Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214834.roa
File:                     AS214834.roa (raw, json)
Hash identifier:          g87Rv9k8sCCNcsHraQ/gkuqLaHBoxrCKaM0rUmG7Ap0=
Subject key identifier:   2B:D0:1A:68:8B:B2:D1:AF:19:7F:A2:01:CD:B1:17:B4:B8:00:21:E2
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       1E1A386E682A2BE75DE77B2591068AE6F2F234C3
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214834.roa
Signing time:             Fri 20 Jun 2025 16:25:05 +0000
ROA not before:           Fri 20 Jun 2025 16:20:05 +0000
ROA not after:            Fri 19 Jun 2026 16:25:05 +0000
asID:                     214834
IP address blocks:        2a13:9500:63::/48 maxlen: 48
                          2a13:9500:96::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 11:27:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:1a:38:6e:68:2a:2b:e7:5d:e7:7b:25:91:06:8a:e6:f2:f2:34:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 20 16:20:05 2025 GMT
            Not After : Jun 19 16:25:05 2026 GMT
        Subject: CN=2BD01A688BB2D1AF197FA201CDB117B4B80021E2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:0c:6f:22:20:80:ef:cd:59:e6:cc:81:a7:f4:
                    cc:c4:88:a0:c4:be:70:66:ca:f8:bf:80:f6:e1:7e:
                    7f:9f:46:c6:34:3f:d2:61:04:35:5e:19:1f:ea:ed:
                    f4:2c:14:bf:31:af:00:eb:4e:01:62:08:4c:19:54:
                    fb:16:33:32:66:1a:79:99:35:8e:74:22:8a:30:53:
                    c3:35:1f:61:a4:67:ec:2e:b1:e0:8a:f0:2f:53:63:
                    b6:d5:57:65:af:c2:45:cd:2c:a8:79:4a:10:22:e0:
                    71:b9:6b:3d:71:e8:9d:40:de:26:a5:a6:ef:bf:1c:
                    6c:4b:6b:49:58:83:33:fc:8c:57:88:06:91:2d:03:
                    ab:5c:cc:e3:76:a6:3a:47:92:3e:52:bc:36:fd:a4:
                    0c:b3:ab:8d:0e:5e:7e:3f:1f:3d:d0:7f:9c:8c:6b:
                    ca:d4:cf:7b:c9:24:6a:47:ef:b0:f4:7b:5d:d8:ae:
                    6b:2c:73:b8:ca:71:41:8e:64:dc:0f:bf:3f:90:ce:
                    52:6b:59:90:9e:b9:39:4c:08:46:b4:3d:e1:dc:35:
                    17:15:6b:80:97:d7:e3:4c:6a:92:0b:85:67:02:9e:
                    b2:7d:a1:38:27:56:1d:63:65:c2:61:dd:cb:0e:38:
                    34:f1:8e:e0:43:7f:ef:0b:57:f9:e3:95:be:f8:7c:
                    7c:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:D0:1A:68:8B:B2:D1:AF:19:7F:A2:01:CD:B1:17:B4:B8:00:21:E2
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:63::/48
                  2a13:9500:96::/48

    Signature Algorithm: sha256WithRSAEncryption
         41:53:78:ac:95:37:1c:82:cc:d4:f8:4e:a0:ba:6c:ac:04:d6:
         f9:a4:59:62:74:18:9f:70:84:db:a8:6e:d1:8c:62:f0:54:71:
         c5:f9:52:6e:3e:91:eb:97:f3:93:4a:c6:ba:4b:2f:c9:b7:5b:
         25:1d:0c:c7:47:b4:24:79:02:62:94:14:7c:f5:18:88:e4:48:
         2a:dd:9b:09:c5:3f:fb:be:d4:87:28:2a:39:17:11:6e:8a:ca:
         95:1f:aa:24:4f:da:8e:82:19:3d:a1:ad:42:7c:8f:08:26:59:
         18:bb:e7:7c:8d:d2:a6:8a:37:30:a2:bf:f4:d2:3e:b3:04:8e:
         b1:e0:94:4e:d5:30:36:1c:f5:8a:13:99:5c:6e:41:25:76:de:
         ac:b2:26:9c:68:c9:fa:59:6c:06:51:62:bf:dd:1c:3b:a2:37:
         18:e0:d3:1d:79:88:87:31:16:fe:03:06:15:4a:b8:67:90:cc:
         db:8c:d5:4a:a6:70:14:f6:6d:78:e8:ee:e4:73:1d:05:74:76:
         ce:63:1f:22:29:4e:55:23:dd:26:4a:bb:71:42:4e:f1:0d:c0:
         fb:89:36:e1:9b:c0:05:94:bd:c6:3b:09:e6:da:44:64:06:02:
         1d:b8:ae:f6:6d:66:0d:3f:24:78:c6:07:74:69:66:3a:9f:46:
         6e:d8:1f:bb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUHho4bmgqK+dd53slkQaK5vLyNMMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MjAxNjIwMDVaFw0yNjA2MTkxNjI1MDVaMDMxMTAvBgNV
BAMTKDJCRDAxQTY4OEJCMkQxQUYxOTdGQTIwMUNEQjExN0I0QjgwMDIxRTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfDG8iIIDvzVnmzIGn9MzEiKDE
vnBmyvi/gPbhfn+fRsY0P9JhBDVeGR/q7fQsFL8xrwDrTgFiCEwZVPsWMzJmGnmZ
NY50IoowU8M1H2GkZ+wuseCK8C9TY7bVV2WvwkXNLKh5ShAi4HG5az1x6J1A3ial
pu+/HGxLa0lYgzP8jFeIBpEtA6tczON2pjpHkj5SvDb9pAyzq40OXn4/Hz3Qf5yM
a8rUz3vJJGpH77D0e13Yrmssc7jKcUGOZNwPvz+QzlJrWZCeuTlMCEa0PeHcNRcV
a4CX1+NMapILhWcCnrJ9oTgnVh1jZcJh3csOODTxjuBDf+8LV/njlb74fHx3AgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUK9AaaIuy0a8Zf6IBzbEXtLgAIeIwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0ODM0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhOV
AABjAwcAKhOVAACWMA0GCSqGSIb3DQEBCwUAA4IBAQBBU3islTccgszU+E6gumys
BNb5pFlidBifcITbqG7RjGLwVHHF+VJuPpHrl/OTSsa6Sy/Jt1slHQzHR7QkeQJi
lBR89RiI5Egq3ZsJxT/7vtSHKCo5FxFuisqVH6okT9qOghk9oa1CfI8IJlkYu+d8
jdKmijcwor/00j6zBI6x4JRO1TA2HPWKE5lcbkEldt6ssiacaMn6WWwGUWK/3Rw7
ojcY4NMdeYiHMRb+AwYVSrhnkMzbjNVKpnAU9m146O7kcx0FdHbOYx8iKU5VI90m
SrtxQk7xDcD7iTbhm8AFlL3GOwnm2kRkBgIduK72bWYNPyR4xgd0aWY6n0Zu2B+7
-----END CERTIFICATE-----