:2e:dd:40:83:2c:9a:1a:05:92:0b:
         2f:80:b8:04:d0:9b:3e:5b:c0:1b:49:16:a3:54:5b:07:2a:b9:
         dc:99:d4:2a:f6:c1:39:75:cb:6c:cc:87:5f:68:1d:27:90:47:
         e6:1c:41:6a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUeVEkJjRIR/Zcsq/iWRj/UKeUKBUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MDQwODI3NDdaFw0yNzA1MDMwODMyNDdaMDMxMTAvBgNV
BAMTKEJDOEFDMkEyNzk0Q0I3MEExREJDQTA2NDdDOTQ1Q0U0NzEzRTRBNzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7Z9UISkyaaCwwO9w7zomq/Gdt
459YX4Nmr4B7YClBTBvJ59mIRvHA8FpjktR4Mukg97LW+oaSTuipN/9+DVMUMq1A
8pp4TuBWT6x4QyRxvep9tlYPV7HvNPZClrmcVBtikYOJNjcVkdWeRtJYu1bcV4R9
B3PJDZX1G8InIXdemm23mDk94XmUIkJGoA/X1Mj386cdSIGVLFt3Ic7xtnfHmgcf
aKQnla06nAyVogsgpwA05QbY8dNYe0AYgv8Nzth1sHAti4v8lbXtpWhD7Sj8Ycxu
hHn5yBpp4qwDueAho3ok9QkdPUaU1DxCfJ/WZlDdYINRRGX7PCwm+LixRFOzAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUvIrConlMtwodvKBkfJRc5HE+SnkwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjEyOTgwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAFuMA0GCSqGSIb3DQEBCwUAA4IBAQCOELiPvZvfjiPuctgR571Y8RozsJSTdXqm
TSM7WylvKooeDxOQ3HvCxqv3zm09GVnJ5WDOVZ3kG/rCLx7fVOySAISoX0kjjlH+
kPh5/Z+9UTI4R3RYDeYHlNyLUluSJrFiqT9nAdVhi6FsbhJ7jdoquRvjFBPw+E7y
uJh1PL8EDJ8iayQ+iOVxgEW8+ci6bIhEFfEVcFdPQ/lx56PBQorPHiPelCbDBqmU
QHZ3t2GxBhkxp7PeIuml28RXakTKQlbm9QIgKLNeZg32jnZA5i7dQIMsmhoFkgsv
gLgE0Js+W8AbSRajVFsHKrncmdQq9sE5dctszIdfaB0nkEfmHEFq
-----END CERTIFICATE-----