Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213929.roa
File:                     AS213929.roa (raw, json)
Hash identifier:          oVMwDW62zl9Z0daAiRrILXmeaPUG2cbnieHyT4RIJxI=
Subject key identifier:   B4:31:19:AE:06:92:21:B6:36:61:64:C7:E3:CD:BF:51:15:4E:31:96
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       5D2C7D296FA3CD9494EC762EE8198EABB6E96442
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213929.roa
Signing time:             Mon 06 Oct 2025 11:58:44 +0000
ROA not before:           Mon 06 Oct 2025 11:53:44 +0000
ROA not after:            Mon 05 Oct 2026 11:58:44 +0000
asID:                     213929
IP address blocks:        82.21.4.0/24 maxlen: 24
                          2a13:9500:7b::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:2c:7d:29:6f:a3:cd:94:94:ec:76:2e:e8:19:8e:ab:b6:e9:64:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Oct  6 11:53:44 2025 GMT
            Not After : Oct  5 11:58:44 2026 GMT
        Subject: CN=B43119AE069221B6366164C7E3CDBF51154E3196
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:43:73:dd:4f:27:18:f5:ee:6e:dc:b2:46:f3:
                    9b:8c:ba:ca:39:50:e8:9c:79:14:8b:e5:48:46:cd:
                    57:d7:0a:e2:87:d6:db:1c:88:56:1e:6e:36:0d:6a:
                    cb:34:e5:bb:4a:4e:49:e0:d8:ca:83:00:81:06:94:
                    11:90:5d:25:52:3e:3e:41:a5:d5:3c:d8:8f:09:02:
                    07:c3:a0:36:c2:96:5e:e2:53:73:ac:3a:52:bd:8c:
                    75:c8:35:38:f1:cb:43:fc:ba:0b:a8:5f:19:bc:6b:
                    ae:7e:a8:9d:9b:12:28:39:57:c4:3b:41:9e:57:0a:
                    81:39:b2:25:9c:d3:e8:67:c8:c8:f9:84:7b:90:d2:
                    1b:7e:f9:e0:7a:59:ca:df:de:1b:d6:71:ac:63:81:
                    4e:03:02:66:1f:72:f5:08:11:25:30:21:69:14:48:
                    7a:fb:df:58:ed:ee:28:19:44:14:54:18:57:8f:fb:
                    e1:3e:ad:8f:f6:d7:9c:3a:78:fe:e8:62:e1:48:09:
                    f2:6d:e9:83:27:f6:99:ac:0d:32:a8:ff:b6:46:34:
                    58:fe:9b:ae:0b:20:fd:ea:28:42:63:92:b5:7c:3c:
                    7c:b5:b4:9c:50:4d:73:4f:82:37:61:49:99:47:94:
                    22:ce:55:14:f3:48:da:09:8c:27:cd:32:20:08:52:
                    22:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:31:19:AE:06:92:21:B6:36:61:64:C7:E3:CD:BF:51:15:4E:31:96
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213929.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.4.0/24
                IPv6:
                  2a13:9500:7b::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:21:3d:af:4c:68:3d:65:a5:d6:75:b7:1d:af:15:90:95:5e:
         05:b3:ce:6e:f2:12:a5:6c:99:aa:52:9f:cd:63:f6:30:49:50:
         b4:b5:40:23:3e:4f:cc:b5:31:3f:5b:f8:43:fe:aa:81:49:3c:
         3d:eb:c7:8b:60:1a:3e:2a:4d:d1:ea:2d:83:fe:35:76:9e:18:
         05:86:1c:0a:1e:c5:f0:b6:b7:aa:5c:20:05:6d:f3:f9:9d:0d:
         69:90:6c:d9:27:55:eb:df:45:be:fa:a6:68:a4:66:d9:56:01:
         6b:9d:26:03:76:24:86:ee:12:d1:f6:52:86:8a:53:74:ba:ef:
         3d:37:c1:e0:a9:ea:cd:33:da:d5:b9:93:34:78:b9:24:72:2b:
         52:eb:51:34:02:47:81:5d:95:b3:ae:4f:f0:f6:b6:bf:0c:5a:
         56:42:b9:01:f9:d5:8b:7d:b0:86:66:3d:0f:71:3e:65:e3:d5:
         f5:f0:91:7c:3e:87:3d:18:d4:59:16:0c:43:77:4d:c8:f2:8f:
         10:70:28:eb:e3:c0:0f:e5:56:45:67:18:8f:66:ef:2c:04:f4:
         99:a2:32:c3:6e:bd:81:f8:6a:e4:5b:4c:1f:ed:89:65:ee:6f:
         33:83:d5:22:9d:37:74:a4:b4:c2:53:b3:ca:00:65:af:0b:08:
         8a:47:f5:3f
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIUXSx9KW+jzZSU7HYu6BmOq7bpZEIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEwMDYxMTUzNDRaFw0yNjEwMDUxMTU4NDRaMDMxMTAvBgNV
BAMTKEI0MzExOUFFMDY5MjIxQjYzNjYxNjRDN0UzQ0RCRjUxMTU0RTMxOTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6Q3PdTycY9e5u3LJG85uMuso5
UOiceRSL5UhGzVfXCuKH1tsciFYebjYNass05btKTkng2MqDAIEGlBGQXSVSPj5B
pdU82I8JAgfDoDbCll7iU3OsOlK9jHXINTjxy0P8uguoXxm8a65+qJ2bEig5V8Q7
QZ5XCoE5siWc0+hnyMj5hHuQ0ht++eB6Wcrf3hvWcaxjgU4DAmYfcvUIESUwIWkU
SHr731jt7igZRBRUGFeP++E+rY/215w6eP7oYuFICfJt6YMn9pmsDTKo/7ZGNFj+
m64LIP3qKEJjkrV8PHy1tJxQTXNPgjdhSZlHlCLOVRTzSNoJjCfNMiAIUiLPAgMB
AAGjggIbMIICFzAdBgNVHQ4EFgQUtDEZrgaSIbY2YWTH482/URVOMZYwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjEzOTI5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAUhUE
MA8EAgACMAkDBwAqE5UAAHswDQYJKoZIhvcNAQELBQADggEBAAYhPa9MaD1lpdZ1
tx2vFZCVXgWzzm7yEqVsmapSn81j9jBJULS1QCM+T8y1MT9b+EP+qoFJPD3rx4tg
Gj4qTdHqLYP+NXaeGAWGHAoexfC2t6pcIAVt8/mdDWmQbNknVevfRb76pmikZtlW
AWudJgN2JIbuEtH2UoaKU3S67z03weCp6s0z2tW5kzR4uSRyK1LrUTQCR4FdlbOu
T/D2tr8MWlZCuQH51Yt9sIZmPQ9xPmXj1fXwkXw+hz0Y1FkWDEN3TcjyjxBwKOvj
wA/lVkVnGI9m7ywE9JmiMsNuvYH4auRbTB/tiWXubzOD1SKdN3SktMJTs8oAZa8L
CIpH9T8=
-----END CERTIFICATE-----