Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214762.roa
File:                     AS214762.roa (raw, json)
Hash identifier:          YxnX0qbFOaJ5s37KUDpjOzAiIQxSYBasYSCApiqw8ks=
Subject key identifier:   0C:D1:E3:29:C3:86:CB:B2:6E:88:24:CC:06:F2:24:31:23:D9:AC:30
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       7B1C978B95873E8A0E73E07E8CED0105AB235F72
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214762.roa
Signing time:             Tue 21 Apr 2026 13:47:05 +0000
ROA not before:           Tue 21 Apr 2026 13:42:05 +0000
ROA not after:            Tue 20 Apr 2027 13:47:05 +0000
asID:                     214762
IP address blocks:        2a13:9500:53::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:1c:97:8b:95:87:3e:8a:0e:73:e0:7e:8c:ed:01:05:ab:23:5f:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 21 13:42:05 2026 GMT
            Not After : Apr 20 13:47:05 2027 GMT
        Subject: CN=0CD1E329C386CBB26E8824CC06F2243123D9AC30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:12:70:d0:96:ef:1e:23:bf:76:72:39:4f:81:
                    5a:86:b6:86:29:fe:08:34:3c:ed:cc:81:6d:81:26:
                    b2:63:93:b8:8b:b5:31:e7:68:b9:84:59:a7:dd:18:
                    ab:82:d2:c8:f1:d1:d2:f1:f9:21:84:41:5a:f7:d1:
                    6a:5d:19:a8:15:1f:b4:0b:5c:65:03:2e:76:b9:aa:
                    64:3c:4b:bb:90:12:bd:0c:b7:79:be:33:80:dc:bf:
                    d7:7c:18:0b:b6:cd:e0:40:91:8d:e9:17:55:25:e4:
                    d0:80:32:5c:dc:5c:70:7d:26:14:94:49:d1:02:e4:
                    95:99:0f:11:a9:d9:48:64:e8:35:79:26:7c:76:59:
                    97:03:76:f4:22:9d:f9:b3:89:96:3f:e7:87:10:76:
                    08:1a:25:b6:4a:84:13:48:23:06:2c:10:06:cc:3d:
                    d7:d0:6a:94:b9:fd:f3:98:ef:8b:c7:7c:06:44:2c:
                    ec:2b:60:b5:b9:4c:e5:db:fd:d2:37:3f:d3:da:0d:
                    d3:b8:0b:21:d3:a1:67:ac:4f:e0:cf:a7:ca:39:3b:
                    26:1d:13:50:80:4f:21:46:cb:b0:52:aa:89:dc:29:
                    fb:dd:0f:8d:59:21:14:94:d6:49:c9:25:aa:e4:fd:
                    0b:6b:20:65:87:c7:eb:d8:ad:0c:13:8f:b6:54:14:
                    8b:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:D1:E3:29:C3:86:CB:B2:6E:88:24:CC:06:F2:24:31:23:D9:AC:30
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214762.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:53::/48

    Signature Algorithm: sha256WithRSAEncryption
         83:59:84:fe:e0:f6:4e:b6:ff:7f:d8:30:c5:b2:48:e1:b1:49:
         99:f8:39:1f:83:a9:11:0d:e4:29:92:9a:0e:cd:9d:a8:e4:05:
         eb:ef:33:b7:d6:83:f7:b0:c1:20:a2:49:d9:a6:fb:54:2e:5b:
         b9:16:9e:5c:3f:f8:73:44:d7:85:d5:0a:f4:9a:ab:26:5b:22:
         a1:a2:9d:df:67:9c:6d:7a:4d:d7:7b:26:00:fb:2d:7a:38:7d:
         08:35:01:02:06:e9:20:16:19:7e:59:fb:f5:71:49:9c:0e:f8:
         0a:7a:0e:76:a4:ad:53:a0:44:3b:1e:1b:1c:d1:9b:9f:e6:98:
         88:97:d3:7a:09:37:d9:09:a3:f5:d9:28:34:e6:dc:b3:26:a6:
         fe:71:8e:70:ac:88:50:08:6d:1a:fe:41:7d:fb:88:c0:e1:56:
         c9:33:f7:b2:52:99:97:ff:c4:cf:65:79:a0:6c:85:c8:41:18:
         08:ea:30:56:ce:72:97:e7:a1:50:21:3e:3c:d3:03:ac:b1:8d:
         41:38:08:24:c8:e8:5b:3c:5c:4a:85:a7:0b:1c:58:56:3f:14:
         48:09:09:d4:4f:23:f2:8a:98:b5:47:ea:4f:0c:27:8c:2f:a5:
         c6:b7:4e:9b:ee:35:33:cd:6e:c2:8a:48:27:61:f2:5e:0a:56:
         a8:91:a8:f5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUexyXi5WHPooOc+B+jO0BBasjX3IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MjExMzQyMDVaFw0yNzA0MjAxMzQ3MDVaMDMxMTAvBgNV
BAMTKDBDRDFFMzI5QzM4NkNCQjI2RTg4MjRDQzA2RjIyNDMxMjNEOUFDMzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvEnDQlu8eI792cjlPgVqGtoYp
/gg0PO3MgW2BJrJjk7iLtTHnaLmEWafdGKuC0sjx0dLx+SGEQVr30WpdGagVH7QL
XGUDLna5qmQ8S7uQEr0Mt3m+M4Dcv9d8GAu2zeBAkY3pF1Ul5NCAMlzcXHB9JhSU
SdEC5JWZDxGp2Uhk6DV5Jnx2WZcDdvQinfmziZY/54cQdggaJbZKhBNIIwYsEAbM
PdfQapS5/fOY74vHfAZELOwrYLW5TOXb/dI3P9PaDdO4CyHToWesT+DPp8o5OyYd
E1CATyFGy7BSqoncKfvdD41ZIRSU1knJJark/QtrIGWHx+vYrQwTj7ZUFIuNAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUDNHjKcOGy7JuiCTMBvIkMSPZrDAwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0NzYyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AABTMA0GCSqGSIb3DQEBCwUAA4IBAQCDWYT+4PZOtv9/2DDFskjhsUmZ+Dkfg6kR
DeQpkpoOzZ2o5AXr7zO31oP3sMEgoknZpvtULlu5Fp5cP/hzRNeF1Qr0mqsmWyKh
op3fZ5xtek3XeyYA+y16OH0INQECBukgFhl+Wfv1cUmcDvgKeg52pK1ToEQ7Hhsc
0Zuf5piIl9N6CTfZCaP12Sg05tyzJqb+cY5wrIhQCG0a/kF9+4jA4VbJM/eyUpmX
/8TPZXmgbIXIQRgI6jBWznKX56FQIT480wOssY1BOAgkyOhbPFxKhacLHFhWPxRI
CQnUTyPyipi1R+pPDCeML6XGt06b7jUzzW7CikgnYfJeClaokaj1
-----END CERTIFICATE-----