Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214311.roa
File:                     AS214311.roa (raw, json)
Hash identifier:          LWd3lxuBNHBcz3HtCKy6jGcuJRTmyN4HlrRJRuc8pm4=
Subject key identifier:   2D:30:01:4B:8A:A8:31:8E:D0:09:2D:6D:05:86:EF:26:DB:AB:E0:E4
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       05487F3E011D40329A98331FBE7BCD9C9B095C4B
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214311.roa
Signing time:             Mon 09 Mar 2026 15:46:48 +0000
ROA not before:           Mon 09 Mar 2026 15:41:48 +0000
ROA not after:            Mon 08 Mar 2027 15:46:48 +0000
asID:                     214311
IP address blocks:        2a13:9500::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 19:43:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:48:7f:3e:01:1d:40:32:9a:98:33:1f:be:7b:cd:9c:9b:09:5c:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar  9 15:41:48 2026 GMT
            Not After : Mar  8 15:46:48 2027 GMT
        Subject: CN=2D30014B8AA8318ED0092D6D0586EF26DBABE0E4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:28:12:0a:aa:29:7d:cd:a8:fe:53:52:31:73:
                    31:09:0b:35:2a:a1:a5:d1:c2:da:df:38:8a:05:79:
                    39:21:3a:58:b5:47:c5:76:b2:6b:c5:b0:d6:df:a6:
                    e1:36:59:17:45:a0:4c:e9:a5:fc:55:49:4e:f1:b7:
                    45:15:9c:1d:1a:1b:18:bd:2d:69:30:e2:ba:89:28:
                    ea:75:95:6b:36:16:08:94:96:f1:c5:72:b3:b3:1e:
                    35:b9:1c:cc:6e:9d:26:46:7b:6c:35:02:2f:b9:96:
                    7f:50:0f:f6:f0:03:b4:d0:23:35:f3:f5:ce:29:f0:
                    82:ac:db:72:2b:b9:b6:4c:a6:07:58:c8:ec:a0:03:
                    df:b7:b5:ed:34:fe:e0:b3:b8:56:c3:20:3e:4b:37:
                    8e:c1:8a:bf:c8:01:6d:20:24:64:5a:bd:2c:75:c6:
                    f5:0a:0f:33:a5:fe:3f:b7:22:63:85:8b:ed:b5:3a:
                    74:e3:be:e6:08:bf:f4:eb:5d:c4:f7:57:ee:a0:83:
                    87:12:9a:50:0b:b6:2e:79:4f:dd:1f:61:71:a6:13:
                    3c:96:5c:22:df:b6:e4:90:cb:0c:a3:91:0f:2d:21:
                    e3:3b:43:42:01:ce:50:c7:57:c4:45:67:4c:92:8d:
                    31:51:d9:1a:6b:df:6d:02:78:ed:87:38:70:ed:f8:
                    7c:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:30:01:4B:8A:A8:31:8E:D0:09:2D:6D:05:86:EF:26:DB:AB:E0:E4
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214311.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:d7:d1:63:08:37:cb:fa:af:1e:1f:0d:23:f0:0d:45:8b:1e:
         2c:64:12:5e:48:73:4c:b9:0e:19:17:e4:8a:dc:92:f3:c9:ff:
         4f:03:51:bc:fd:f1:b1:cc:2c:4d:de:41:af:43:24:e3:3d:53:
         aa:c1:74:61:97:1d:67:1d:ca:2a:ba:3f:52:ac:a3:30:92:08:
         ef:52:fe:53:45:3e:91:fd:a4:53:1f:25:61:37:b4:d4:78:44:
         38:7c:91:28:eb:1a:4b:d7:f1:53:83:23:97:d3:90:a2:76:1a:
         be:27:f8:db:80:c4:d8:3d:5c:e1:6a:03:fe:28:48:82:3b:04:
         4f:9f:f7:0a:7a:e8:de:83:8b:1f:23:92:ae:b8:b5:c8:6c:97:
         6b:5f:b0:56:51:f6:de:47:33:64:b0:ca:62:46:57:78:dc:03:
         38:e6:49:51:ef:c7:2f:30:77:c3:3f:02:12:77:72:3e:9c:4f:
         56:a7:54:e7:b7:83:e6:17:4e:7a:ba:97:fb:25:ea:81:61:00:
         b8:0f:6a:72:17:69:a2:ed:c0:1f:42:ca:98:ac:82:7c:cc:bc:
         c0:ce:2c:44:79:62:fc:be:84:98:49:ef:85:75:a1:76:c5:a1:
         13:44:a9:e7:68:d9:f3:4b:3e:e6:d6:46:24:1e:83:f8:74:9c:
         be:4a:20:5d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUBUh/PgEdQDKamDMfvnvNnJsJXEswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMDkxNTQxNDhaFw0yNzAzMDgxNTQ2NDhaMDMxMTAvBgNV
BAMTKDJEMzAwMTRCOEFBODMxOEVEMDA5MkQ2RDA1ODZFRjI2REJBQkUwRTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3KBIKqil9zaj+U1IxczEJCzUq
oaXRwtrfOIoFeTkhOli1R8V2smvFsNbfpuE2WRdFoEzppfxVSU7xt0UVnB0aGxi9
LWkw4rqJKOp1lWs2FgiUlvHFcrOzHjW5HMxunSZGe2w1Ai+5ln9QD/bwA7TQIzXz
9c4p8IKs23IrubZMpgdYyOygA9+3te00/uCzuFbDID5LN47Bir/IAW0gJGRavSx1
xvUKDzOl/j+3ImOFi+21OnTjvuYIv/TrXcT3V+6gg4cSmlALti55T90fYXGmEzyW
XCLftuSQywyjkQ8tIeM7Q0IBzlDHV8RFZ0ySjTFR2Rpr320CeO2HOHDt+HwNAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQULTABS4qoMY7QCS1tBYbvJtur4OQwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0MzExLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAAAMA0GCSqGSIb3DQEBCwUAA4IBAQCO19FjCDfL+q8eHw0j8A1Fix4sZBJeSHNM
uQ4ZF+SK3JLzyf9PA1G8/fGxzCxN3kGvQyTjPVOqwXRhlx1nHcoquj9SrKMwkgjv
Uv5TRT6R/aRTHyVhN7TUeEQ4fJEo6xpL1/FTgyOX05Cidhq+J/jbgMTYPVzhagP+
KEiCOwRPn/cKeujeg4sfI5KuuLXIbJdrX7BWUfbeRzNksMpiRld43AM45klR78cv
MHfDPwISd3I+nE9Wp1Tnt4PmF056upf7JeqBYQC4D2pyF2mi7cAfQsqYrIJ8zLzA
zixEeWL8voSYSe+FdaF2xaETRKnnaNnzSz7m1kYkHoP4dJy+SiBd
-----END CERTIFICATE-----