Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213866.roa
File:                     AS213866.roa (raw, json)
Hash identifier:          tUINKBVDfPbUBITSrOl67mRQZCCpJpH/Nf4+truEprc=
Subject key identifier:   E8:EF:AC:CA:F4:12:A2:A4:BC:09:A8:A5:70:F7:71:C2:08:AF:84:C2
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       691B557C8DDF7208790F95314A57FC160FA82A0F
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213866.roa
Signing time:             Fri 20 Jun 2025 16:24:55 +0000
ROA not before:           Fri 20 Jun 2025 16:19:55 +0000
ROA not after:            Fri 19 Jun 2026 16:24:55 +0000
asID:                     213866
IP address blocks:        2a13:9500:94::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 11:27:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:1b:55:7c:8d:df:72:08:79:0f:95:31:4a:57:fc:16:0f:a8:2a:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 20 16:19:55 2025 GMT
            Not After : Jun 19 16:24:55 2026 GMT
        Subject: CN=E8EFACCAF412A2A4BC09A8A570F771C208AF84C2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:dd:2c:25:0a:d5:94:7b:fc:59:2a:b8:13:56:
                    1e:3c:ef:30:3a:c9:77:cd:df:68:22:2b:4c:a6:f1:
                    9c:96:57:54:18:3e:49:8d:69:cc:9a:04:39:94:12:
                    bb:f6:4d:87:fd:8a:e0:6b:0b:23:b6:b1:c7:83:54:
                    eb:4d:9b:70:d4:e4:b0:5a:dd:e4:8a:69:aa:8e:6d:
                    f3:61:31:7d:62:38:4b:2b:35:58:dd:f4:82:08:be:
                    8e:e3:4b:5e:a8:10:6f:ef:73:ec:01:e1:c7:07:91:
                    2e:ba:cc:32:37:b8:0b:c6:26:bb:ac:db:de:a7:17:
                    36:ee:4f:41:09:11:f0:78:ad:ff:d8:51:87:54:a4:
                    c9:91:33:05:5f:67:26:8a:7a:c9:23:06:ff:2c:21:
                    08:c0:da:6b:be:cd:8f:31:3a:7b:ed:31:27:bf:f5:
                    d3:ba:db:d9:31:e5:28:b4:6b:d5:93:3c:94:0d:4a:
                    80:87:7e:db:f2:72:93:c3:eb:09:5d:7b:22:41:89:
                    64:1d:e9:ca:5a:67:c1:ce:01:4d:cc:e4:1f:ec:02:
                    dc:ea:bf:6c:fe:e5:34:2b:09:f7:99:fa:6e:5f:09:
                    24:f2:2a:eb:a1:1e:d8:7a:d1:56:5c:46:39:66:07:
                    37:97:e0:46:09:d5:40:83:ac:0a:bb:86:02:3a:2e:
                    e9:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:EF:AC:CA:F4:12:A2:A4:BC:09:A8:A5:70:F7:71:C2:08:AF:84:C2
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213866.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:94::/48

    Signature Algorithm: sha256WithRSAEncryption
         9c:03:54:b5:cb:59:9d:a7:f3:d4:a4:f5:3b:33:4c:03:9a:6e:
         84:93:35:5b:ac:32:ee:95:41:a8:09:40:64:ea:a3:b3:6c:9e:
         22:06:9b:75:82:aa:41:d4:db:f7:1c:df:f3:b0:52:46:af:cc:
         0e:af:cc:46:5e:73:0b:26:f9:ed:f3:c2:9b:3c:36:6a:bf:ca:
         ef:c4:91:13:e5:13:0e:79:07:d6:f3:2f:08:0f:18:af:f4:55:
         91:cf:8b:4a:87:28:52:c5:84:38:28:0c:1e:16:e8:9d:55:04:
         cf:47:56:ea:f5:6e:1b:aa:d0:42:31:cb:61:4a:25:70:3a:09:
         3f:9e:94:af:71:d4:0d:a7:a9:a8:fd:3f:af:47:1a:b4:87:cb:
         31:5e:d5:b6:dc:93:28:89:7d:90:c7:1c:46:16:57:a4:d8:19:
         22:bc:47:40:d7:0a:cc:78:cd:22:67:9b:da:fd:8b:99:f1:16:
         99:54:e1:83:fd:65:63:1c:9f:8a:24:c0:18:ca:44:d1:b5:44:
         67:72:7a:dd:e2:0e:9d:2d:22:52:43:5c:1b:f2:e7:82:06:6c:
         d1:5b:cd:a3:f3:c8:89:0b:c3:56:54:60:f9:be:e3:34:83:74:
         1f:83:be:a0:43:ce:58:b3:65:0e:3e:b1:02:41:7d:cd:e5:9b:
         90:15:05:2d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUaRtVfI3fcgh5D5UxSlf8Fg+oKg8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MjAxNjE5NTVaFw0yNjA2MTkxNjI0NTVaMDMxMTAvBgNV
BAMTKEU4RUZBQ0NBRjQxMkEyQTRCQzA5QThBNTcwRjc3MUMyMDhBRjg0QzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCm3SwlCtWUe/xZKrgTVh487zA6
yXfN32giK0ym8ZyWV1QYPkmNacyaBDmUErv2TYf9iuBrCyO2sceDVOtNm3DU5LBa
3eSKaaqObfNhMX1iOEsrNVjd9IIIvo7jS16oEG/vc+wB4ccHkS66zDI3uAvGJrus
296nFzbuT0EJEfB4rf/YUYdUpMmRMwVfZyaKeskjBv8sIQjA2mu+zY8xOnvtMSe/
9dO629kx5Si0a9WTPJQNSoCHftvycpPD6wldeyJBiWQd6cpaZ8HOAU3M5B/sAtzq
v2z+5TQrCfeZ+m5fCSTyKuuhHth60VZcRjlmBzeX4EYJ1UCDrAq7hgI6LulPAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU6O+syvQSoqS8CailcPdxwgivhMIwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjEzODY2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AACUMA0GCSqGSIb3DQEBCwUAA4IBAQCcA1S1y1mdp/PUpPU7M0wDmm6EkzVbrDLu
lUGoCUBk6qOzbJ4iBpt1gqpB1Nv3HN/zsFJGr8wOr8xGXnMLJvnt88KbPDZqv8rv
xJET5RMOeQfW8y8IDxiv9FWRz4tKhyhSxYQ4KAweFuidVQTPR1bq9W4bqtBCMcth
SiVwOgk/npSvcdQNp6mo/T+vRxq0h8sxXtW23JMoiX2QxxxGFlek2BkivEdA1wrM
eM0iZ5va/YuZ8RaZVOGD/WVjHJ+KJMAYykTRtURncnrd4g6dLSJSQ1wb8ueCBmzR
W82j88iJC8NWVGD5vuM0g3Qfg76gQ85Ys2UOPrECQX3N5ZuQFQUt
-----END CERTIFICATE-----