Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214657.roa
File:                     AS214657.roa (raw, json)
Hash identifier:          NLXKYH9ht2runrtruszHrZRlh5jG0pbJF+9o+9sYJok=
Subject key identifier:   F3:46:80:3D:68:AC:DF:8D:6B:34:C2:75:C3:24:2C:74:20:89:E4:DE
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       3AC24BA7A680C204DABD8DF004B366FE54778CDB
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214657.roa
Signing time:             Fri 12 Sep 2025 18:52:11 +0000
ROA not before:           Fri 12 Sep 2025 18:47:11 +0000
ROA not after:            Fri 11 Sep 2026 18:52:11 +0000
asID:                     214657
IP address blocks:        2a13:9500:7a::/48 maxlen: 48
                          2a13:9500:de::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:c2:4b:a7:a6:80:c2:04:da:bd:8d:f0:04:b3:66:fe:54:77:8c:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Sep 12 18:47:11 2025 GMT
            Not After : Sep 11 18:52:11 2026 GMT
        Subject: CN=F346803D68ACDF8D6B34C275C3242C742089E4DE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:8f:90:31:2f:db:ff:57:1b:d7:07:28:9c:df:
                    cd:85:5a:fd:9f:f1:69:42:87:1c:ce:a5:99:8f:bf:
                    f7:a3:94:01:40:d1:4c:cd:96:34:93:02:f2:b0:33:
                    d7:cc:93:a3:21:20:fe:d6:62:e0:f8:16:92:f9:85:
                    84:26:94:e9:c0:d3:99:16:ad:09:27:c3:e0:8d:f9:
                    b3:85:a4:9c:33:74:32:47:e5:43:03:b2:cb:6e:0b:
                    a5:65:81:eb:ca:a1:5b:8a:7d:14:b7:f6:ee:c1:7f:
                    d6:58:42:6d:6e:81:89:33:ba:29:8e:87:fd:0b:f7:
                    23:fa:4e:3d:ad:25:da:a5:97:35:58:30:da:a9:23:
                    8f:ab:a3:f3:19:d1:67:4b:1a:5b:e1:2f:f0:de:03:
                    b0:f2:2e:4a:a6:6a:1b:43:0e:d2:ba:9a:ca:27:20:
                    3c:1b:8c:d9:dc:fe:c0:9d:7d:ad:84:ce:73:1c:60:
                    35:4b:65:1c:fe:41:de:73:b5:79:9d:21:4b:e1:56:
                    27:bd:6f:84:bf:8f:4f:0b:cd:30:a0:d0:b8:9c:66:
                    a1:d4:9f:ef:2a:c8:ba:cb:cc:72:a7:1e:76:be:20:
                    80:0a:68:cb:c0:05:4e:bd:10:6e:e7:80:2f:9c:85:
                    03:eb:10:ec:67:34:bb:9e:29:a2:b7:55:3f:23:14:
                    00:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:46:80:3D:68:AC:DF:8D:6B:34:C2:75:C3:24:2C:74:20:89:E4:DE
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214657.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:7a::/48
                  2a13:9500:de::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:eb:a2:f3:ac:d9:b0:7c:eb:49:06:6a:1c:a9:0f:f9:f4:7f:
         06:35:d2:73:fd:fa:20:8d:40:f9:6b:62:47:93:e3:d5:97:68:
         c7:59:38:9f:9e:d7:91:27:a8:f8:b0:80:4b:ce:33:72:14:ba:
         70:44:bd:19:82:7d:fb:be:24:b4:34:da:75:1a:62:46:ae:dd:
         7d:3d:54:6b:e3:1e:3c:d5:71:06:22:ed:bf:7c:e8:69:f8:a6:
         50:24:3f:48:22:8c:b8:b4:22:da:72:bd:81:2c:7d:7d:f0:a5:
         60:0d:e6:55:bf:27:6f:77:88:27:13:98:c1:3f:9a:5f:17:1d:
         e0:e5:de:08:c8:c0:ae:f0:31:87:4a:72:6e:54:9b:1b:07:a4:
         00:20:6c:5b:3e:2e:2f:98:11:c8:0d:8d:1e:44:a0:9b:0c:fc:
         da:cb:2c:e5:c8:fd:65:b0:42:0c:1c:c6:96:84:ba:2e:a8:2d:
         98:ac:dd:ad:cc:ba:b5:df:8d:8c:cc:fe:53:98:08:41:f3:c1:
         5a:4a:4e:bc:cd:94:2b:bc:32:f3:ea:71:f5:ff:91:de:86:6a:
         7d:3b:d6:c9:e9:7f:ac:1a:15:73:28:c5:42:ff:63:70:d6:14:
         cb:15:8b:cb:c6:bf:7c:fa:86:68:60:e6:21:08:8e:44:da:7d:
         27:e0:40:99
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUOsJLp6aAwgTavY3wBLNm/lR3jNswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA5MTIxODQ3MTFaFw0yNjA5MTExODUyMTFaMDMxMTAvBgNV
BAMTKEYzNDY4MDNENjhBQ0RGOEQ2QjM0QzI3NUMzMjQyQzc0MjA4OUU0REUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaj5AxL9v/VxvXByic382FWv2f
8WlChxzOpZmPv/ejlAFA0UzNljSTAvKwM9fMk6MhIP7WYuD4FpL5hYQmlOnA05kW
rQknw+CN+bOFpJwzdDJH5UMDsstuC6VlgevKoVuKfRS39u7Bf9ZYQm1ugYkzuimO
h/0L9yP6Tj2tJdqllzVYMNqpI4+ro/MZ0WdLGlvhL/DeA7DyLkqmahtDDtK6mson
IDwbjNnc/sCdfa2EznMcYDVLZRz+Qd5ztXmdIUvhVie9b4S/j08LzTCg0LicZqHU
n+8qyLrLzHKnHna+IIAKaMvABU69EG7ngC+chQPrEOxnNLueKaK3VT8jFABrAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQU80aAPWis341rNMJ1wyQsdCCJ5N4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0NjU3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhOV
AAB6AwcAKhOVAADeMA0GCSqGSIb3DQEBCwUAA4IBAQBW66LzrNmwfOtJBmocqQ/5
9H8GNdJz/fogjUD5a2JHk+PVl2jHWTifnteRJ6j4sIBLzjNyFLpwRL0Zgn37viS0
NNp1GmJGrt19PVRr4x481XEGIu2/fOhp+KZQJD9IIoy4tCLacr2BLH198KVgDeZV
vydvd4gnE5jBP5pfFx3g5d4IyMCu8DGHSnJuVJsbB6QAIGxbPi4vmBHIDY0eRKCb
DPzayyzlyP1lsEIMHMaWhLouqC2YrN2tzLq1342MzP5TmAhB88FaSk68zZQrvDLz
6nH1/5Hehmp9O9bJ6X+sGhVzKMVC/2Nw1hTLFYvLxr98+oZoYOYhCI5E2n0n4ECZ
-----END CERTIFICATE-----